SharePoint 2013 Workflow: Can't get them to work again
https://sharepoint.stackexchange.com//questions/71773
-
10-12-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I currently get the error "Invalid JWT token. Could not resolve issuer token" (401 error) when trying to start a new SP2013 Workflow instance.
I deleted the WF farm already and recreated it (and re-registered with SP). I can create and publish workflows with SharePoint designer. When starting a new instance it starts, but then fails. In Fiddler I can see a lot of 401 errors with said error message. When browsing to localhost:12291 I get a 403 - when executing the browser as Administrator, I can access the XML served by the workflow service. User Profile Service is running, and synching with no problems. I ran multiple full synchs already.
I can't find any error message in the event log, none in the ULS log. The debug table just states the obvious: "Attempt 2 of the HTTP request to 'http://sp.dev/sites/test/_vti_bin/client.svc/web/lists/getbyid(guid'2f523828-6687-43f1-a5b7-af144fea8739')' will be made in 00:00:06." - all 401 errors.
How do I reset my system? how do I do further testing?
Solution
I have just had the same issue in my environment. In my case I have HTTP enabled on the workflow farm. During re-install the workflow farms HTTP endpoint disappeared (you can run the Get-WFFarm PowerShell command and check the Endpoints there).
So the solution in my case was to properly configure the HTTPS endpoint and than re-register the workflow farm with SharePoint. The snippet below assumes that you have exported the SSL certificate from the workflow manager IIS web site to c:\wfm.cer.
$cert = Get-PfxCertificate "c:\wfm.cer"
New-SPTrustedRootAuthority -Name "Workflow Manager Farm" -Certificate $cert
Register-SPWorkflowService -SPSite "http://dev.sharepoint.com" -WorkflowHostUri "https://devmachine.devdomain.local:12290" -Force
I order to get debugging for this issue configured in the ULS log you can modify the Diagnostic logging settings in Central Administration. Set the following in SharePoint Foundation category to Verbose: App Auth, Application Authentication, Authentication Authorization, Claims Authentication, CSOM.
OTHER TIPS
This issue can sometimes (every time in my experience) be addressed by running the "Refresh Trusted Security Token Services Metadata feed" -- just look under "Timer Jobs" under "Monitoring" in Central Administration.
This is one of those timer jobs which runs infrequently (in this case once per day, usually at midnight), so unless you kick it off explicitly it can be a mystery when things that don't run one day run the next.
