IIS ‘Service Unavailable’ KB973917 broke my SharePoint sites Windows Server 2003

I have this morning been looking into an issue with a clients SharePoint farm failing to load pages displaying ‘service unavailable’ when attempting to browse to the site.

Looking into event viewer I was receiving events as shown below:

Event Type: Error
Event Source: W3SVC
Event Category: None
Event ID: 1002
Date: 09/12/2009
Time: 14:26:07
User: N/A
Application pool 'SharePoint Central Administration v3' is being automatically disabled due to a series of failures in the process(es) serving that application pool.

Initially I thought that passwords had become corrupt and ran the stsadm commands to refresh the passwords with no joy following article http://support.microsoft.com/kb/934838.

Looking back through the logs I found that 9 windows updates had been applied on a schedule. I removed all 9 updates rebooted and my SharePoint farm was back up and running :)

By process of elimination I found that the ‘KB973917 - Update that implements Extended Protection for Authentication in Internet Information Services (IIS) ’http://support.microsoft.com/?kbid=973917 was the cause of the problem.

Using add/remove programs I was able to remove the update reboot the server and all working fine. I also changed the clients settings to not download updates on the production environment (as show below).


The moral of the story here is to have test environments where patches are tested before applying to production environments.

***Update 10/12/09 - Fix***

Thanks to Jimmie from the Microsoft (Jimmie if you’re on Twitter let me know your id) who commented on my blog, the fix is as follows:

The issue is not due to the hotfix directly but simply that the server running IIS was not service packed to SP2 successfully. A scenario for this happening could be if the the server was service packed before the IIS components were installed. When installing the IIS components if the source i386 folder is not the latest this could present you with older DLL’s and in this case this conflicts with the hotfix which only works against the latest service pack 2 DLL’s.

To resolve this issue install the hotfix followed by a re-service pack of the server to service pack 2. This will update all the core IIS DLL’s to the relevant levels. To confirm this navigate to %systemroot%\system32\inetsrv and check that a DLL for example IISADMIN.DLL should be at build (3759 – Service Pack 2). This should now work avoiding incompatibilities between DLL’s.

Hope this is of some use to you!

***Update 11/01/10***

Following a recent Tweet noticed that this also causes an issue on Windows 2008 See Todd Klindt’s blog on this. Currently no fix for this one though!