Note: Sandbox solutions are deprecated in on-premise installations but the service can be turned on. It is not a Microsoft best practice however, some clients still elect to do so. Because they can this post may still have some relevance.

SharePoint 2013-2016 Sandbox code issues

A client had a problem with the Sandbox code with the error:

​”The Sandboxed code execution request was refused because the sandboxed code host service was too busy to handle the request.”

I found a powershell script that I believe will fix the issue and improved on it a bit. The issue is related to the WinTrust setting such that software publishers are trusted, but the account that runs the sandbox code does not interactively set this trust, so this script sets the value in the registry. Keep in mind that after this is set you may have to wait for all Timer Jobs to complete before it fixes the issue:


PowerShell Script
Add-PSSnapin Microsoft.SharePoint.PowerShell
Write-Host -ForegroundColor White “Getting ‘Sandboxed Code Service’ instance on current server…”
$srvInstance = Get-SPServiceInstance -Server $env:ComputerName | where {$_.TypeName-eq “Microsoft SharePoint Foundation Sandboxed Code Service”}
Write-Host -ForegroundColor White “Getting SID of process identity that runs Sandbox service instance…”
$serviceUser = $srvInstance.Service.ProcessIdentity.Username
$sid = $srvInstance.Service.ProcessIdentity.CurrentSecurityIdentifier.Value
$path =”Registry::HKEY_USERS\$sid\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing”
$key = “State”
$oldValue = (Get-ItemProperty -path $path).$key
$newvalue = 0x00023e00
$hexOldValue = “{0:x}” -f $oldValue
$hexNewValue = “{0:x}” -f $newvalue
Write-Host -ForegroundColor White “Current registry value is: $hexOldValue”
If ($oldValue -eq $newvalue)
{
$stringmess = “No change is required.”
} else {
Set-ItemProperty -path $path -name $key -Type DWORD -Value $newvalue
$stringmess = “Registry value is set to: $hexNewValue”
If ($srvInstance.Service.Status -eq “Online”)
{
Write-Host -ForegroundColor White “Restarting Sandbox service…”
Restart-Service SPUserCodeV4
Write-Host -ForegroundColor White “Restarting IIS…”
iisreset -noforce
}
}
Write-Host -ForegroundColor White “Look under C:\Regchanges folder for RegValues.txt to see the specifics of what was changed”
$stringout = @”
Sandbox service is running under account: $serviceUser
Sid for service account is: $sid
Reg key is: $path
$stringmess
Old Value of Registry: $hexOldValue
New value of Registry: $hexNewValue
“@
$filepath = “C:\Regchanges\”
if ((Test-Path $filepath) -eq 0)
{
mkdir $filepath
}
Out-File -FilePath “C:\Regchanges\REGValues.txt” -InputObject $stringout

We hope that this is on-point and solves your issue but please always be careful when making changes to your system. As always, backup your system before making these sorts of changes. If you elect to use this script you do so at your own risk.

Live long and prosper,

DM

Hits: 8