none
getting 500 internal server error while opening sharepoint web application after installing november patch on sharepoint 2013 RRS feed

  • Question

  • Hi ,

    After installing the latest patch i am getting 500 internal server error while opening the web application.

    central admin is opening fine .and also the all the app pools are running properly. how to troubleshoot the issue.

    Thursday, January 2, 2020 11:02 AM

All replies

  • Dear Jatin,

    500 internal server error is generated by the website you are visiting. If this is post upgrade it is probably related to either permissions or the physical path. 

    This thread provide some good information how to troubleshoot via IIS, but I would start by browsing the IIS site manually from the server. 

    BR

    Theodor


    Please remember to mark the replies as answers if they helped.

    Thursday, January 2, 2020 11:09 AM
  • Hi Jatin,

    I hope you ran the Configuration wizard after installed the latest patches, if still you face the issue then check services.msc whether all SharePoint related services are running.

    Then check whether your web application database required any upgrade

    _____________________________________________

    -Thivagar SEGAR

    Thursday, January 2, 2020 11:33 AM
  • HI  Thivagar,

    yes I ran the config wizard and it ran successfully and all the services are running fine. it  upgrades all the databaseses as well.

    I also create the new web application and and root site  collection but it also giving 500 error.

    Thursday, January 2, 2020 1:39 PM
  • Hi Theodor,

    I am getting the below error  in the logs

    An operation failed because the following certificate has validation errors:  Subject Name: CN=*.msagad.cf, OU=ecm, O=nagarro, L=gurgaon, S=haryana, C=in Issuer Name: CN=MSAGAD-MSAG-CA, DC=MSAGAD, DC=COM Thumbprint: 233CC1E1E6278716688CF54F9E674AB5C79288FF  Errors:   NotTimeValid: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.  .

    Not sure how to check which certificate has issue and how to resolve it.

    Thursday, January 2, 2020 2:06 PM
  • Hi again,

    Ok - that is good! a proper error message helps a lot! IIS bindings is where you set the certificate. From what I can gather from the error message you appear to have a wildcard certificate for your site which have expired. If the server you use have installed a new, valid certificate you can change it from IIS bindings like this.

    If you do not have a certificate you can populate one from you internal CA, which I can see you have from your error message you provided (MSAGAD-MSAG-CA). I would advice a named server certificate instead of a wildcard certificate. This guidance should work fine. 


    Please remember to mark the replies as answers if they helped.

    Thursday, January 2, 2020 9:32 PM
  • Hi Theodor,

    The question is that i am not using this wildcard certificate in any of the web applications. so why getting this error in sharepoint web applications.  i deleted this certificate from IIS  server certificates section but still getting the error.

    what if i want to remove this certificate completely from my server ? will it work and what are the steps to remove completely this certificate.

     OR  the only step is to renew the certificate?

    the path where it is showing this certificate is as below.

     

    so how can i remove it from these location and  will removing certificate can resolve the issue ?

    
    Friday, January 3, 2020 7:40 AM
  • Hi again,

    if the certificate is not mapped I do not think it should appear. Could you kindly verify that:

    Where the '1.' is in the picture below, is there both a port 80 and 443? Do you get the same error message for both? 

    And if you only get it for port 443, you can remove the 443 by clicking the binding (where the '2.' is in the picture) and from the Site Bindings wizard just mark the https and 'Remove'. If you do not have a port 80 you can always confirm you have not other sites running on the server on port 80 and create one. Or 8080 if you want. Depends a bit on your environment and FW rules. 

    I would still advise you to generate a new certificate via your internal CA and use SSL (443) since it is more secure. 


    Please remember to mark the replies as answers if they helped.

    Friday, January 3, 2020 9:31 AM
  • Hi Jatin,

    Did you run IIS reset after removing the certificate?

    Please refer below steps to troubleshoot the issue:

    1. Check STS config for certificates
    2. Check the certificate store for such certificates
    3. Replace the token signing certificate with a new one (self-signed or previously extracted from the server)

    Here is a similar issue for your reference:

    Unwanted certificate in Local Computer\SharePoint cert store

    Best regards,

    Julie


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Friday, January 3, 2020 9:40 AM
  • Hi Jatin,

    I’m checking how the things are going on about this issue. Whether the post helps you?

    Please feel free to reply if there is any update.

    Best regards,

    Julie


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Wednesday, January 8, 2020 1:27 AM