Issue found with .NET Framework 3.5.1 Security update KB2756920
After installing the update KB2756920 on a Windows Server 2008 R2/Windows 7 RTM computer running SharePoint Server 2010 with previously installed hotfixes for .NET 3.5 SP1. on the server, the following exception is thrown when any WCF service is hosted on IIS using HTTPS
Server Error in ‘/SecurtyTokenServiceApplication’ Application
Method not found: ‘System.String System.ServiceModel.Activation.iis7helper.extendedprotectiondotlessspnnotenabledthrowhelper(system.object)’
An exception occurred when trying to issue security token: The requested service, 'https://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc/actas' could not be activated. See the server's diagnostic trace logs for more information..
Exception occurred while connecting to WCF endpoint: System.ServiceModel.ServiceActivationException: The requested service, 'https://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc/actas'
could not be activated due to an exception during compilation. See the server's diagnostic trace logs for more information. Server stack trace:
at System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory factory, WebException responseException, ChannelBinding channelBinding)
Extended Stack Trace
[MissingMethodException: Method not found: 'System.String System.ServiceModel.Activation.Iis7Helper.ExtendedProtectionDotlessSpnNotEnabledThrowHelper(System.Object)'.]
System.ServiceModel.WasHosting.WebConfigurationManagerWrapper.BuildExtendedProtectionPolicy(ExtendedProtectionTokenChecking tokenChecking, ExtendedProtectionFlags flags, List`1 spnList) +0
System.ServiceModel.WasHosting.WebConfigurationManagerWrapper.GetExtendedProtectionPolicy(ConfigurationElement element) +362
System.ServiceModel.WasHosting.MetabaseSettingsIis7V2.ProcessWindowsAuthentication(String siteName, String virtualPath, HostedServiceTransportSettings& transportSettings) +217
System.ServiceModel.WasHosting.MetabaseSettingsIis7V2.CreateTransportSettings(String relativeVirtualPath) +137
System.ServiceModel.Activation.MetabaseSettingsIis.GetTransportSettings(String virtualPath) +203
System.ServiceModel.Activation.MetabaseSettingsIis.GetAuthenticationSchemes(String virtualPath) +16
System.ServiceModel.Channels.HttpChannelListener.ApplyHostedContext(VirtualPathExtension virtualPathExtension, Boolean isMetadataListener) +62
System.ServiceModel.Channels.HttpTransportBindingElement.BuildChannelListener(BindingContext context) +158
System.ServiceModel.Channels.BindingContext.BuildInnerChannelListener() +98
System.ServiceModel.Channels.MessageEncodingBindingElement.InternalBuildChannelListener(BindingContext context) +98
System.ServiceModel.Channels.BinaryMessageEncodingBindingElement.BuildChannelListener(BindingContext context) +70
System.ServiceModel.Channels.BindingContext.BuildInnerChannelListener() +98
System.ServiceModel.Channels.Binding.BuildChannelListener(Uri listenUriBaseAddress, String listenUriRelativeAddress, ListenUriMode listenUriMode, BindingParameterCollection parameters) +172
System.ServiceModel.Description.DispatcherBuilder.MaybeCreateListener(Boolean actuallyCreate, Type[] supportedChannels, Binding binding, BindingParameterCollection parameters, Uri listenUriBaseAddress, String listenUriRelativeAddress, ListenUriMode listenUriMode, ServiceThrottle throttle, IChannelListener& result, Boolean supportContextSession) +400
System.ServiceModel.Description.DispatcherBuilder.BuildChannelListener(StuffPerListenUriInfo stuff, ServiceHostBase serviceHost, Uri listenUri, ListenUriMode listenUriMode, Boolean supportContextSession, IChannelListener& result) +1070
System.ServiceModel.Description.DispatcherBuilder.InitializeServiceHost(ServiceDescription description, ServiceHostBase serviceHost) +2005
System.ServiceModel.ServiceHostBase.InitializeRuntime() +60
Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceHost.InitializeRuntime() +408
System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout) +63
System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) +560
System.ServiceModel.HostingManager.ActivateService(String normalizedVirtualPath) +141
System.ServiceModel.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath) +683
[ServiceActivationException: The service '/SecurityTokenServiceApplication/securitytoken.svc' cannot be activated due to an exception during compilation. The exception message is: Method not found: 'System.String System.ServiceModel.Activation.Iis7Helper.ExtendedProtectionDotlessSpnNotEnabledThrowHelper(System.Object)'..]
System.ServiceModel.AsyncResult.End(IAsyncResult result) +460
System.ServiceModel.Activation.HostedHttpRequestAsyncResult.End(IAsyncResult result) +471
System.Web.AsyncEventExecutionStep.OnAsyncEventCompletion(IAsyncResult ar) +101
The issue is limited to Windows Server 2008 R2/ Windows 7 RTM machines only.
The issue occurs due to previously installed hotfixes and NOT the security update KB2756920 itself.
Recommendations
- It is recommend that you Install a newer hotfix for 3.5 SP1 like https://support.microsoft.com/kb/2637518 and then install the security update. If you have already installed the security update then simply install the above hotfix.
- Another workaround would be to upgrade the machines from Windows Server 2008 R2/Windows 7 RTM to SP1.
You do not have to uninstall the security update as one of the above options will suffice the need.
UPDATE
The issue caused by the update KB2756920 - Security update for the .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 RTM and its solution has been documented in KB2801728 - WCF services that are hosted on IIS on Windows 7 or Windows Server 2008 R2 may receive an exception error message after you install an update for the .NET Framework 3.5 SP1 for WCF for reference.
The cause section of the KB has been updated with:
This problem occurs because the computer may have some hotfixes installed that contained only "System.ServiceModel.dll" and not "System.ServiceModel.WasHosting.dll". See the "More Information" section of the KB for a list of hotfixes that are known to contain only these files.