Failed to query the OAuth S2S metadata endpoint at URI - Workflow Manager 2013

By -
Since this is the backbone of SharePoint 2013 based workflows, I think Microsoft needs to make this application more mature and errors should be more clear and point to the root cause. Anyhow, that was just a suggestion, who cares. :)

We have came across this error while it was working fine till yesterday. We removed the bindings and when it was needed to register the workflow again, this happened.

Workflow Manager Error:





WARNING: Overwriting existing scope named "SharePoint" in the workflow server. If another SharePoint farm was
registered using this scope, that farm may not be able to continue working with the workflow server unless
re-registered under another scope name.

Register-SPWorkflowService : Failed to query the OAuth S2S metadata endpoint at URI
'https://mysitename.com/_layouts/15/metadata/json/1'. Error details: 'An error occurred while sending the request.'.
HTTP headers received from the server - ActivityId: 87239463-ea78-4ccc-81cd-a1ec0b903bff. NodeId: MYSERVERNAME.
Scope: /SharePoint. Client ActivityId : 9a771fa0-576d-90fb-a07e-702a7e7d916c.
At line:1 char:1
+ Register-SPWorkflowService -SPSite 'https://mysitename.com/' -Workf ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (Microsoft.Share...WorkflowService:RegisterSPWorkflowService) [Register-SPW
orkflowService], InvalidRequestException
+ FullyQualifiedErrorId : Microsoft.SharePoint.WorkflowServices.PowerShell.RegisterSPWorkflowService

Farm Structure:

We have SharePoint 2019 and our farm topology is like below.

3 WFE, 2 APP, 3 WFM (dedicated servers) and of course Database cluster.

We have a web application and a dedicated URL for Workflow manager, both having DNS entries so accessible from cross server.

What we tried already?

We have tried every solution that came up on our screens however nothing helped. I must appreciate the below post for writing it in depth about the issue. We almost followed everything mentioned here. You must first check this post and see if that fixes your error. Give it a shot.


Solution that worked for me:

When nothing worked, we tried going one by one to the possibilities for this error as it says that its not able to reach and endpoint. However, still I suggested to have host entries from WFM1 server to APP1 server and from APP1 server to WFM1 server. (I am using shortcut names here, hope you will get what  i mean).

After adding DNS entries, the error changed which lead me to think louder and check the other aspect. I was thinking that it could be the issue with DNS or reaching the web application, but this error says its some access denied.




 
Register-SPWorkflowService : A response was returned that did not come from the Workflow Manager. Status code = 401:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>
<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
</fieldset></div>
</div>
</body>
</html>
HTTP headers received from the server - WWW-Authenticate: Negotiate,NTLM. Client ActivityId :
83791fa0-57a4-90fb-a07e-7495396f83d9.
At line:1 char:1
+ Register-SPWorkflowService -SPSite 'https://mysitename.com/' -Workf ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (Microsoft.Share...WorkflowService:RegisterSPWorkflowService) [Register-SPW
orkflowService], AuthenticationException
+ FullyQualifiedErrorId : Microsoft.SharePoint.WorkflowServices.PowerShell.RegisterSPWorkflowService


Till now I knew that our environment is properly set for permissions however this was something strange. Followed below steps to resolve the issue.

1. We granted DB Owner and Security Admin permissions to Workflow Manager service account on the SharePoint Config database. 


2. Removed the Workflow Manager Proxy service and registered workflow again.
3. Now you can revoke the permissions again since the workflow has been registered successfully.

It worked like a charm, hope it will help someone.


