After installing the September 2025 CU for SharePoint Server 2016, 2019, and Subscription Edition.
The following error is returned when deploying the solution:
Reference:
Solution:
October 2025 CU for SharePoint Server 2016, 2019 and Subscription Edition includes a fix for this issue:
- SP2016: October 2025 CU for SharePoint Server 2016
- SP2019: October 2025 CU for SharePoint Server 2019
- SPSE: October 2025 CU for SharePoint Server Subscription Edition
October 2025 CU reverts the change and unsets the deny write permissions from WSS_WPG and IIS_IUSRS groups on the LAYOUTS folder which resolves the problem.
If September 2025 CU was installed before this fix, it is necessary to manually remove the local system account from the WSS_WPG and IIS_IUSRS security group before applying October 2025 CU – otherwise October 2025 CU cannot be installed.
Permalink
Hello Stefan,
Thank you again on explanation of what needs to be done 🙂
However I do have a follow up question – you mention that local system must be removed from security groups, but then I look at WSS_WPG group I also see LOCAL SERVICE and NETWORK SERVICE accounts along with SYSTEM. Not sure how and when they were added there, but definitely weren’t added manually. So my question is – shall we remove these accounts also?
Thank you in advance
Giedrius
Permalink
Hi Giedrius,
SharePoint added them. They do not hurt – so you can keep them here.
When running PSCONFIG they will be added back to WSS_WPG and IIS_IUSRS (same for SYSTEM).
After October CU is installed and config wizard was run the deny ACE for WSS_WPG and IIS_IUSRS should be removed and the fact that these accounts are in these groups will no longer hurt.
Cheers,
Stefan
Permalink
HI Stefan,
For some additional clarity, will the OCT CU still break solution deployment if the Farm administrator account is in the server administrator group?
asking for a friend 🙂
Thanks! – Pete
Permalink
Hi Pete,
no it will not. But it is still not something you should have configured.
The farm service account should be a low privileged account from a security perspective.
Cheers,
Stefan
Permalink
Hi Stefan,
after the September CU for Sharepoint Server Subscription Edition we’ve been encountering an error like this:
SharePoint: Claims Auth Cannot Establish EndPoint;
Alert Monitoring Object Display Name: Security Token Service
An exception occurred when trying to establish endpoint for context: The type initializer for ‘Microsoft.SharePoint.OnPrem.Flighting.ECSSPFlightDataProvider’ threw an exception.
Despite the error all services seem to be working properly. We hoped that the October update will provide a fix but it doesn’t seem to be the case. We’ve been trying to investigate this issue but can’t seem to find the problem.
Do you know maybe if it is a known issue or what might it be connected with?
Thank you in advance,
Jacek
Permalink
Hi Jacek,
solution deployment should work again as October CU rolled back the change that caused it.
About this error: sorry. Haven’t seen it.
Cheers,
Stefan
Permalink
Hi Stefan,
Quick question, we got issues with Nintex workflows after installing SharePoint Server Subscription Edition KB50027864 (16.0.19127.20100, September 9, 2025)
After applying this update, we noticed that some Nintex workflow actions stopped working almost like a killswitch or a feature block got triggered. Everything else in SharePoint seems fine, but certain workflow components (especially custom actions and loops) are no longer executing.
“Workflow Compilation XPath killswitch resulted in an exception: System.InvalidOperationException: This feature has been temporarily disabled.” – ULS Log
Just wondering if you can confirm whether this CU includes any change or enforcement mechanism that might block Nintex integration, or if there’s a workaround we should apply (config, registry, or Web.config level).
Thanks in advance for any insights
Permalink
Hi Ariq,
if it is September 2025 CU and 2010 workflows (which Nintex is using) please check this known issue:
https://blog.stefan-gossner.com/2025/09/18/trending-issue-sharepoint-sp2010-workflows-fail-on-spse-after-installing-september-2025-cu/
Cheers,
Stefan