For more details check this article: Trending Issue: SharePoint fixes fail to install after installation of September 2025 CU
The product group released the October 2025 Cumulative Update for SharePoint Server Subscription Edition.
Monthly SharePoint Server Subscription edition updates are released as a single unified “uber” package containing both the language independent and language dependent fixes. Language independent and language dependent fixes will no longer be released separately. This is similar to the full server packages released for SharePoint 2013.
The KB article for October 2025 CU will be available at the following location in a couple of hours:
- KB 5002786 – October 2025 Update for SharePoint Server Subscription Edition
This is also a security update!
The download for October 2025 CU is available through the following link:
It is irrelevant which language you pick on the drop down in download center. It will always download the same package.
After installing the fix you need to run the SharePoint Products Configuration Wizard on each machine in the farm. If you prefer to run the command line version psconfig.exe ensure to have a look here for the correct options.
Please ensure to have a look at the SharePoint Patching Best Practices before applying new fixes.
SharePoint Server Subscription Edition October 2025 CU Build Number: 16.0.19127.20262
Important: To minimize the installation time for SharePoint Server Subscription Edition Fixes, please follow the guidance in the following article: Solving the extended install time for SPSE CUs
Related Links:
- Learn: 25H1 Feature Update for SharePoint Server Subscription Edition
- Learn: Updated Product Servicing Policy for SharePoint Server Subscription Edition
- Learn: FAQs for SharePoint Server Subscription Edition product servicing policy
- Blog: SharePoint Patching Best Practices
- Blog: SharePoint Patching demystified
- Blog: Why I prefer PSCONFIGUI.EXE over PSCONFIG.EXE
- Technet: Update Center for Microsoft Office, Office Servers, and Related Products
- Blog: SharePoint Server 2016 Zero-Downtime Patching Demystified (applies also to SharePoint Server 2019)
- Blog: SharePoint does not have a build version. Full Stop.
- Blog: Solving the extended install time for SPSE CUs
Permalink
After applying the October 2025 Cumulative Update, the SYSTEM account is automatically re-added to the WSS_WPG group. Interestingly, upon re-evaluating the SharePoint Health Analyzer’s warning “Verify various user groups don’t have elevated permissions” it no longer appears – even though SYSTEM remains a member of WSS_WPG.
All services and web applications are configured to use managed accounts, as confirmed via the FarmCredentialManagement.aspx page.
Permalink
The CU was correctly applied, yet in patch and installation status, there is no trace of this build: 16.0.19127.20262
Is this normal ?
Permalink
Hi Alex,
did you run the SharePoint configuration wizard?
Cheers,
Stefan
Permalink
Of course I did. Even twice.
Permalink
Hi Alex,
please check in control panel – installed updates. Do you see the correct version number listed there and the install date when you applied the update?
Cheers,
Stefan
Permalink
OK, just figured out that your script (https://github.com/stefangossner/Install-SPSE_Fix/blob/main/Install-SPSE_Fix.ps1) does not handle any installer errors.
