Thursday, July 19, 2018

Microsoft KB4340558 (July 10, 2018) Breaks ExCM’s SharePoint 2013 FBA SignIn.aspx page


Customers of Extranet Collaboration Manager for SharePoint 2013 need to be aware that the July 10, 2018 patches discussed in Microsoft KB4340588 will cause ExCM’s forms-based authentication SignIn.aspx page to break.  The result will be that users experience a 403 Forbidden error message when attempting to sign in to an extranet site:

image

!!Update on July 23, 2018!!

Microsoft has posted a support article that goes into more detail.  Also, they give more workarounds that may or may not be more effective than the procedures below.

https://support.microsoft.com/en-us/help/4345913/access-denied-errors-after-installing-july-2018-security-rollup-update

!!End July 23, 2018 Update!!

The only solution to the problem as of this initial writing (July 19, 2018) is to uninstall the associated Windows Server patches.

For Windows Server 2012 R2, these two patches are the ones that need to be uninstalled:
image

KB4338424

KB4338419

Note:  KB4340558 is a rollup patch that contains KB4338424 and KB4338419.  It will be labeled in Windows Update like this:

image

So, while KB4340558 is the patch that gets INSTALLED initially, to remove it you actually UNINSTALL KB4338424 and KB4338419.

Also, be aware that on other versions of Windows Server, the patches may have different KB numbers.

At this time, it is unclear what changes to the .NET Framework were made by Microsoft in these patches that cause the ExCM FBA Sign In page to not work properly.  The description that Microsoft provides of the patches does not give any information that would lead us to believe that the ExCM page would no longer work after applying the Windows Server patches.

Our team is investigating the problem further to try to narrow down what may have changed to the .NET Framework in KB4340558 that has impacted ExCM.  We will update this post when we know more details.

So far our testing of Extranet Collaboration Manager for SharePoint 2016 indicates that this Microsoft patch does not cause the same problem.  However, we can't conclude yet for certain that ExCM 2016 customers will not be affected.

Also, it is possible that the root cause of the problem is that the patch actually breaks SharePoint's  built-in feature that supports custom FBA Sign In pages in general, regardless of whether it is ExCM’s custom FBA Sign In pages or someone else’s.  From SharePoint Central Administration, this is the particular feature we are referring to:

image

No comments: