Simptomi
Kada instalirate bilo koju od 2018 .NET Framework bezbednosnih ispravki za rešavanje cve-2018-8421 (.NET Framework daljinska ispravka izvršenja), SharePoint tokovi posla koji su u kutiji prestaju da rade. Kada dođe do ovog problema, biće evidentirana stavka greške koja podseća na sledeću:
<Date> <Time> w3wp.exe (0x1868) 0x22FC SharePoint Foundation Workflow Infrastructure 72fs Unexpected RunWorkflow: Microsoft.SharePoint.SPException: <Error><CompilerError Line="-1" Column="-1" Text="Type System.CodeDom.CodeBinaryOperatorExpression is not marked as authorized in the application configuration file." /><CompilerError Line="-1" Column="-1" Text="Type System.CodeDom.CodeBinaryOperatorExpression is not marked as authorized in the application configuration file." /><CompilerError Line="-1" Column="-1" Text="Type System.CodeDom.CodeBinaryOperatorExpression is not marked as authorized in the application configuration file." /><CompilerError Line="-1" Column="-1" Text="Type System.CodeDom.CodeBinaryOperatorExpression is not marked as authorized in the application configuration file." /><CompilerError Line="-1" Column="-1" Text="Type System.CodeDom.CodeBinaryOperatorExpression is not marked as authorized in the application configuration file." /><CompilerError Line="-1" Column="-1" Text="Type System.CodeDom.CodeBinaryOperatorExpression is not marked as authorized in the application configuration file." /><CompilerError Line="-1" Column="-1" Text="Type System.CodeDom.CodeBinaryOperatorExpression is not marked as authorized in the application configuration file." /><CompilerError Line="-1" Column="-1"…
Stavka greške ukazuje na to da je sistem. pogreška u Binaryoperorekkompresija nije uključena u ovlašćene tipove.
Za više informacija o bezbednosnim ispravkama u septembru posetite ovu Microsoft .net blog stranicu.
Uzrok
Workflow Foundation (WF) pokreće tokove posla samo kada su svi zavisni tipovi i sklopovi ovlašćeni u .NET konfiguracionoj datoteci (ili se izričito dodaje kôd) u sledećem stablu:
<configuration>
<System.Workflow.ComponentModel.WorkflowCompiler>
<authorizedTypes>
<targetFx>
Međutim, nakon ažuriranja, neke vrste koje koriste neki od tokova posla SharePoint iz kutije koje ranije nisu bile potrebne su sada potrebne.
Rešenje
Da biste rešili ovaj problem, primenite odgovarajuće ispravke bezbednosti i nebezbednosnih ispravki iz sledećih članaka baze znanja:
4461501 Opis bezbednosne ispravke za SharePoint Enterprise server 2016:13 novembar, 2018 4461508 . novembar 2018, kumulativno ažuriranje za SharePoint Foundation 2013 (KB4461508) 4461510 Novembar 13, 2018, kumulativno ažuriranje za SharePoint Enterprise server 2013 (KB4461510) 4011713 Novembar 13, 2018, ispravka za SharePoint Foundation 2010 (KB4011713) 4461528 Novembar 13, 2018, kumulativno ažuriranje za SharePoint Server 2010 (KB4461528)
Napomene
-
Nakon instaliranja ispravke, čarobnjak za konfigurisanje SharePoint proizvoda mora da se pokrene da bi popravka bila u potpunosti primenjena.
-
Neke radnje sa nezavisnim ili prilagođenim tokovima posla mogu imati dodatne zavisne stavke. Ako naiđete na ponašanje koje je slično ovom problemu, ali ne diskutuje u ovom članku, konsultujte radnju toka posla za pomoć.
Rešenje
Da biste zaobišli ovaj problem, izričito dodajte potrebne tipove u Web. config datoteku svih aplikacija. Iako su obezbeđeni koraci za ručno, preporučujemo da koristite metod skripte.
Da biste zaobilazili ovaj problem, izričito dodajte potrebne tipove u Web. config datoteke svih aplikacija.
Za SharePoint 2013 i novije verzije
Za SharePoint 2013 i novije verzije dodajte sledeće redove:
<authorizedType Assembly="System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" NameSpace="System.CodeDom" TypeName="CodeBinaryOperatorExpression" Authorized="True" />
<authorizedType Assembly="System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" NameSpace="System.CodeDom" TypeName="CodePrimitiveExpression" Authorized="True" />
<authorizedType Assembly="System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" NameSpace="System.CodeDom" TypeName="CodeMethodInvokeExpression" Authorized="True" />
<authorizedType Assembly="System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" NameSpace="System.CodeDom" TypeName="CodeMethodReferenceExpression" Authorized="True" />
<authorizedType Assembly="System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" NameSpace="System.CodeDom" TypeName="CodeFieldReferenceExpression" Authorized="True" />
<authorizedType Assembly="System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" NameSpace="System.CodeDom" TypeName="CodeThisReferenceExpression" Authorized="True" />
<authorizedType Assembly="System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" NameSpace="System.CodeDom" TypeName="CodePropertyReferenceExpression" Authorized="True" />
Za SharePoint verzije starije od sistema SharePoint 2013
Za SharePoint verzije starije od 2013, dodajte sledeće redove:
<authorizedType Assembly="System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" NameSpace="System.CodeDom" TypeName="CodeBinaryOperatorExpression" Authorized="True" />
<authorizedType Assembly="System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" NameSpace="System.CodeDom" TypeName="CodePrimitiveExpression" Authorized="True" />
<authorizedType Assembly="System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" NameSpace="System.CodeDom" TypeName="CodeMethodInvokeExpression" Authorized="True" />
<authorizedType Assembly="System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" NameSpace="System.CodeDom" TypeName="CodeMethodReferenceExpression" Authorized="True" />
<authorizedType Assembly="System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" NameSpace="System.CodeDom" TypeName="CodeFieldReferenceExpression" Authorized="True" />
<authorizedType Assembly="System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" NameSpace="System.CodeDom" TypeName="CodeThisReferenceExpression" Authorized="True" />
<authorizedType Assembly="System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" NameSpace="System.CodeDom" TypeName="CodePropertyReferenceExpression" Authorized="True" />
Preporučujemo da pokrenete sledeću skriptu umesto direktnog menjanja postojećih datoteka.
Napomena Neki motori za tok posla trećih lica mogu zahtevati Dodavanje dodatnih tipova. U tom slučaju, obratite se dobavljaču za informacije o potrebnim tipovima, a zatim u skladu sa tim podesite skriptu.
Sledeća skripta menja Web. config za sve Web aplikacije da bi dodao potrebne stavke. Ova skripta dodaje ove tipove za postojeće Web aplikacije i za aplikacije koje se kreiraju nakon pokretanja skripte. Skripta treba da se pokreće samo jedanput na bilo kom izloženom Web serveru u farmi (ažurira sve servere).
<#
This script adds the entries to all web.config files for all web applications in the farm.
Run this script as Farm Administrator in one of the WFEs.
This script has to run only one time.
SUMMARY:
This script uses the native SharePoint SPWebConfigModification API to deploy new updates to the web.config file for each web application on each server in the farm. Servers that are added at a later date will also get the updates applied because the API configuration is persisted in the config database. This API does not update the web.config for the central administration web application.
If you are running workflows on the central admin web application, you will have to manually update the web.config by using the steps in the referenced blog.
==============================================================
#>
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue | Out-Null
function Add-CodeDomAuthorizedType
{
<#
.Synopsis
Adds the necessary authorizedType elements to all web.config files for all non-central admin web applications
.DESCRIPTION
Adds the necessary authorizedType elements to all web.config files for all non-central admin web applications
.EXAMPLE
Add-CodeDomAuthorizedType
#>
[CmdletBinding()]
param
(
)
begin
{
$farmMajorVersion = (Get-SPFarm -Verbose:$false ).BuildVersion.Major
$contentService = [Microsoft.SharePoint.Administration.SPWebService]::ContentService
$typeNames = @( "CodeBinaryOperatorExpression", "CodePrimitiveExpression", "CodeMethodInvokeExpression", "CodeMethodReferenceExpression", "CodeFieldReferenceExpression","CodeThisReferenceExpression", "CodePropertyReferenceExpression")
}
process
{
if( @($contentService.WebConfigModifications | ? { $_.Name -eq "NetFrameworkAuthorizedTypeUpdate" }).Count -gt 0 )
{
Write-Warning "Existing NetFrameworkAuthorizedTypeUpdate entries found, this script has to be run only one time per farm."
return
}
if( $farmMajorVersion -le 14 ) # 2010, 2007
{
foreach( $typeName in $typeNames )
{
# System, Version=2.0.0.0
$netFrameworkConfig = New-Object Microsoft.SharePoint.Administration.SPWebConfigModification
$netFrameworkConfig.Path = "configuration/System.Workflow.ComponentModel.WorkflowCompiler/authorizedTypes"
$netFrameworkConfig.Name = "authorizedType[@Assembly='System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'][@Namespace='System.CodeDom'][@TypeName='{0}'][@Authorized='True']" -f $typeName
$netFrameworkConfig.Owner = "NetFrameworkAuthorizedTypeUpdate"
$netFrameworkConfig.Sequence = 0
$netFrameworkConfig.Type = [Microsoft.SharePoint.Administration.SPWebConfigModification+SPWebConfigModificationType]::EnsureChildNode
$netFrameworkConfig.Value = '<authorizedType Assembly="System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" Namespace="System.CodeDom" TypeName="{0}" Authorized="True"/>' -f $typeName
$contentService.WebConfigModifications.Add($netFrameworkConfig);
}
}
else # 2013+
{
foreach( $typeName in $typeNames )
{
# System, Version=4.0.0.0
$netFrameworkConfig = New-Object Microsoft.SharePoint.Administration.SPWebConfigModification
$netFrameworkConfig.Path = "configuration/System.Workflow.ComponentModel.WorkflowCompiler/authorizedTypes/targetFx"
$netFrameworkConfig.Name = "authorizedType[@Assembly='System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'][@Namespace='System.CodeDom'][@TypeName='{0}'][@Authorized='True']" -f $typeName
$netFrameworkConfig.Owner = "NetFrameworkAuthorizedTypeUpdate"
$netFrameworkConfig.Sequence = 0
$netFrameworkConfig.Type = [Microsoft.SharePoint.Administration.SPWebConfigModification+SPWebConfigModificationType]::EnsureChildNode
$netFrameworkConfig.Value = '<authorizedType Assembly="System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" Namespace="System.CodeDom" TypeName="{0}" Authorized="True"/>' -f $typeName
$contentService.WebConfigModifications.Add($netFrameworkConfig);
}
}
Write-Verbose "Updating web.configs"
$contentService.Update()
$contentService.ApplyWebConfigModifications();
}
end
{
}
}
function Remove-CodeDomAuthorizedType
{
<#
.Synopsis
Removes any web configuration entries owned by "NetFrameworkAuthorizedTypeUpdate"
.DESCRIPTION
Removes any web configuration entries owned by "NetFrameworkAuthorizedTypeUpdate"
.EXAMPLE
Remove-CodeDomAuthorizedType
#>
[CmdletBinding()]
param()
begin
{
$contentService = [Microsoft.SharePoint.Administration.SPWebService]::ContentService
}
process
{
$webConfigModifications = @($contentService.WebConfigModifications | ? { $_.Owner -eq "NetFrameworkAuthorizedTypeUpdate" })
foreach ( $webConfigModification in $webConfigModifications )
{
Write-Verbose "Found instance owned by NetFrameworkAuthorizedTypeUpdate"
$contentService.WebConfigModifications.Remove( $webConfigModification ) | Out-Null
}
if( $webConfigModifications.Count -gt 0 )
{
$contentService.Update()
$contentService.ApplyWebConfigModifications()
}
}
end
{
}
}
# The following command will get the timerjob responsible for the web.config change deployment
# Get-SPTimerJob | ? { $_.Name -eq "job-webconfig-modification" }
# The following command will make the appropriate changes
Add-CodeDomAuthorizedType
# Remove the following command if you have to remove the web.config updates, you can use this function to retract the changes
# Remove-CodeDomAuthorizedType