If I look in the logs, the install fails with the following errors:
10/16/2025 16:40:22.237 [19992]: Assembly Install: Failing with hr=80070005 at RemoveDirectoryAndChildren, line 393
10/16/2025 16:40:22.237 [19992]: Detailed info about C:\Windows\assembly\temp\9LFX3XCIC0\microsoft.ceres.contentengine.recordcache.dll
10/16/2025 16:40:22.237 [19992]: File attributes: 00000080
10/16/2025 16:40:22.377 [19992]: Restart Manager Info: 4 entries
10/16/2025 16:40:22.377 [19992]: App[0]: (5364) IIS Worker Process (), type = 5
10/16/2025 16:40:22.377 [19992]: App[1]: (3552) IIS Worker Process (), type = 5
10/16/2025 16:40:22.377 [19992]: App[2]: (8792) IIS Worker Process (), type = 5
10/16/2025 16:40:22.377 [19992]: App[3]: (7984) IIS Worker Process (), type = 5
10/16/2025 16:40:22.377 [19992]: Security info:
10/16/2025 16:40:22.377 [19992]: Owner: S-1-5-18
10/16/2025 16:40:22.377 [19992]: Group: S-1-5-18
10/16/2025 16:40:22.377 [19992]: DACL information: 5 entries:
10/16/2025 16:40:22.377 [19992]: ACE[0]: Type = 0x00, Flags = 010, Mask = 001f01ff, SID = S-1-5-32-544
10/16/2025 16:40:22.377 [19992]: ACE[1]: Type = 0x00, Flags = 010, Mask = 001f01ff, SID = S-1-5-18
10/16/2025 16:40:22.377 [19992]: ACE[2]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-5-32-545
10/16/2025 16:40:22.393 [19992]: ACE[3]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-15-2-1
10/16/2025 16:40:22.393 [19992]: ACE[4]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-15-2-2
10/16/2025 16:40:22.393 [19992]: Assembly Install: Failing with hr=80070005 at RemoveDirectoryAndChildren, line 393
10/16/2025 16:40:22.393 [19992]: Detailed info about C:\Windows\assembly\temp\9NMYAPTAO4\Microsoft.Extensions.DependencyInjection.dll
Permalink
Hi Alex,
you are right that my script does not handle errors. Definitely something I need to look into when I have time.
Btw, this “error” does not cause the installer to fail. It is retried a couple of times and then it continues – this will cause extended installation time.
And this is the weirdest part: the message indicates that 4 IIS worker processes are running which block the assembly update as the keep the file in use. And my script stops the w3svc service from IIS.
So there should not be any IIS Worker Processes running…
It looks something restarted the w3svc – or stopping the service failed – which I haven’t seen either.
Cheers,
Stefan
Permalink
I ran into the same issue on my 8 server SE farm. Make sure the Farm account is not in the Local Administrators group, Make sure the Local Service and Local System are not in the WSS_WPG group before running the binary installer.
Permalink
Thanks a lot Stephen! That did the trick.
Permalink
October CU apparently fixed issue with .vsd crawl-ing, introduced with September CU. Thanks!
Cheers,
Permalink
👍
Permalink
Hi Stefan,
after installing Oct 2025 CU on a Windows 2025 the SharePoint admin service (wssadmin.exe) do not start. I have tried fix from https://learn.microsoft.com/en-us/answers/questions/5556549/sharepoint-subscription-edition-psconfig-fails but it did not help. Do you have any solution?
Cheers,
Permalink
Hi Rune,
yes – the instructions seem to be a replica from me blog post:
https://blog.stefan-gossner.com/2025/09/16/trending-issue-sptimerv4-fails-to-start-on-windows-server-2025-after-installing-september-2025-cu/
Please check the Eventlog – there should be details about why SPAdminV4 is failing to start.
Cheers,
Stefan
Permalink
Unfortunately, new issues have emerged with Visio iFilter handling .vsdx files. While earlier problems with .vsd files appear to be resolved, .vsdx crawling has become unreliable in recent build.
In testing, a full crawl of a document library containing a single .vsdx test file succeeded only 4 out of 10 times. When multiple copies of the same file were added to the library, the success rate dropped to roughly 1 in 10.
Even more concerning, it takes approximately four incremental crawls just to reduce the number of uncrawled .vsdx documents by one, from the nine remaining after the initial full crawl.
This behavior was observed on two farms running the October 2025 Cumulative Update, with Visio iFilter version 16.0.19127.20262.
Permalink
Error message contains: Processing this item failed because of a IFilter parser error. ( Error parsing document ssic://[ItemId]. Error initializing IFilter for extension ‘.vsdx’ (Error code is 0x80004005). The function encountered an unknown error…..)
Permalink
Hi Atis,
my recommendation would be to open a ticket with Microsoft to ensure this is investigated.
