WARNING: Endpoint https://server:12290/ is not responding: The underlying connection was closed

Question

WARNING: Endpoint https://server:12290/ is not responding: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

I’ve set up a Workflow farm in DMZ with no outbound connection to the internet. The only allowed connection is inbound over port 443 using SSL certificates. Installing the Workflow farm on three servers for redundancy without error following the excellent guide by Spence Harbar:

• Workflow Manager Farms for SharePoint 2013 Part One: Core Concepts, High Availability, Certificate and SharePoint considerations
• Workflow Manager Farms for SharePoint 2013 Part Two: End to End Configuration using Auto Generated Certificates and NLB
• Workflow Manager Farms for SharePoint 2013 Part Three: Switching an existing farm to use Domain CA issued certificates

Using the same guides in a test environment over HTTP works very well. But running the same setup, installing in offline mode and only allowing Workflows over HTTPS fails. The port 12290 between the three servers are open, verified by using telnet server-name 12290.

The custom application pool is running and has the same service account. The services (1) Service Bus Gateway, (2) Service Bus Message Broker, (3) Windows Fabric Host Service and (4) Workflow Manager Backend is running using the same account as the application pool.

The generated certificates have been exported from the first server and imported to the other two as trusted root certificates.

I’ve added the same certificate to SharePoint using PS:

$trustCert = Get-PfxCertificate "C:\Users\admin\Desktop\APPSRV-WF-Farm.cer"
New-SPTrustedRootAuthority -Name "Workflow Manager Farm" -Certificate $trustCert

... And it's present in Central Admin > Security > Manage Trust http://CentralAdmin-URL:2013/_admin/ManageTrust.aspx

The WorkFlow Manager Farm looks OK if I run PS Get-WFFarm but if I run Get-WFFarmStatus I can clearly see an issue:

PS D:\> Get-WFFarmStatus

HostName                      ServiceName                              ServiceStatus
--------                      -----------                              -------------
APPSRV.DOMAIN.COM             WorkflowServiceBackend                   Running
WARNING: Endpoint https://APPSRV.DOMAIN.COM:12290/ is not responding: The underlying
connection was closed:
Could not establish trust relationship for the SSL/TLS secure channel.
APPSRV.DOMAIN.COM             WorkflowServiceFrontEnd                  Stopped
WFE1SRV.DOMAIN.COM            WorkflowServiceBackend                   Running
WFE1SRV.DOMAIN.COM            WorkflowServiceFrontEnd                  Running
WFE2SRV.DOMAIN.COM            WorkflowServiceBackend                   Running
WFE2SRV.DOMAIN.COM            WorkflowServiceFrontEnd                  Running

Stopped and started the services using net stop WorkflowServiceBackend and net start WorkflowServiceBackend (Front end isn’t effected). I’ve run IISRESET on all servers, but still no change. The Event viewer tells the same error as above.

What are the next possible steps resolving the stopped WorkflowServiceFrontEnd?

Answer 1

After a break from the issue, I found what was wrong in my case. The firewall didn't allow connections between WFE- and APP-server(s). Don't bother to ask why and just leave it with it's due to "Organzational policies" :)

I tried it with a simple telnet APPSRV 443 which failed. Opening the port got things working.