Watchdoc not accessible after MS Windows update - Can not create Crystal object

Context

After updating MS Windows (from 12/07/2018), Watchdoc is no longer available. When attempting to connect to the administration site, the following message is displayed:

Can't create Crystal object (.NET Framework not compatible)

Please ensure that the Application Pool running the web application (WatchdocPool) is configured to use the .NET Framework 4.0

Error code: 0x000001AD (429)

Cause

A set of Windows security updates rolled out by Microsoft on 10 July 2018 is causing issues with IIS. These issues prevent the Watchdoc administration site from being displayed, although the Watchdoc service continues to run and parse jobs.

 

The CrystalProxy component is registered correctly, but it appears that the Application Pool hosting the web application is using an older version of the .NET Framework. Please configure the Application Pool to use the .NET Framework 4.0. If the application uses the default pool (DefaultAppPool), or if it is shared with other web applications, please create a new pool (e.g. ‘WatchdocPool’).

 

Version Mise à jour Lien
Windows Server 2016 KB4338814 July 10, 2018—KB4338814 (OS Build 14393.2363)
Windows Server 2012 R2 KB4338419 Description of the Security and Quality Rollup updates for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 8.1, RT 8.1, and Server 2012 R2 (KB 4338419)
Windows Server 2008 R2 KB4338420 Description of the Security and Quality Rollup updates for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 7 SP1 and Server 2008 R2 SP1, and for .NET Framework 4.6 for Server 2008 (KB 4338420)
  KB4338606 Description of the Security Only update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 7 SP1 and Server 2008 R2 SP1, and for .NET Framework 4.6 for Server 2008 (KB 4338606)

Resolution

To avoid having to uninstall the updates causing the problem, a validated solution for Windows Server 2016 and Windows Server 2012 R2 is to modify the configuration of the IIS service:

  1. Launch Server Manager and click on Tools in the top right-hand corner;

  2. in the list, click on Internet Services Manager (IIS);

  3. In the right-hand column, click on the name of your IIS server to display the administration sections;

  4. In the IIS section, click on Authentication;

  5. in the next interface, select the Anonymous authentication line;

  6. click on the Modify... option in the right-hand column;

  7. choose the Application Pool Identity option;

  8. click OK;

  9. return to your Internet browser and click on the Reload page button.

 

èThis allows the IIS service to access the site pages from a web account instead of the local system account. This may lead to error messages relating to access rights on other websites that have been installed manually.