Cheers,
Stefan
Permalink
Hi,
For your information, I’ve developed a script that automates the installation of cumulative updates, runs the content database upgrade in four threads, executes SPConfig.exe on each SharePoint server, and finally configures the side-by-side token.
This script was inspired by Stefan and some great articles about SharePoint updates.
Please test it and share your feedback.
https://github.com/luigilink/SPSUpdate
Take care !
LuigiLink
Permalink
The file name is PSConfig.exe
Permalink
Does anyone have info and a positive report on doing the Oct CU in the case where they skipped and did not do the Sept CU after hearing it had issues?
Permalink
I have successfully upgraded farms from February, August and September CU
Permalink
Hi Stefan,
In SPSE, installation of package is failing. Unable to install the Oct. 2025 patch in SPSE and SP 2016 SharePoint farm. I have removed the NT Authority\system account from WSS_WPG and IIS_IUSRS local security groups of the SharePoint machines. But still same issue.
Could you please guide me on this.
Thanks.
Permalink
Hi Ganesh,
check the msp installer log and search for “– Error” in the file.
That should give you the actual error why the installation failed.
If you need further assistance to get this resolved, please open a ticket with Microsoft Support.
Cheers,
Stefan
Permalink
We have been running SP servers with the farm account as a local admin for quite some time. I attempted to remove it but found that search began to fail. I was not able to come to a root cause of the failure so I revert the permissions back.
Because of the issues with the Sept patch, I skipped it.
I would like to test using the installation account to install the binaries and run PSConfigUI.exe. This account has local admin.
Will the October patch installation fail if the farm account is a local admin?
Also, secondly, must the patch level of SharePoint Workflow farm be at the latest patch, or can it be latest patch-1 in order to have a successful patch?
Thank you.
Permalink
Hi Tom,
no it will not – but for security reason the farm account should really be a low priviledge account.
If you cannot identify the root cause yourself you might want to open a ticket with Microsoft support to identify why the farm service account has to be a local admin in your scenario.
My assumption is that the farm service account is used for additional purposes in your farm. It should only be used to as account for OWSTIMER.EXE and the application pool account of the central admin.
All additional services and service applications should use a different account
Cheers,
Stefan
Permalink
I have an SP SE install with the september patch, I tried installing it overnight but the patch never progressed. I cancelled it, I noticed that “NT Authority\System” is in WSS_WGP, so I removed it and now it says “The installation of this package failed”. Do you have any idea why this may be?
Permalink
Hi Daniel,
please check the uber…msp file in the %localappdata%\temp directory and search for “– Error” in the file.
In most cases the reason why the installation failed can be seen here.
Cheers,
Stefan
Permalink
Thanks Stefan.
The only error messages I think that may be relevant are lines like:
[1520]: Assembly Install: Failing with hr=80070005 at RemoveDirectoryAndChildren, line 39
[1520]: Assembly Install: Failing with hr=80070005 at RemoveDirectoryAndChildren, line 393
[1520]: Assembly Install: Failing with hr=80070020 at RemoveDirectoryAndChildren, line 393
[1520]: Assembly Install: Failing with hr=800700b7 at FusionMoveDirectory, line 3199
[1520]: Assembly Install: Failing with hr=800700b7 at FusionMoveDirectory, line 3200
[15688]: Assembly Install: Failing with hr=80070005 at RemoveDirectoryAndChildren, line 393
[15688]: Assembly Install: Failing with hr=800700b7 at FusionMoveDirectory, line 3199
[15688]: Assembly Install: Failing with hr=800700b7 at FusionMoveDirectory, line 3200
I got it to work after about three more attempts (the successful attempt took about 3 hours to run), I also got an error message with the Wizard afterwards:
“An exception of type Microsoft.SharePoint.PostSetupConfiguration.PostSetupConfigurationTaskException was thrown. Additional exception information:
Number of user defined objects dropped incorrectly = ‘2554’ (EventID:ajyyy)
User Defined Object [proc_GetVersion] Modified (EventID:ajyyz)”
However, running PSConfig instead worked fine, so I think everything’s working as expected now.
