Why we recommend / require to run the Configuration Wizard also for Security fixes

This is a very common question: "I just installed some security fixes for SharePoint - do I have to run the SharePoint Configuration Wizard?"

The simple answer is: You should run the SharePoint Configuration Wizard (psconfigui.exe or psconfig.exe with the correct parameters) after all SharePoint fixes!

The more complex answer is here:

  • SharePoint Configuration Wizard updates the database schema to the latest version
  • SharePoint Configuration Wizard fixes security settings on the file system to match what SharePoint needs
  • SharePoint Configuration Wizard copies required binaries from the install location into the _app_bin directories of the web applications
  • SharePoint Configuration Wizard updates features registrations with SharePoint

Depending on which patch level you were before installing the security fix and depending on what component got fixed each of the above listed actions can be part of the security fix to be applied. E.g. some security fixes might require a modification of some stored procedures in a SharePoint database. Or security settings on the file system need to be updated to remove an attack vector. Or the fix is inside a DLL that usually resides in the _app_bin directory of the web application.

With other words: not running the configuration wizard after installing a SharePoint fix means that the fix is not completely applied and that means that specific security fixes might not be active without running PSCONFIG.

As a result let me repeat my initial answer: You should run the SharePoint Configuration Wizard (psconfigui.exe or psconfig.exe with the correct parameters) after all SharePoint fixes!

Comments (70)

  1. Hi Stefan,

    are there any known problems if I install a security fix that is newer than my installed CU?


  2. Hi Tobias,
    no there are no known issues.
    That is a fully supported scenario.

  3. Yen says:

    Hi Tobias,

    We've noticed that the behavior of SP farm-deployment patches are very problematic. They tend to take an hour or more per patch to deploy, make calls to the SQL Server under the credentials of the administrator (which are denied since we only permit service
    account access), may or may not require reboots, and always take the site down during the duration of the patches. Is this normal behavior for the monthly farm-deploy security patches?

    Thank you.

  4. Hi Yen,

    I'm not Tobias, but let me answer the question: the server where the fixes are installed will be affected as you mentioned. We recommend to remove the server where the fix is installed from load balancing. You can add it after the installation back to load balancing. The other servers in the farm will not be affected during installation. So update one server after the other.

    Same later when running PSCONFIG: run psconfig on the central admin server first – that will update the DB schema. Other servers should not be affected (or only for a very short time).
    Then run PSCONFIG on the other machines one after the others – again while removing the server from load balancing while running PSCONFIG.


  5. Yen says:

    Sorry, mistyped name. Thank you for your answer, Stefan!

  6. Marco Alves says:

    Hi Stefan,
    Reading your post I think I already know the answer, but just to double check: Should we do it even when on "Servers on the farm" in CA is showing "no action needed"? Some security patches flag the servers as "upgrade available" (I don't remember a security
    patch flagging any as "upgrade required" but it may be slipping my mind) and others don't, hence the question.


  7. Hi Marco,
    this information only informs about required db upgrades and is not related to the other operations.

  8. Thanks for the reply Stefan, wasn’t aware.

  9. nani says:

    Hi Stefan,
    Do we need to run Configuration wizard for OP security Patches on SharePoint servers?

  10. Hi Nani,
    not required for OS fixes. Only for SharePoint fixes.

  11. AG says:

    Hi Stefan,

    I understand your explanation of applying the fix to one server at a time (especially the WFEs after removing one server at a time from the load balancer) and starting the PSCONFIG with the CA server first.

    However I have seen that executing the PSCONFIG on the first CA server with all content DBs still attached to the farm, makes the PSCONFIG take a significantly long time to complete (depending upon the number and the size of each content DB).

