SharePoint 2019 - c42q0 - Potentially malicious xoml node

The error message you are encountering, "Potentially malicious xoml node," indicates that SharePoint is blocking the execution of your workflow due to security concerns regarding the XAML (XOML) content. This is often related to the way the workflow is defined or the specific activities it is trying to execute.

Here are some steps you can take to troubleshoot and potentially resolve this issue:

1. Check for Authorized Types: Ensure that the types used in your workflow are properly authorized in the web.config file. You seem to have added the necessary entries, but double-check that they are correctly formatted and that the assembly version matches your SharePoint installation.
2. Review Workflow Definition: Look for any custom activities or references in your workflow that may not be recognized or authorized. If you are using any custom code or third-party actions, ensure they are properly registered and authorized.
3. Sandboxed Solutions: If your workflow is using sandboxed solutions, ensure that the sandbox is configured correctly. Sometimes, errors can arise from misconfigurations in sandboxed environments.
4. Upgrade Considerations: Since you are using SharePoint 2010 workflows on SharePoint 2019, consider migrating to Power Automate or other supported solutions. SharePoint 2010 workflows have been retired, and using them in newer environments can lead to compatibility issues.
5. Debugging: Use ULS logs to gather more detailed information about the error. Look for any additional error messages that may provide insight into what is going wrong.
6. Permissions: Ensure that the account running the workflow has the necessary permissions to execute all actions defined in the workflow.

If these steps do not resolve the issue, you may need to consider redesigning the workflow using supported technologies or reaching out to Microsoft support for further assistance.

References:

• Common error messages in SharePoint workflow development
• Upgrade SharePoint 2016 to SharePoint 2019 through Workflow Manager

Hi Adrian Durica

Thank you for reaching out to Microsoft Q&A forum

Based on my research, the problem you're facing is related to recent security changes in SharePoint 2019 cumulative updates (CUs) that introduced stricter validation for workflow XOML files. The error:

Potentially malicious xoml node: <ns2:CollectFeedbackTaskProcess

is triggered because the CollectFeedbackTaskProcess activity is not allow-listed in the configuration files. This started after the September 2024 CU, which added a security fix requiring explicit allow-listing of workflow actions in web.config and owstimer.exe.config files. If these entries are missing or incorrect, workflows fail with event tag c42q0 in ULS logs.

For more insight:

https://adamsorenson.com/sharepoint-2016-2019-se-workflows-are-not-working-after-september-2024-update/

https://blog.stefan-gossner.com/2024/12/11/resolved-trending-issue-problems-with-workflows-after-applying-september-2024-cu-for-sharepoint-2016-2019-se/

Note: Microsoft is providing this information as a convenience to you. These sites are not controlled by Microsoft, and Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please ensure that you fully understand the risks before using any suggestions from the above link.

About the reason why your current fix doesn't fit, I see you added:

<authorizedType Assembly="Microsoft.Office.Workflow.Actions, Version=16.0.0.0, Culture=neutral, PublicKeyToken=null" Namespace="Microsoft.Office.Workflow.Actions" TypeName="*" Authorized="True" />
	<authorizedType Assembly="Microsoft.Office.Workflow.Actions, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.Office.Workflow.Actions" TypeName="CollectFeedbackTaskProcess" Authorized="True" />

But The PublicKeyToken should not be null for Microsoft assemblies. It must match the actual assembly signature (usually 71e9bce111e9429c for SharePoint) and what you need to add these entries both in web.config for each web application AND in owstimer.exe.config because the Workflow Timer Service executes workflows.

Therefore, in this context, instead of manual edits, use PowerShell WebConfigModifications to ensure consistency across all servers:

Add-PSSnapin Microsoft.SharePoint.PowerShell
$modification = New-Object Microsoft.SharePoint.Administration.SPWebConfigModification
$modification.Path = "configuration/System.Workflow.ComponentModel.WorkflowCompiler/authorizedTypes/targetFx"
$modification.Name = "authorizedType[@Assembly='Microsoft.Office.Workflow.Actions, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c' and @Namespace='Microsoft.Office.Workflow.Actions' and @TypeName='*' and @Authorized='True']"
$modification.Sequence = 0
$modification.Owner = "WorkflowFix"
$modification.Type = [Microsoft.SharePoint.Administration.SPWebConfigModification+SPWebConfigModificationType]::EnsureChildNode
$modification.Value = "<authorizedType Assembly='Microsoft.Office.Workflow.Actions, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c' Namespace='Microsoft.Office.Workflow.Actions' TypeName='*' Authorized='True' />"
Get-SPWebApplication | ForEach-Object {
    $_.WebConfigModifications.Add($modification)
    $_.Update()
}
# Apply changes
Install-SPApplicationContent

After applying changes, restart IIS and the SharePoint Timer Service.

Additionally, Microsoft released a December 2024 CU that auto-adds required entries for built-in actions. If possible, apply the latest CU and run the SharePoint Configuration Wizard to fix this automatically.

Hope my answer will help you, for any further concern, kindly let me know in the comment section.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".     

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.