SharePoint Server 2025 CU for SharePoint Server 2016, 2019 and Subscription Edition includes security hardening for SharePoint Server 2013 workflows which enforces the most recent SharePoint Workflow Manager updates to be installed on SPWFM.
As a side effect this also prevents classic workflow manager workflows from running as this version does not comply with this new security requirement.
Reference:
Solution:
October 2025 CU for SharePoint Server 2016, 2019 and Subscription Edition includes a fix for this issue:
- SP2016: October 2025 CU for SharePoint Server 2016
- SP2019: October 2025 CU for SharePoint Server 2019
- SPSE: October 2025 CU for SharePoint Server Subscription Edition
To activate the solution after installing October CU it is required to run the following PowerShell script to
$farm = Get-SPFarm $farm.ServerDebugFlags.Add(53601) # Enable support for Classic Workflow Manager $farm.update()
After the change has been applied, the IIS and SharePoint Timer Service need to be restarted.
Permalink
The OCT25 Updates for SharePoint Server 2016 (KB 5002787 and KB 5002788) are failing on Windows Server 2019 Datacenter (1809) with a 1603 error.
–KB5002787–
MsiInstaller Event ID 1023:
Product: Microsoft SharePoint Foundation 2016 1033 Lang Pack – Update ‘Security Update for Microsoft SharePoint Enterprise Server 2016 (KB5002787) 64-Bit Edition’ could not be installed. Error code 1603. Additional information is available in the log file %USERPROFILE%\AppData\Local\Temp\wssmui-en-us_MSPLOG.LOG.
MsiInstaller Event ID 11310:
Product: Microsoft SharePoint Foundation 2016 1033 Lang Pack — Error 1310. Error writing to file: C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\TEMPLATE\LAYOUTS\1033\AVREPORT.HTM. System error 0. Verify that you have access to that directory.
—I do have access to that directory, but the file referenced above (AVREPORT.HTM) doesn’t exist.
–KB5002788–
SharePoint Foundation Event ID 5586:
Unknown SQL Exception 2812 occurred. Additional error information from SQL Server is included below.
Could not find stored procedure ‘dbo.Search_GetRecentStats’.
SharePoint Foundation Event ID 6398:
The Execute method of job definition Microsoft.Office.Server.Search.Monitoring.HealthStatUpdateJobDefinition (ID e40dd882-7610-485f-bc65-6f41e85c476a) threw an exception. More information is included below.
Could not find stored procedure ‘dbo.Search_GetRecentStats’.. (Correlation=c16ecfa1-3d99-704c-104f-7528bb0c042c)
Permalink
Hi David,
this is not a problem with October CU – but with September CU.
You need to remove NT AUTORITY\system from the WSS_WPG and IIS_IUSRS group security groups of the server.
See here for details:
https://blog.stefan-gossner.com/2025/09/11/trending-issue-sharepoint-fixes-fail-to-install-after-installation-of-september-2025-cu/
Cheers,
Stefan
Permalink
Thanks Stefan! I actually found that article a few minutes after I posted the original comment above but I couldn’t find my own comment once I posted it in order to remove it.
Permalink
Hi Stefan,
Hope you’re doing great! 😊
We’ve successfully installed the October 2025 CU in our lab environment for SharePoint Server Subscription Edition. Our Workflow Manager servers, however, are still running the August 2025 updates.
Could you please confirm whether it’s necessary to install the October 2025 updates on the Workflow Manager servers as well to ensure compatibility and resolve known issues (e.g., the System.Memory.dll issue and workflow failures)?
Appreciate your guidance!
Thanks
Chandu
Permalink
Hi Chandu,
not to ensure compatibility – but to resolve the known issues.
Cheers,
Stefan
Permalink
Is the powershell script also necessary when September CU was not installed?
Permalink
Hi Stef,
It does not matter if September CU was installed before or not as all SharePoint Fixes are cumulative.
To enable support for Classic Workflow Manager starting with October 2025 CU requires this ServerDebugFlag.
Cheers,
Stefan
Permalink
I had installed the Sept CU for SP 2016 and was running classic Workflow Manager. In our QA environment I attempted to update to SharePoint Workflow manager. I was not successful, so went to just a Disaster recovery attempt. I feel like I’ve done everything right, I’ve re-registered several times, I’m now running the October CU for SPWFM including the updated client, get-spfarm, get-sbbus, get-spfarmstatus, etc all return expected results. From my WFE I can browse to the SPWFM URL:12290/sharepoint, and it comes up and looks right. But SPD shows 2013 not installed. After installing the SPWFM client on all SP servers, is there anything else I need to do on the servers.
Permalink
Hi Paul,
I think it would be best to open a ticket with Microsoft support get this investigated.
Cheers,
Stefan
Permalink
Replying to myself. Please ignore my comments, I forgot to add the 2013 workflow service back to my Web App. All is good
Permalink
Hi,
Since I installed the WFM September update in our test environment, our workflows have stopped working.
In the meantime, I have also installed the WFM October update. Both updates installed without any issues or error messages but the workflow’s won’t start.
Since the WFM September update, our logs have been filling up with the following messages:
TrackingId: a2bd4d4c-0f66-437c-9828-d96380e98ae1, SubsystemId: NoSystemTracker, Failed to find container 1. Exception = System.ArgumentException: Keyword not supported: ‘asynchronous processing’.
