Andrew Connell

PSA: SharePoint 2010 Claims Based Web Apps on Win 2008R2 Pre-SP1 Blown Up with Recent Security Fix

Little public service announcement. What follows applies to the following scenario: SharePoint 2010 Web Application configured as a Claims Based Authentication (CBA) Running on a Windows Server 2008 R2 without Service Pack 1 (if you have SP1, you're ok) Were things working fine for you but then all the sudden when you try to login all the sudden you get the ASP.NET yellow screen of death telling you the following: Exception: System.ServiceModel.ServiceActivationException: The service 'http://..:#####/SecurityTokenServiceApplication/securitytoken.svc' cannot be activated due to an exception during compilation. And when you dig a little further you see the inner exception is: Method not found: 'System.String System.ServiceModel.Activation.Iis7Helper.ExtendedProtectionDotlessSpnNotEnabledThrowHelper(System.Object)' What's up? Ends up there was a security hotfix (KB2756920) that was installed on January 9, 2013 (if you had auto updates turned on) that caused this error. One fix is apparently to install Service Pack 1 but the other fix is to uninstall that hotfix and restart the machine....

Little public service announcement. What follows applies to the following scenario:

  • SharePoint 2010 Web Application configured as a Claims Based Authentication (CBA)
  • Running on a Windows Server 2008 R2 without Service Pack 1 (if you have SP1, you’re ok)

Were things working fine for you but then all the sudden when you try to login all the sudden you get the ASP.NET yellow screen of death telling you the following:

Exception: System.ServiceModel.ServiceActivationException: The service ‘http://..:#####/SecurityTokenServiceApplication/securitytoken.svc’ cannot be activated due to an exception during compilation.

And when you dig a little further you see the inner exception is:

Method not found: ‘System.String System.ServiceModel.Activation.Iis7Helper.ExtendedProtectionDotlessSpnNotEnabledThrowHelper(System.Object)’

What’s up? Ends up there was a security hotfix (KB2756920) that was installed on January 9, 2013 (if you had auto updates turned on) that caused this error. One fix is apparently to install Service Pack 1 but the other fix is to uninstall that hotfix and restart the machine.

Andrew Connell
Developer & Chief Course Artisan, Voitanos LLC. | Microsoft MVP
Written by Andrew Connell

Andrew Connell is a web developer with a focus on Microsoft Azure & Microsoft 365. He’s received Microsoft’s MVP award every year since 2005 and has helped thousands of developers through the various courses he’s authored & taught. Andrew’s the founder of Voitanos and is dedicated to delivering industry-leading on-demand video training to professional developers. He lives with his wife & two kids in Florida.