Comments

Post a Comment

Popular Posts

GREYCstoration Oil Paint plugin for Photoshop

By -
Image
Oil Paint Filter is missing in Photoshop? Try GREYCstoration plugin. An alternate for Oil Paint filter. I found my Adobe Photoshop CS5 is missing Oil Paint filter plugin due to GPU unavailable on my machine. I found an alternate tool to get oil painting effect on photos. Below are the steps to use this tool. 1.  Download  tool and extract http://www.mediafire.com/download/3j15dj3opmip4ez/GreycShop.zip 2. Copy the extracted files on below path(s)     For 64Bit: C:\Program Files\Adobe\Adobe Photoshop CS5 (64 Bit)\Plug-ins     For 32Bit: C:\Program Files (x86)\Adobe\Adobe Photoshop CS5\Plug-ins 3. Run Adobe Photoshop 4. Select Noise >> GREYCstoration  For example: Enjoy :)
Read more

Service Bus Gateway service stuck at Starting

By -
Image
Lesson Learned: Never leave your servers to automatically download and install the updates. We had a SharePoint farm where Workflow manager is configured on one of its server and rest of them are just using WFM client to connect with the server. Everything was running smooth until some updates got installed on the servers over night and the next morning Workflows stuck and start giving errors. As initial check, I verified SharePoint services and WFM services, noticed that the Service Bus Gateway service is struck at Starting state. This was very generic thing but at least a point to start thinking... Troubleshooting: 1. Tried manual restart, but no luck. 2. Tried Leaving and Joining the WFM Farm again. But the timeout error. Error message received during rejoining:  “Starting Service bus gateway on machine <servername> failed: timeout has expired and the operation has not been completed” 3. Tried ULS check and noticed below error. "  Service cannot be started. Microsoft.Ser
Read more

PowerApps SubmitForm not clearing People Picker value

By -
Image
Although its a great experience working with Microsoft products but sometimes they surprises you with bugs that being a developer you would not expect. You may come across the problem that PowerApps SubmitForm is not updating data in SharePoint list, specially the People Picker type field (could be the same case with datetime type as well. Same thing I have experienced that while working on a PowerApps form which is connected with simple SharePoint list, I was unable to update the value of People Picker control which was having no special settings in SharePoint, just simple out of the box list with Title and a People Picker column. Spent hours on it but no gain. Finally the Google, a friend who can help you to find the right thing if you search for it. I came across this and this post and found similarity. Made the same changes and boom...! It worked..! You just need to turn ON the Fomula level error management under the Advance Settings. Below is the settings which I set to Yes. Have
Read more

Apple iPhone sending SMS automatically 00447786205094

By -
Image
Hi There, I have just noticed that my credit is being deducted from my mobile account. I am in Pakistan and using Warid Tel network. I see my mobile credit details after few hours on my screen. This facility is provided only by Warid Telecom that they provide your credit details each time you make a call or send SMS. I checked my Message,Calls logs emails logs etc but no point where i can check that why me credit is being deducted. Absolutely nothing found. :-/  I called Warid Tel support center and the guy told me that there are 4 SMS that have been sent internationally from my iPhone 5. Whattt???? :O I have't sent even a single one. He was bound not to tell me the number however i found that number from Warid Tel online customer portal. That magical number was  00447786205094. Warid Web Self Service Portal I googled and found that its UK number and an iPhone application Facetime/iMessage used to send text to this number for their activation without
Read more

SharePoint online hub navigation not updating for other users

By -
Its been quite a time that I am working with SharePoint Online and meeting new challenges every day. Its feels great when you find a solution for something which Google do not tell you. I am just writing this post because there might be someone out there facing the same issue and this post might help him. BTW, before you check the actual post of how to fix the navigation check below, this might also help to change the user language. Problem Description: When an Admin of SharePoint Online site, updates the hub navigation (or may be site navigation), it do not get updated for all the users instantly. User has to clear browser cache to get the updated navigation. As per discussion with Microsoft, SharePoint saves a copy of the navigation in browser cache which automatically refreshes after a certain period of time. By default, you cannot clear browser cache using React or JS code. Browsers do not allow you to do so. So, the user should wait till that time? ABSOLUTELY NOT! (Imran Khan 😋 )
Read more