    Also if there are missing/incorrectly installed solutions/feature/custom definitions, etc then the PSCONFIG could even fail sometimes after a very long time (e.g. if the content DBs are large). In such a case would it not be better to just detach all the content
    databases from the farm before executing PSCONFIG? You could then complete the PSCONFIG on all server fairly quickly and then manually (or through a script) "Mount" the content DBs to the appropriate web apps. Finally upgrade the content databases (using Upgrade-SpContentDatabase)
    to sync up the content DB versions too. The BIG negative of this is that the farm will have to be down for end users until the "mount" and "upgrade" is complete. However the above approach would become necessary if the farm is replete with missing/incorrectly
    installed solutions/feature/custom definitions and this is the worst nightmare for Farm Admins when deploying fixes/updates.



  12. Hi AG,
    there are several ways to prevent these outages.
    You can run Upgrade-SPContentDatabase against the different content databases before running PSConfig, That will have the same effect as detaching / reattaching the databases as the config wizard will not have to upgrade the content databases.
    On top of that you can run Upgrade-SPContentDatabase with the -UseSnapshot option to create a read-only snapshot from before the upgrade which will ensure that the sites can still serve content during the upgrade.
    Or you can use the -NoB2BSiteUpgrade option to only upgrade the DB schema but not the different site collections within. Here you can use Upgrade-SPSite later to upgrade the different site collections in the content database.

    1. SPAdmin says:

      Can you elaborate more on “You can run Upgrade-SPContentDatabase against the different content databases before running PSConfig,”? Will this put the content DB at a version level higher than farm? I guess that is supported? Will that trigger any 14 to 15 compatibility mode upgrades (aka visual upgrade)?

      1. Hi SPAdmin,
        yes, that is supported. This will not trigger a visual upgrade.

  13. AG says:

    Agreed on the end result of running the Upgrade-SPContentDatabases before running PSConfig. However, wouldn't the PSConfig fail if we have inorrectly installed solutions/features etc?

  14. Hi AG,
    not exactly sure which type of "incorrectly installed solutions/features" you mean.
    If you mean missing features: there you could use (e.g.) the following scripts:

  15. Aligo says:

    Quick question for you. Is it necessary to reboot the server before or after running config wizard? Do you have an article on what things can go wrong during psconfig and how to recover from those and bring the servers back up again resulting in less downtime?
    I am only worried about our production environment where it is critical to keep them running with minimal impact.

  16. Hi Aligo,
    there is no need for a reboot related to the SharePoint config wizard.
    Here is an article with the most common problems:
    The article talks about MOSS 2007 but these things have not changed in more recent versions.
    Just ensure to use the more accurate PSCONFIG.EXE command listed here:

  17. Sunil says:

    Hi Stefan, quick question.Are we required to run Configuration Wizard even after having a Patch level that’s post JULY 2015 CU?


    1. Hi Sunil,

      all SharePoint fixes need PSConfig – but usually you can schedule a maintenance window one or two weeks later to run it.
      With July you have to run it right after installing the fix.


  18. Ova Incekaraoglu says:

    It’s just a bit confusing(and frustrating) when the KB installation instruction does not contain any steps regarding running the Products and Technologies Wizard. I think that should be documented better. Otherwise it takes a lot of hassle to convince the Infrastructure guys/gals!
    Thanks for this article.

  19. Andy says:

    Hi Stefan,

    Is it true that upgrading a SharePoint 2013 machine will cause a reset of the distributed cache (thus affecting the newsfeed) ?
    I heard that in a multi-server farm, it is recommended to move the cache to a new server before upgrading.
    Is it true ? What would you recommend and could you please tell me how to stop the distributed cache and move it to a new server ?


    1. Hi Andy,
      the distributed cache is not part of SharePoint itself.
      If you are installing it on the same box as SharePoint, then you need to gracefully stop the distributed cache on the SharePoint machine you plan to patch to ensure that it the cached content is sent to the other machines in the cache cluster. After the distributed cache service has been shut down gracefully you can patch the SharePoint machine, do reboots if required and so on.
      To gracefully shut down the distributed cache on a specific machine please use this command:
      Stop-CacheHost -HostName … -CachePort … -Graceful

      See here for details:


      1. Piotr Siódmak says:

        You can refer to this blog post to see what you can do to restore newsfeed after dcache restart: https://blogs.technet.microsoft.com/bspieth/2014/05/06/sharepoint-2013-newsfeed-does-not-show-old-entries-after-server-crash/

        1. Andy says:

          Thanks Stefan and Piotr.