Permalink
Hi Daniel,
these messages do not hurt. They just delay he installation.
The second message about user defined objects dropped incorrectly is more concerning.
But running PSConfig with all parameters should ensure that everything is fine.
Cheers,
Stefan
Permalink
Does by any chance someone else experience that you can’t add new lines (e.g. enumeration , hit ‘enter’) to text webparts anymore which contain at least one link? Its reproducible across different sites and farms.
Permalink
Anyone experiencing error with Secure Store after installing October 2025 CU?
Exception from code like
Microsoft.Office.SecureStoreService.Server.SecureStoreServiceException: “Unable to decrypt the credentials.”
or
Decrypt Failed:System.Security.Cryptography.CryptographicException: Padding is invalid and cannot be removed.
As well as issues when editing existing Secure Store Target Applications (UI):
“Group claim validation failed.”
Editing freshly added new Target Application works correctly.
Does this update changes some cyphers? Cryptographic algorithms? What are the possible resolutions now?
Permalink
Hi Kamil,
you are running into this known issue:
https://blog.stefan-gossner.com/2025/09/25/trending-issue-group-claim-validation-fails-in-spse-when-editing-a-secure-store-target-application-after-september-2025-cu/
Cheers,
Stefan
Permalink
Thank you that must be it. I didn’t see the note in September CU that “To enhance security the encryption algorithm used by the secure store service to save credentials has been update to a more secure version.
As a side effect credentials stored with the old algorithm can no longer be decrypted.”
So as a consequence any CU afterwards will introduce that upgraded ciphers, right?
Permalink
Yes, thats correct.
Permalink
Dear all, does anybody else have a high CPU usage for the two processes IIS Worker and Antimalware after the October on SharePoint SE Web Servers? In our farm (2xAPP,2xOOS,2xWFE,1xSQL) we have 100% CPU on the WFE caused by these two processes together (ca. 2/3 IIS vs. 1/3 Antimalware).
Permalink
Hi Matthias,
sounds as if your AV solution has a very expensive implementation for AMSI.
If you enabled Full Body Scan in AMSI I would recommend to disable it as this can be a really an expensive operation. AMSI without Full Body Scan should not have a significant foot print (assuming the AV solution is properly implemented) as it does only have to scan Url and HttpHeaders which is usually around 1-2 KB.
Cheers,
Stefan
Permalink
Hi Stefan,
since I installed the update we have troubles with the text-webpart. If I add a new text-webpart on a page I cannot insert text. To edit an existing text-webpart is no problem. I think there might be a problem with the new feature that came with September update (we didnt install that update).
Regards,
Martina
Permalink
Hello Stefan;
I’ve applied the October 2025 CU for SPSE two days ago;
I encounter random IIS application pool crashes since. ErrorID is 5011 – WAS
“A process serving application pool ‘***’ suffered a fatal communication error with the Windows Process Activation Service. The process id was ‘9732’. The data field contains the error number.”
Following the troubleshooting coming from https://learn.microsoft.com/en-us/troubleshoot/developer/webapps/iis/site-behavior-performance/process-termination-crash#windows-error-reporting
I retrieve the application error corresponding :
“Faulting application name: w3wp.exe, version: 10.0.20348.1, time stamp: 0x405e4c14
Faulting module name: KERNELBASE.dll, version: 10.0.20348.4294, time stamp: 0x73e9e45d
Exception code: 0xe0434352
Fault offset: 0x000000000003f33c
Faulting process id: 0xd90
Faulting application start time: 0x01dc65d064051b2e
Faulting application path: c:\windows\system32\inetsrv\w3wp.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 70a0b46e-ac4b-404d-a43e-387d282f0654
Faulting package full name:
Faulting package-relative application ID: ”
looking at the docs it says :
0xe0434352 This code indicates an unhandled second chance Common Language Runtime (CLR) exception. It means that a .NET exception occurred somewhere in the application’s code.
