Connecting Workflow Manager with SharePoint 2019 error - sharepoint-workflow

Current configuration:
1 SharePoint 2019 farm (single server installation)
3 Workflow Manager Servers
Workflow Manager servers are load balanced
Workflow Manager is set to work only on https
Workflow Manager SSL certificate with DNS=*.domain.com & all 3 server names
Required permissions are in place
URLs (SharePoint web application/site and wfm) are accessible both ways
Running with farm admin account:
Register-SPWorkflowService -SPSite "https://siteurl" -WorkflowHostUri "https://wfmurl:12290/" -Force -Verbose
Throws the following error:
Register-SPWorkflowService : Failed to query the OAuth S2S metadata endpoint at URI 'https://webappurl/_layouts/15/metadata/json/1'. Error details: 'There was an error deserializing
the object of type Microsoft.Workflow.Management.Security.OAuthS2SJsonMetadataDocument+JsonMetadataDocumentContract. Encountered unexpected character '<'.'. HTTP headers received from the server -
ActivityId: 6de1c881-b1ca-411d-9004-ceea397d4453. NodeId: SERVERNAME. Scope: /DEV. Client ActivityId : bdeb429f-7bb1-e0c1-d7d1-f868a175396b.
At line:1 char:1
+ Register-SPWorkflowService -SPSite https://webappurl ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (Microsoft.Share...WorkflowService:RegisterSPWorkflowService) [Register-SPWorkflowService], InvalidRequestException
+ FullyQualifiedErrorId : Microsoft.SharePoint.WorkflowServices.PowerShell.RegisterSPWorkflowService
Any input is appreciated.

it's related with post installing the April 2020 CU KB 4484292 and KB 4484291.
After call with MS premier field engineer it's resolved like http://thewindowsupdate.com/2020/06/04/sharepoint-2019-issue-with-sharepoint-2013-workflows-post-april-2020-cu/
You need to remove the existing SPTrustedSecurityTokenIssuer and the register it like below
Remove-SPTrustedSecurityTokenIssuer -Identity 9854855e-cea8-457f-8293-e405d4055ffb
(id from Get-SPTrustedSecurityTokenIssuer collection)
New-SPTrustedSecurityTokenIssuer -Name "00000005-0000-0000-c000-000000000000" -MetadataEndPoint 'http://server:12291/$System/$Metadata/json/1' -RegisteredIssuerName "00000005-0000-0000-c000-000000000000#*"
or
New-SPTrustedSecurityTokenIssuer -Name "00000005-0000-0000-c000-000000000000" -MetadataEndPoint 'https://server:12290/$System/$Metadata/json/1' -RegisteredIssuerName "00000005-0000-0000-c000-000000000000#*"
PS No any concern here at
Remove-SPTrustedSecurityTokenIssuer
easy to go

thanks!
in the end, it looked like there were some issues with the F5 load balancing. As a test we added in the host files the URL of the WFM and the connection worked fine afterwards. this was handed over after to the team that managed the F5 and they resolved the issue on their end.

Related

Powershell curl to an URL throws WebCmdletWebResponseException

I'm trying to access/download a file from our URL, this URL basically downloads a file from s3 bucket(reverse proxy via nginx). Using AWS ACM for SSL certificates.
When I'm trying to download the file using that URL on the Windows16 instance it is throwing WebCmdletWebResponseException. Below is the detailed error message.
curl : The underlying connection was closed: An unexpected error occurred on a send.
At line:1 char:1
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebExc
eption
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
Findings:
The same URL works fine with windows 19 and 22 editions.
Through other blogs and posts found that the issue is because Powershell by default uses TLS 1.0 to connect to the website, but website security requires TLS 1.2.
But if I try to use the s3 URL directly to download the file it is working fine. Both the s3 URL and our URL certificate have TLS 1.2.
Can someone please help to solve this issue?