  20. TrevZeuq says:

    Hi Stefan,

    Having inherited a SharePoint installation with a patch level of SP1 1st Release is a big challenge, but luckily I’ve found your posts greatly helpful. So after a long and careful research, I tried patching this simple 1x App server/farm and 1x SQL server configuration. After applying SP1 Release 3, Product Config Wizard repeatedly failed with an error related to UserProfileSynchonizationService. I already tried a lot of fixes I can find including STS/UPSS, but still cannot complete the wizard nor via PSCONFIG. I know this may not sound as a good idea, but can I proceed to a desired Cumulative Update (Dec. 2015) and try to rerun the wizard after?


    1. Hi Trev,
      sure that is ok. PSConfig is only required after all patches have been installed – not inbetween.

      1. TrevZeuq says:

        Thank you Stefan. I did proceed with the Dec. 2015 Cumulative Update and unfortunately a number of the services became disabled after the restart. I’m now trying to figure out the startup type of these services (i.e. Claims to Windows Token, Document Conversions Launcher…, Document Conversions Load Balancer…, Forefront Identity Manager Synchronization…, IIS Admin Service, SharePoint Search Host Controller, SharePoint Server Search 15, SharePoint Timer Service, and SharePoint User Code Host). I’m tempted to just set them all to Automatic if unsuccessful in my search.


  21. AV says:

    Hi Stefan,

    I have a sharepoint farm with 3 front end servers of SP2010 enterprise version, my issue is that the “sharepoint Admin” service is not starting after server restart, when i checked the event viewer it show , the service does not start in timely fashion of 30000 ms, i m banging my head daily , but not able to solve this issue. kindly help

    1. Frank-Ove says:

      Hi AV,

      Have you checked the account the service is running under? Maybe it has been disabled/expired, or the password has expired?
      Otherwise, please check the ULS logs for more details on why the service fails to start.


  22. Anil says:

    Is it advisable to uninstall security fixes

    1. Hi Anil,
      you cannot uninstall SharePoint fixes. Not even Security fixes.
      If you ask in General: Security fixes were released to fix Security vulnerabilities.
      Removing them would open your System for attacks against this Security hole.

  23. Mike Breeden says:

    Hi Stefan,

    I just installed the November 2016 Security Update KB3118279 and wanted to know if it modifies anything with the SQL database? We do testing in our non-production environments on roll back. We are using VMware and take snapshots before the security update was applied. Once I perform the revert to snapshot and check I no longer see the update in Programs/Features in Windows 2012 but I do see it listed in Central Admin under Check Product and Patch Installation Status. If I do a Get-SPProduct -local it then changes to missing/required. The site functions just fine but I do not understand why it still shows in Central Admin. Also do you have to run psconfig on each server after this security patch KB3118279.


    1. Hi Mike,
      yes this fix updates database content.
      And yes: PSConfig is required. It is required after all SharePoint fixes. No exceptions.
      Details can be found here:

      1. Mike Breeden says:


        Does it just update certain databases? I am trying to figure out what is needed for a rollback. We would prefer to just install the security updates when they happen versus the CU unless there is something that the CU fixes or adds that we need. Normally when I install a CU then you will see database upgrade required but that does not seem to be the case with this security update.

        Mike Breeden

        1. Hi Mike,
          sorry I don’t have an overview about all changes. In addition it also depends on your previous patch level – in theory all DB changes since RTM in all databases will be applied but depending on your previous patch level some of those might not be new changes.

  24. Abhilash says:

    Hey Stefan,

    What is the difference between “Upgrade Available” vs “Upgrade required” in the server status?
    Do we need to run config in both cases?


      1. Abhilash says:

        Thanks Stefan..

  25. Hikmer says:

    It seems you are answering this thread so I wanted to ask, is a PSCONIFG required between SP2 and a current CU in a SharePoint 2010 farm? Or can I apply all updates and then run PSCONFIG at the end?