If you encounter the exception, look for any events from the source .NET Runtime and with ID 1026.
If you find any events from the .NET Runtime source, take note of the details in the General tab of the event, the Description, and the Exception Info fields (the latter holds both the exception and a call stack).
I don’t have eventID 1026
I followed the procedure by using procdump and debug diag; and retrieved the dumps; now to analyse them is an other story; I just can’t find what’s going wrong with the update; PSCONFIG have peen passed on both the 10 servers on each farm without errors nor warnings.
Are you aware of this kind of issue? the customer is like really not happy with this; and I’m kinda taking the fire right now;
best Regards, Marco
Permalink
Hi Marco,
this is a very generic .NET error and without more details it is not possible to troubleshoot it.
My recommendation would be to open a support case with Microsoft to get this analyzed.
Cheers,
Stefan
Permalink
Hello Stefan, and thanks for your answer;
I had the support today; I have generated the dumps of the Application Pool Worker process with ProcDump and sent it; it’s actually analyzed
Wished to share here the different types of 1000 ErrorID on the Application section of the event viewer on web servers I’m encountering to clarify :
Faulting Module Name : KERNELBASE.dll, version: 10.0.20348.4294, time stamp: 0x73e9e45d
Exception code : 0xc06d007e
Faulting Module Name : owssvr.dll, version: 16.0.19127.20262, time stamp: 0x68cd4aeb
Exception code : 0xc0000409
Faulting Module Name : KERNELBASE.dll, version: 10.0.20348.4294, time stamp: 0x73e9e45d
Exception code : 0xe0434352
Faulting Module Name : ntdll.dll, version: 10.0.20348.4294, time stamp: 0x4cdc53dc
Exception code : 0xc0000374
In parallel to this; to mitigate the issue; I’ve wrote a small oneLiner that is triggered as a scheduled task if an 5002 WAS ErrorID is raised by the event viewer :
$pool = Get-IISAppPool | ? {$_.Name -eq $appPoolName}
if ($pool.State -eq ‘Stopped’) {
$pool.Start()
}
with $appPoolName the name of the pools that crashes
This is rudimentary; but any time a 5002 ErrorID is raised, the script is triggered and restart the pool so at least there is some kind of service continuity; this task is set on each of the Web Servers of each farm; Web Servers are load balanced;
In addition; I’ve set the request body scan configuration to off on both farm on each of the Web Application; it seems to lower the load on the application pool and avoid it to crash; I’ve also ran Test-DefenderAndAMSIWorkProperly on one of the app server, AMSI and Windows Defernder seems to be healthy;
I still encounter a lot of 5011 Warnings that seems to be triggered by the crawler;
I would like to know if this issue is going to be officially flagged as a known issue or trending issue;
Have a nice day, Marco
Permalink
We are observing exactly the same issue being triggered by Search Crawls and we have opened a Microsoft Support Case.
Permalink
Hi Stefan,
since I installed the update in the farm (5 frond end server, 1 application with CA server , 2 application with search servers and 2 Distributed Cache servers ). The Pools app keeps crashing. I am receiving an event error related to the Pools Application: Faulting application name: w3wp.exe, version: 10.0.17763.1, time stamp: 0xcfd13d8
Faulting module name: KERNELBASE.dll, version: 10.0.17763.7553, time stamp: 0x296284f5
Exception code: 0xc06d007e
Fault offset: 0x0000000000041b39
Faulting process id: 0x405c
Faulting application start time: 0x01dc668ba0ea6b46
Faulting application path: c:\windows\system32\inetsrv\w3wp.exe
Permalink
Hi Jesus,
0xc06d007e is a very generic software exception. My recommendation would be to open a support case with Microsoft to get this analyzed.
Cheers,
Stefan
Permalink
Hi Marco,
the 0xc0000409 error is a known issue which is currently being investigated by our product group and requires a fix.
Not sure if the others are related or not – I did not get them in my repro environment. So it might be that you are running into more than one issue here.
Cheers,
Stefan