Authentication_Unauthorized while fetching list of applications in AAD

I am trying to get list of applications registered in AAD via PowerShell.
I got into my tenant successfully using Connect-AzureAD. But when I'm running Get-AzureADApplication, I'm getting error like below:
Get-AzureADApplication : Error occurred while executing GetApplications
Code: Authentication_Unauthorized
Message: User was not found.
RequestId: 28b83872-c29b-423a-9870-ed2ad714f597
DateTimeStamp: Sat, 25 Jun 2022 1:35:23 GMT
HttpStatusCode: Forbidden
HttpStatusDescription: Forbidden
HttpResponseStatus: Completed
At line:1 char:1
+ Get-AzureADApplication
+ ~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-AzureADApplication], ApiException
+ FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.GetApplication
What does User was not found message mean?
I have Global Admin role and I tried elevating my access too that gives me access to all. But still I'm facing the same error.
Can anyone help me out what am I missing here?
The error 'User not found' usually occurs if you are trying to retrieve info of one tenant by connecting wrong(different) tenant or tenant that does not exist.
Please check the TenantDomain you are getting in the response while executing Connect-AzureAD cmdlet.
I tried to reproduce the same in my environment and got below results:
When I ran Connect-AzureAD cmdlet and logged in with personal Microsoft account, I got blank under TenantDomain that means it does not exist.
I got the same error when I executed Get-AzureADApplication after that like below:
To resolve the error, try running Connect-AzAccount first and include TenantId that you got in response while executing Connect-AzureAD cmdlet like below:
Connect-AzAccount
Connect-AzureAD -TenantId 'your_tenant_id'
Get-AzureADApplication
I got the list of Azure AD applications successfully after running above script like below:
Reference:
powershell - Authentication_Unauthorized, User Not Found - answered by JoyWang

WMI query generic failure when accessing MDM_VPNv2_01 class

I am trying to setup auto VPN on Windows 10 laptop and created a Powershell scripted as suggested in https://learn.microsoft.com/en-us/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/vpn-deploy-client-vpn-connections. I am using the same script to setup the VPN.
The profile creation works fine, but when I run the script again, deletion of the profile fails. I debugged the problem and found out that EnumerateInstances on MDM_VPNv2_01 class in root\cimv2\mdm\dmmap namespace is failing. It fails with following error string - "A general error occurred that is not covered by a more specific error code..".
On doing some more exploration, I found out that I need to execute following WMI query to get the instances of MDM_VPNv2_01 class, that too returns a Generic Failure (Please note I have a VPN adapter created on the laptop when I executed this query):
PS C:\> Get-WmiObject -Namespace root\cimv2\mdm\dmmap -Class MDM_VPNv2_01
Get-WmiObject : Generic failure
At line:1 char:1
+ Get-WmiObject -Namespace root\cimv2\mdm\dmmap -Class MDM_VPNv2_01
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Get-WmiObject], ManagementException
+ FullyQualifiedErrorId : GetWMIManagementException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
I tried several options like running this query in WMI-explorer, recompiling the MOF for this particular provider etc., but nothing helped. I ran WMIDiag on my machine which gives following message for the MDM_VPNv2_01 class:
.9847 17:26:21 (3) 1 static instance(s) found for '__SystemSecurity' in 'ROOT/CIMV2/MDM/DMMAP'in 0 second(s).
.9848 17:26:21 (3) Retrieving static information (MOF) of 'MDM_VPNv2_01' (I=1).
.9849 17:26:21 (3) Qualifier information of 'MDM_VPNv2_01': Dynamic=True, Provider='DMWmiBridgeProv', Association=False.
.9850 17:26:21 (3) Dynamic 'MDM_VPNv2_01' class in 'ROOT/CIMV2/MDM/DMMAP' is supported by WMI provider 'DMWmiBridgeProv'.
.9851 17:26:21 (3) Skipping request of dynamic instances of 'MDM_VPNv2_01' in 'ROOT/CIMV2/MDM/DMMAP' because:
.9852 17:26:21 (3) - Request all dynamic instances is set to FALSE.
Please note that the same script works fine on other laptops. It is worth mentioning here that I am running this script with a local user account having administrator privileges.
I could not find any helpful information related to this problem on Internet. It would be really a great help if someone can suggest a possible solution for this problem.
I enabled WMI activity debug and observed following error log on running the query to get MDM_VPNv2_01 class instances:
Log Name: Microsoft-Windows-WMI-Activity/Debug
Source: Microsoft-Windows-WMI-Activity
Date: 20-09-2018 19:38:41
Event ID: 101
Task Category: None
Level: Error
Keywords:
User: INCT-ARUN\akoshal
Computer: INCT-Arun
Description:
ComponentName = WMI_ADAPTER; ErrorId = 0x1; ErrorDetail = WMIContext::PostResultToServer, provider completed the operation with context (00000211E4C517A0). Failed with MIRESULT (1).; FileName = onecore\admin\wmi\wmiv2\tools\adapter\wmicontext.cpp:945