    1. You only have to run it once at the very end.

  26. dave soman says:

    i have an old sharepoint 2007 WSS running on windows 2008 server. After the holidays, our it team installed a lot of patches and now our site just shows:

    HTTP/1.1 200 OK
    Server: Microsoft-IIS/7.5
    Date: Thu, 09 Feb 2017 05:33:16 GMT
    Connection: close

    do I need to run the psconfig.exe to fix this is what I understand from your article?

    I am new to sharepoint so I am still not familiar with it and being so old and free version.


    1. If these fixes included SharePoint fixes then the Answer is yes.

      1. Dave Soman says:

        Hi Stefan.

        I just ran the psconfigui.exe but it did not solve the problem.. looking at the error log (upgrade.log) I notice these error… the read only is okay as it’s meant to be read-only unless we should remove that and then make it read only after the upgrade patch.

        SPManager] [ERROR] [2/9/2017 11:36:51 AM]: at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
        at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
        at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
        at System.Data.SqlClient.SqlCommand.RunExecuteNonQueryTds(String methodName, Boolean async)
        at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(DbAsyncResult result, String methodName, Boolean sendToPipe)
        at System.Data.SqlClient.SqlCommand.ExecuteNonQuery()
        at Microsoft.SharePoint.Utilities.SqlSession.ExecuteNonQuery(SqlCommand command)
        at Microsoft.SharePoint.Upgrade.SPDatabaseSequence.ExecuteDataDefinitionMethodCore(SqlSession sqlSession, ISqlSession isqlSession, String sqlscript, SPSqlCommandFactory sqlcmdFactory, String[] strTables, Int32[] nThroughputs, SPLog logGlobal)
        at Microsoft.SharePoint.Upgrade.SPDatabaseSequence.ExecuteDataDefinitionMethod(SqlSession sqlSession, String sqlscript, SPLog log)
        at Microsoft.SharePoint.Upgrade.SPContentDatabaseSequence.Upgrade()
        at Microsoft.SharePoint.Upgrade.SPManager.Upgrade(Object o, Boolean bRecurse)
        at Microsoft.SharePoint.Administration.SPPersistedUpgradableObject.Upgrade(Boolean recursively)
        at Microsoft.SharePoint.Administration.SPContentDatabase.Upgrade(Boolean recursively)
        at Microsoft.SharePoint.Upgrade.SPManager.ReflexiveUpgrade(Object o, Boolean bRecurse)
        at Microsoft.SharePoint.Upgrade.SPManager.Upgrade(Object o, Boolean bRecurse)
        at Microsoft.SharePoint.Administration.SPPersistedUpgradableObject.Upgrade(Boolean recursively)
        at Microsoft.SharePoint.Upgrade.SPManager.ReflexiveUpgrade(Object o, Boolean bRecurse)
        at Microsoft.SharePoint.Upgrade.SPManager.Upgrade(Object o, Boolean bRecurse)
        at Microsoft.SharePoint.Administration.SPPersistedUpgradableObject.Upgrade(Boolean recursively)
        at Microsoft.SharePoint.Upgrade.SPManager.ReflexiveUpgrade(Object o, Boolean bRecurse)
        at Microsoft.SharePoint.Upgrade.SPManager.Upgrade(Object o, Boolean bRecurse)
        at Microsoft.SharePoint.Administration.SPPersistedUpgradableObject.Upgrade(Boolean recursively)
        at Microsoft.SharePoint.Upgrade.SPManager.ReflexiveUpgrade(Object o, Boolean bRecurse)
        at Microsoft.SharePoint.Upgrade.SPManager.Upgrade(Object o, Boolean bRecurse)
        at Microsoft.SharePoint.Administration.SPPersistedUpgradableObject.Upgrade(Boolean recursively)
        at Microsoft.SharePoint.Upgrade.SPManager.ReflexiveUpgrade(Object o, Boolean bRecurse)

        [SPManager] [ERROR] [2/9/2017 11:36:51 AM]: ReflexiveUpgrade [SPServer Name=OURSRV5 Parent=SPFarm Name=SharePoint_Config_dadf561f-bf7b-4ec8-acc1-6bd2fc6fc269] failed.
        [SPManager] [ERROR] [2/9/2017 11:36:51 AM]: Failed to update database “WSS_Content_Temp” because the database is read-only.