Server stack trace:
at Microsoft.Data.SqlClient.SqlConnectionStringBuilder.GetIndex(String keyword)
at Microsoft.Data.SqlClient.SqlConnectionStringBuilder.set_Item(String keyword, Object value)
at System.Data.Common.DbConnectionStringBuilder.set_ConnectionString(String value)
at Microsoft.Data.SqlClient.SqlConnectionStringBuilder..ctor(String connectionString)
at Microsoft.Cloud.InfrastructureCommon.EncryptionHelper.IsConnectionStringEncrypted(String connectionString)
at Microsoft.Cloud.InfrastructureCommon.SecretsManagerHelper.DecryptDbConnectionString(String encryptedSecret)
at Microsoft.ApplicationServer.Messaging.Broker.Sql.GetContainerByIdAsyncResult.ProcessSqlResult(SqlDataReader reader)
at Microsoft.Cloud.ServiceBus.Common.Sql.SqlStoreAsyncResult.SqlCommandAsyncResultCallback(IAsyncResult result)
at Microsoft.ServiceBus.Common.AsyncResult.AsyncCompletionWrapperCallback(IAsyncResult result)
Am I the only one experiencing this issue?
Without a logical explanation/solution, I don’t dare to install this update in production.
Thanks in advance,
Johan
Permalink
I meant the WFM update from August, not from September.
https://support.microsoft.com/en-us/topic/august-12-2025-update-for-sharepoint-workflow-manager-kb5002750-c933a04c-f61a-4048-b105-d38b9c8ff24e
Permalink
Hi Johan,
this is a known issue which is currently being investigated.
In case you cannot wait for a fix, here is a workaround:
The workaround is to leave the SPWFM, remove SBmanagementDB and WFmanagementDB and recreate the farm as part of a disaster recovery (https://learn.microsoft.com/en-us/sharepoint/governance/sp-wf-mgr-farm-restore-disaster-recovery)
This will resolve the issue as the unsupported keyword exists in the management database only.
Cheers,
Stefan
Permalink
Hi Stefan,
I really appreciate your help.
In production, I tend to wait for the fix before installing the WFM updates.
Our test environment is working again, but not 100% according to the disaster recovery documentation.
The documentation states the following:
Restore the Workflow Manager Services and Farm
Restore-WFFarm -RunAsAccount $wfmAcc -InstanceDBConnectionString “Data Source=$newSQL;Initial Catalog=$wfInstanceDB;Integrated Security=True;Asynchronous Processing=True;Encrypt=False” -ResourceDBConnectionString “Data Source=$newSQL;Initial Catalog=$wfResourceDB;Integrated Security=True;Asynchronous Processing=True;Encrypt=False” -WFFarmDBConnectionString “Data Source=$newSQL;Initial Catalog=$wfManageDB;Integrated Security=True;Encrypt=False” -InstanceStateSyncTime $restoreTime -ConsistencyVerifierLogPath $logPath -CertificateAutoGenerationKey $certGenKey -Verbose
With that, I got the same error message again: “Keyword not supported: ‘asynchronous processing’”.
So I decided to remove the ‘Asynchronous Processing=True’ part from this command, and that finally worked. No idea if that was allowed or not.
Thanks,
Johan
Permalink
Hi Johan,
yes of course – forgot to mention this. The new database access layer (Microsoft.Data.SqlClient) no longer supports this keyword.
Cheers,
Stefan
Permalink
Hi Stefan,
We Installed Oct CU in our Subscription Edition and in SWFM server. we got the Keyword not supported: ‘asynchronous processing’ error so had to recover the WFM farm. after all that we got an error for missing dll ‘Microsoft.Data.SqlClient.SNI.x64.dll’ so i copied the dll manually to Microsoft.Data.SqlClient folder in gac. after doing so the error for missing dll is gone but we still getting the unauthorized error when trying to start workflows.
tried to reinstall the SWFM farm but still getting to the same point. Any help will be appriciated.
Permalink
Hi Tam,
I think it would be best to open a ticket with Microsoft Support to get this analyzed.
Cheers,
Stefan
Permalink
Hey Stefan,
We are looking to apply the October CU 2025 CU for SharePoint 2019 and we have a Classic Workflow Manager Server associated with the farm. We follow the Zero Downtime Approach for patching so is it possible to run the workaround command BEFORE installing the update or the command only works AFTER the update is installed and the configuration wizard command is run? Thanks in advance for your response!
Daniel
Permalink
Hi Daniel,
sorry – I don’t know. I have set it afterwards and currently do not have a system with older patch level to test.
I would recommend to verify this in your test environment and best would be to share your results here with the group.
Cheers,
Stefan
Permalink
The October update states the following:
“If you’re running 2013-type workflows, you must install the August 2025 update for SharePoint Workflow Manager to your farm before you install this cumulative update.”
However I’m running Class Workflow Manager with and use 2013 type workflows. I’m assuming enabling the debug flag will allow the 2013 workflows to continue to run. And there’s nothing I need to updated with the Classic Workflow Manager.
Permalink
Hi Tyler,
your assumption is correct.
Cheers,
Stefan
Permalink
Hey Stefan,
We just installed the October 2025 CU and added the workaround to get our SP2013 workflows to continue running from our Classic Workflow Manager successfully. We have a SharePoint Workflow Manager we are looking to cutover to soon, would we need to remove the work around or is it safe to ignore? If so, what would that command be? Thank you!
Daniel
Permalink
Hi Daniel,
you should definitely revert it:
$farm = Get-SPFarm
$farm.ServerDebugFlags.Remove(53601) # Disable support for Classic Workflow Manager
$farm.update()
Cheers,
Stefan