WCF services that are hosted on IIS on Windows 7 or Windows Server 2008 R2 may receive an exception error message after you install an update for the .NET Framework 3.5 SP1 for WCF

Consider the following scenario:
  • Your computer is running Windows 7 or Windows Server 2008 R2.
  • The computer is running the Windows Communication Foundation (WCF) service, and the service is hosted on Internet Information Services (IIS). The service uses either the HTTP or the HTTPS protocol and is using Windows Authentication.
  • You install some Microsoft .NET Framework 3.0 Service Pack 2 or .NET Framework 3.5 Service Pack 1 updates for WCF. For example, you install security update 2756920.
In this scenario, you may receive an exception error message that resembles the following on the requested page: 

Server Error in ‘/SecurtyTokenServiceApplication’ Application
Method not found: ‘System.String

For example, you may receive the error message when you go to a Microsoft SharePoint 2010 website. 

When this problem occurs, you may also receive the following error message in the event log on the server: 

WebHost failed to process a request.
Sender Information: System.ServiceModel.ServiceHostingEnvironment+HostingManager/17653682
Exception: System.ServiceModel.ServiceActivationException: The service '/SecurityTokenServiceApplication/securitytoken.svc' cannot be activated due to an exception during compilation.
The exception message is: Method not found: 'System.String System.ServiceModel.Activation.Iis7Helper.ExtendedProtectionDotlessSpnNotEnabledThrowHelper(System.Object)'.. --->
System.MissingMethodException: Method not found: 'System.String System.ServiceModel.Activation.Iis7Helper.ExtendedProtectionDotlessSpnNotEnabledThrowHelper(System.Object)'.
at System.ServiceModel.WasHosting.MetabaseSettingsIis7V2.WebConfigurationManagerWrapper.BuildExtendedProtectionPolicy(ExtendedProtectionTokenChecking tokenChecking, ExtendedProtectionFlags flags, List`1 spnList)
at System.ServiceModel.WasHosting.MetabaseSettingsIis7V2.WebConfigurationManagerWrapper.GetExtendedProtectionPolicy(ConfigurationElement element)
at System.ServiceModel.WasHosting.MetabaseSettingsIis7V2.ProcessWindowsAuthentication(String siteName, String virtualPath, HostedServiceTransportSettings& transportSettings)
This problem occurs because the computer may have some hotfixes installed that contained only System.ServiceModel.dll and not System.ServiceModel.WasHosting.dll. See the "More Information" section for a list of hotfixes that are known to contain only these files.

Because of this issue, the newer update cannot install the same version of both files. This exposes a dependency between the two files. This in turn causes the previously mentioned exception. This problem occurs because of an issue in previously released hotfixes and is not specifically caused by the new update. The new update merely causes the problem to surface.
To work around this issue, make sure that the versions of System.ServiceModel.dll and System.ServiceModel.WasHosting.dll are in sync.

To resolve this issue, install update 2637518 or any .NET Framework 3.0 SP2 hotfix that contains both assemblies.

We recommend that you install update 2637518 to resolve this issue. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.

To download this hotfix from the Microsoft Download Center, go to the following Microsoft Download Center webpage:Note If you are already experiencing this problem, install update 2637518. You do not have to reinstall the update that caused this issue to surface.

Restart requirement

You may have to restart the computer after you apply this update.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
More information
The following hotfixes can cause this issue if they are installed on a computer that is running Windows 7 or Windows Server 2008 R2 RTM and if no new .NET Framework 3.5 SP1 updates for WCF are installed. For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base: 
976462 A hotfix for the.NET Framework 3.5 Service Pack 1 is available for Windows 7 and for Windows Server 2008 R2 as a prerequisite for Microsoft Office SharePoint Server 2010

977420 A hotfix rollup is available to fix problems in Windows Communication Foundation in the .NET Framework 3.5 SP1 for Windows 7 and for Windows Server 2008 R2

982867 WCF services that are hosted by computers together with a NLB fail in the .NET Framework 3.5 SP1 or in the .NET Framework 4
update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE
Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.

Article ID: 2801728 - Last Review: 01/14/2013 17:38:00 - Revision: 2.0

Windows Communication Foundation, Windows Communication Foundation 3.0, Windows Communication Foundation 3.5

  • kbbug kbexpertiseinter kbsecbulletin kbsecurity kbsecvulnerability KB2801728