        [SPManager] [INFO] [2/9/2017 11:36:52 AM]: Inplace Upgrade session finishes. root object = SPFarm Name=SharePoint_Config_dadf561f-bf7b-4ec8-acc1-6bd2fc6fc269, recursive = True. 6 errors and 0 warnings encountered.

        1. If the DB is read-only then PSConfig cannot update the database schema to the latest level and the upgrade will fail.

          1. dave soman says:

            does it have to upgrade all the databases for it to upgrade properly?

          2. dave soman says:

            do all tne databases have to be upgraded for it to work properly. the original owner made the database read-only for legacy purposes. should I remove it and try the psconfigui.exe again?

            i try to do different fixes and another errors come up.

          3. Hi Dave,
            you can also detach the databases you don’t want to upgrade, run PSConfig and then re-attach them using Mount-SPContentDatabase with the -NoB2BSiteUpgrade switch.

      2. Dave Soman says:

        So I changed the web,config customerror parameter to show more detailed error and now I get this displayed on the website ..

        Server Error in ‘/’ Application.

        Unknown error (0x80005000)

        Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

        Exception Details: System.Runtime.InteropServices.COMException: Unknown error (0x80005000)

        Source Error:

        An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

        Stack Trace:

        [COMException (0x80005000): Unknown error (0x80005000)]
        System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +557
        System.DirectoryServices.DirectoryEntry.Bind() +44
        System.DirectoryServices.DirectoryEntry.get_IsContainer() +42
        System.DirectoryServices.ChildEnumerator..ctor(DirectoryEntry container) +36
        System.DirectoryServices.DirectoryEntries.GetEnumerator() +36
        Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.System.Web.IHttpModule.Init(HttpApplication app) +704
        System.Web.HttpApplication.InitModulesCommon() +124
        System.Web.HttpApplication.InitInternal(HttpContext context, HttpApplicationState state, MethodInfo[] handlers) +1162
        System.Web.HttpApplicationFactory.GetNormalApplicationInstance(HttpContext context) +312
        System.Web.HttpApplicationFactory.GetApplicationInstance(HttpContext context) +133
        System.Web.HttpRuntime.ProcessRequestInternal(HttpWorkerRequest wr) +196

        Version Information: Microsoft .NET Framework Version:2.0.50727.4984; ASP.NET Version:2.0.50727.4971

        1. Hi Dave,
          this looks to me more like an IIS issue than a SharePoint issue.
          The initialization of the http modules seems to fail in talking to IIS using the System.DirectoryServices.DirectoryEntries class.

          1. dave soman says:

            so how do I go about fixing it? I have no idea… the patch created all these problems and now I know why people recommend to stay away from Sharepoint lol

          2. Hi Dave,
            if you need assistance with troubleshooting you should open a support case with Microsoft.

  27. Dave Soman says:

    Hi Stefan,

    I was able to get my 2007 WSS site to a workable state now and ran the configuration wizard this time with success.

    However, I made a small change to the web.config and just in case, I tried to run the configuration wizard again to ensure, everything is still fine when I came across this error..

    Is there a sharepoint configuration wizard log file somewhere where I can find out why this is now happening?