Webdeploy database failing for SmarterASP host

I'm trying to use webdeploy for my project to publish to SmarterASP host. I get the following error:
Error : Web deployment task failed. ((1/30/2018 2:55:34 PM) An error
occurred when the request was processed on the remote computer.) 2>
2>(1/30/2018 2:55:34 PM) An error occurred when the request was
processed on the remote computer. 2>The server experienced an issue
processing the request. Contact the server administrator for more
information. 2>Publish failed to deploy.
I have gotten support to give me the error from their end:
Content-Type: application/msdeploy Version: 9.0.0.0
MSDeploy.VersionMin: 7.1.600.0 MSDeploy.VersionMax: 9.0.1981.0
MSDeploy.Method: Sync MSDeploy.RequestId:
42329f84-36b0-4fe3-aec5-a71745700abc MSDeploy.RequestCulture: en-US
MSDeploy.RequestUICulture: en-US ServerVersion: 9.0.1955.0 Skip:
objectName="^configProtectedData$" Provider: dbDacFx, Path: data
source=XXXXXXXXX;initial catalog=xxxxxxx;user id=xxxxxxxx
A tracing deployment agent exception occurred that was propagated to
the client. Request ID '42329f84-36b0-4fe3-aec5-a71745700abc'. Request
Timestamp: '1/25/2018 8:20:58 AM'. Error Details:
ERROR_DACFX_NEEDED_FOR_SQL_PROVIDER
Microsoft.Web.Deployment.DeploymentDetailedFatalException: The SQL
provider cannot run with dacpac option because of a missing
dependency. Please make sure that DacFx is installed. Learn more at:
http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_DACFX_NEEDED_FOR_SQL_PROVIDER.
They claim the missing dependency is on my end. I have installed Microsoft SQL Server Data-Tier Application Framework (DACFx) at their request, and still have the same error.

Certificate error when pushing nuget symbol package

I am trying to push a symbol package to the nuget symbol server. The API key has been set and the regular package has uploaded just fine. However, when I try to push the symbol package it fails saying the following:
PM> nuget push .\Tanneryd.BulkInsert.1.0.1-alfa.symbols.nupkg -source https://nuget.smbsrc.net/ Pushing Tanneryd.BulkInsert.1.0.1-alfa.symbols.nupkg to the symbol server (https://nuget.smbsrc.net/)... PUT https://nuget.smbsrc.net/api/v2/package/ PUT https://nuget.smbsrc.net/api/v2/package/ PUT https://nuget.smbsrc.net/api/v2/package/ nuget : The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. At line:1 char:1
+ nuget push .\Tanneryd.BulkInsert.1.0.1-alfa.symbols.nupkg -source htt ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (The underlying ...secure channel.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
The remote certificate is invalid according to the validation procedure.
It appears that https://nuget.smbsrc.net/ currently has a certificate error (e.g. expired certificate). When I go here from IE I see:
This site is not secure
This might mean that someone’s trying to fool you or steal any info you send to the server. You should close this site immediately.
Update
I was able to publish by specifying HTTP rather than secure. Example:
nuget push dist/MyPackage.1.0.0.symbols.nupkg -Source http://nuget.smbsrc.net -ApiKey [my key]

Resources