    System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
    at Microsoft.SharePoint.SPGlobal.HandleUnauthorizedAccessException(UnauthorizedAccessException ex)
    at Microsoft.SharePoint.Library.SPRequest.OpenWeb(String bstrUrl, String& pbstrServerRelativeUrl, String& pbstrTitle, String& pbstrDescription, Guid& pguidID, String& pbstrRequestAccessEmail, UInt32& pwebVersion, Guid& pguidScopeId, UInt32& pnAuthorID, UInt32& pnLanguage, UInt32& pnLocale, UInt16& pnTimeZone, Boolean& bTime24, Int16& pnCollation, UInt32& pnCollationLCID, Int16& pnCalendarType, Int16& pnAdjustHijriDays, Int16& pnAltCalendarType, Boolean& pbShowWeeks, Int16& pnFirstWeekOfYear, UInt32& pnFirstDayOfWeek, Int16& pnWorkDays, Int16& pnWorkDayStartHour, Int16& pnWorkDayEndHour, Int16& pnMeetingCount, Int32& plFlags, Boolean& bConnectedToPortal, String& pbstrPortalUrl, String& pbstrPortalName, Int32& plWebTemplateId, Int16& pnProvisionConfig, String& pbstrDefaultTheme, String& pbstrDefaultThemeCSSUrl, String& pbstrAlternateCSSUrl, String& pbstrCustomizedCssFileList, String& pbstrCustomJSUrl, String& pbstrAlternateHeaderUrl, String& pbstrMasterUrl, String& pbstrCustomMasterUrl, String& pbstrSiteLogoUrl, String& pbstrSiteLogoDescription, Object& pvarUser, Boolean& pvarIsAuditor, UInt64& ppermMask, Boolean& bUserIsSiteAdmin, Boolean& bHasUniquePerm, Guid& pguidUserInfoListID, Guid& pguidUniqueNavParent, Int32& plSiteFlags, DateTime& pdtLastContentChange, DateTime& pdtLastSecurityChange, String& pbstrWelcomePage)
    at Microsoft.SharePoint.SPWeb.InitWeb()
    at Microsoft.SharePoint.SPWeb.get_WebTemplate()
    at Microsoft.SharePoint.SPEvaluatorModeProvisioning.TryGetIsSiteProvisioned(String template, String relativePath, Nullable`1 port, SPSite& provisionedSite, SPWeb& provisionedWeb, Uri& provisionedUri)
    at Microsoft.SharePoint.PostSetupConfiguration.WelcomeForm.ShowNextFormForServerRoleSingleServer()
    at Microsoft.SharePoint.PostSetupConfiguration.WelcomeForm.PsconfigBaseFormNextButtonClickedEventHandler(Object sender, EventArgs e)
    at System.Windows.Forms.Control.OnClick(EventArgs e)
    at System.Windows.Forms.Button.WndProc(Message& m)
    at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
    at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)

    ************** Loaded Assemblies **************
    Assembly Version:
    Win32 Version: 2.0.50727.4984 (win7RTMGDR.050727-4900)
    CodeBase: file:///C:/Windows/Microsoft.NET/Framework64/v2.0.50727/mscorlib.dll
    Assembly Version:
    Win32 Version: 12.0.6500.5000
    CodeBase: file:///C:/Program%20Files/Common%20Files/Microsoft%20Shared/Web%20Server%20Extensions/12/BIN/psconfigui.exe
    Assembly Version:
    Win32 Version: 2.0.50727.4986 (win7RTMGDR.050727-4900)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Windows.Forms/
    Assembly Version:
    Win32 Version: 2.0.50727.4985 (win7RTMGDR.050727-4900)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System/
    Assembly Version:
    Win32 Version: 2.0.50727.4985 (win7RTMGDR.050727-4900)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Drawing/
    Assembly Version:
    Win32 Version: 2.0.50727.4927 (NetFXspW7.050727-4900)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Configuration/
    Assembly Version:
    Win32 Version: 2.0.50727.4927 (NetFXspW7.050727-4900)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Xml/
    Assembly Version:
    Win32 Version: 12.0.6690.5000
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.SharePoint/
    Assembly Version:
    Win32 Version: 12.0.6500.5000
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.SharePoint.SetupConfiguration.intl/
    Assembly Version:
    Win32 Version: 2.0.50727.4927 (NetFXspW7.050727-4900)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.ServiceProcess/
    Assembly Version:
    Win32 Version: 2.0.50727.4927 (NetFXspW7.050727-4900)
    CodeBase: file:///C:/Windows/assembly/GAC_64/System.Data/
    Assembly Version:
    Win32 Version: 12.0.4518.1016
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.SharePoint.Security/
    Assembly Version:
    Win32 Version: 2.0.50727.4927 (NetFXspW7.050727-4900)
    CodeBase: file:///C:/Windows/assembly/GAC_64/System.Transactions/
    Assembly Version:
    Win32 Version: 12.0.6604.1000
    CodeBase: file:///C:/Windows/assembly/GAC_64/Microsoft.SharePoint.Search/
    Assembly Version: 8.0.50727.6195
    Win32 Version: 8.00.50727.6195
    CodeBase: file:///C:/Windows/WinSxS/amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294/msvcm80.dll
    Assembly Version:
    Win32 Version: 2.0.50727.4971 (win7RTMGDR.050727-4900)
    CodeBase: file:///C:/Windows/assembly/GAC_64/System.Web/
    Assembly Version:
    Win32 Version: 2.0.50727.4985 (win7RTMGDR.050727-4900)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.DirectoryServices/
    Assembly Version:
    Win32 Version: 12.0.6672.5000
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.SharePoint.Library/
    Assembly Version:
    Win32 Version: 12.0.6662.5000
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.SharePoint.AdministrationOperation/
    Assembly Version:
    Win32 Version: 2.0.50727.4927 (NetFXspW7.050727-4900)
    CodeBase: file:///C:/Windows/assembly/GAC_64/System.EnterpriseServices/

    ************** JIT Debugging **************
    To enable just-in-time (JIT) debugging, the .config file for this
    application or computer (machine.config) must have the
    jitDebugging value set in the system.windows.forms section.
    The application must also be compiled with debugging

    For example:

    When JIT debugging is enabled, any unhandled exception
    will be sent to the JIT debugger registered on the computer
    rather than be handled by this dialog box.

    1. You can find the PSCDiagnostics log file in the following folder:
      C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\LOGS

  28. SP Admin007 says:

    Hi Stefan,
    Thank you for Nice article .
    I have Question.
    Is there any Order need to follow to run PS config in SharePoint farm after patching ( like we need to run PS Cfg Wizard on Central Admin Server first and WFEs later)? if yes, Why?

    It took me more than 7 hours to install CU on one of my server in farm using command “OPUtil.vbs /ApplyPatch /SUpdateLocation=”f:\CU\extract, why it is so?


    1. SP Admin007 says:

      This question is for SharePoint 2013 Nov 16 CU on Azure Env.

    2. Hi,
      I have never used OPUtil. But patch time can be reduced using the script from Russ Maxwell:

      The guidance for PSConfig is unchanged: start with the app server hosting the central admin.

  29. Joanne Blomert says:

    Hi Stefan, do you have any information on the various errors that are generated by SharePoint Config wizard and how to fix them. We are currently dealing with the wizard stopping on Step 8 with the error “Failed to Install the Application Content Files.” Tried various recommended solutions but so far nothing has worked.

    1. This step copies files from the sharepoint ISAPI directory to the _app_bin directory of each web application.
      The PCSDiagnostics log should have more info about where the problem occurs.

  30. Selvakumar S says:

    HI Stefan,

    we have installed SharePoint Security Patch update KB3191840 on server environment.
    But we havn’t faced any issues now.
    we will run configuration wizard on servers.Please confirm.

    Selvakumar S

    1. Yes, you should run PSConfig.

      1. selvakumar says:

        Thanks for your Reply

  31. Koni says:

    Hi Stefan,

    We have applied SharePoint patches in Aug 2016, we only ran “PSConfig.exe -cmd upgrade -inplace b2b -wait force” in “Node1” (One of our two SharePoint servers).

    Sometime later, we got the following error from CA:

    Title: Product / patch installation or server upgrade required.
    Severity: 1 – Error
    Explanation: All required products must be installed on all servers in the farm, and all products should have the same patching and upgrade level across the farm.
    Upgrade is required on server Node2. Without the upgrade, the server is not in a supported state.
    Remedy: On server Node2, once all required products and/or patches are installed, perform an upgrade by either running PSConfigUI.exe or by executing the command “PSConfig.exe -cmd upgrade -inplace b2b -force -cmd applicationcontent -install -cmd installfeatures”. If a former upgrade attempt has failed, you may need to resolve upgrade specific issues before attempting upgrade again. Refer to the upgrade status page (https://node1:2575/_admin/UpgradeStatus.aspx) for information about current and prior upgrade attempts, and to determine issues that may be preventing upgrade from succeeding. For more information about this rule, see “http://go.microsoft.com/fwlink/?LinkID=142700”.

    Could we ran the PSConfig.exe in our Node2 now? It has been running in such situation for a long time….



    1. Yes you should run PSConfig on node 2.

  32. Argo says:

    Hi Stefan,
    I made a request to the database

    Use SharePoint_Config
    SELECT Version
    From versions
    WHERE VersionId = ‘00000000-0000-0000-0000-000000000000’


    As far as I understand, you need to update PSConfig

    I tried running PSConfig with different parameters,

    But the successful completion stops the error:
    Crash when preparing the SharePoint Central Administration Web application. Exception of type System.Xml.XmlException. More information about the exception: the character ‘[‘, the hexadecimal value 0x5B, can not be included in the name. Line 1, position 1463. System.Xml.XmlException: the character ‘[‘, the hexadecimal value 0x5B, can not be included in the name. Line 1, position 1463. in System.Xml.XmlTextReaderImpl.Throw (e exception) in System.Xml.XmlTextReaderImpl.ParseElement () in System.Xml.XmlTextReaderImpl.ParseDocumentContent () in System.Xml.XmlLoader.ParsePartialContent (XmlNode parentNode, String innerxmltext, XmlNodeType nt) in System.Xml.XmlLoader.LoadInnerXmlElement (XmlElement node, String innerxmltext) in Microsoft.SharePoint.Administration.SPWebConfigFileChanges.ApplyModificationsWebConfigXmlDocument (XmlDocument xdWebConfig, String path to the file) in Microsoft.SharePoint.Administration.SPWebApplication.ApplyWebConfigModifications () In Microsoft.SharePoint.Administration.SPWebApplication.Provision () in Microsoft.SharePoint.Administration.SPAdministrationWebApplication.Provision () in Microsoft.SharePoint.Administration.SPWebServiceInstance.Provision () in Microsoft.SharePoint.PostSetupConfiguration.CentralAdministrationSiteTask.ProvisionAdminVs () In Microsoft .SharePoint.PostSetupConfig Uration.CentralAdministrationSiteTask.Run () in Microsof t.SharePoint.PostSetupConfiguration.TaskThread.ExecuteTask ()

    In ULS:

    The database “SharePoint_Config” in the instance of SQL Server “XXXXX” is not empty and does not correspond to the current database schema.

    1. Hi Argo,
      I would recommend to open a case. There seem to be mulitple issues here. The first indicates a problem in a web.config file of a web application, the second an issue with your config database.

  33. Sven says:

    Hi Stefan, I forgot to gracefully shut down the distributed cache before installing MOSS 2013 SP1. Now the SharePoint Configuration Wizard doesnt run sucessfully. I got ‘Microsoft.SharePoint.Upgrade.SPUpgradeException’ Erro on loading one or more types. Tried to reinstall the appfabric service manually, but not lock. Do you have any further suggestion?

    1. Hi Sven,
      these two things should be unrelated. If you are not gracefully shutting down distributed cache you will loose cache content – but you will not run into an upgrade exception.
      If you cannot resolve the SPUpgradeException on your own I would recommend to open a support case with Microsoft.

  34. E Veal says:

    How do you know if a SharePoint patch modifies the Microsoft.SharePoint.dll prior to running psconfig?

    1. The file is not modified by PSConfig but by the installer. So you can check on the file system.

Skip to main content