Apps in a DR farm: ms.sp.int vs ms.sp.ext
https://sharepoint.stackexchange.com/questions/136370
-
02-10-2020 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
During the set-up of a DR farm, we're facing a weird issue with apps. We have both a provider hosted app as well as a sharepoint hosted app deployed to a site using powershell. The apps are also registered using powershell. In the primary farm, all is well and the apps work ok.
Now because the content db's are synced, the apps move to the DR farm automatically. When you now click the app, SharePoint will throw an error like:
app "i:0i.t|ms.sp.ext|930fc405-2029-4afc-bfe4-8cd7a9f22e15@56775c06-47b3-4957-9b5b-003e2b4b0d23" does not exist.
Which is because the app isn't registered on the DR farm yet. So when we register the app, it starts working. This worked fine for the provider hosted app, but it didn't for the SharePoint hosted one.
When we run the powershell script to register an app, it will register
app "i:0i.t|ms.sp.ext|930fc405-2029-4afc-bfe4-8cd7a9f22e15@56775c06-47b3-4957-9b5b-003e2b4b0d23" does not exist.
But when opening the SharePoint hosted app in the brower, the error will read:
app "i:0i.t|ms.sp.int|930fc405-2029-4afc-bfe4-8cd7a9f22e15@56775c06-47b3-4957-9b5b-003e2b4b0d23" does not exist.
Note that the first reads ext and the second reads int, so they do not match (error is valid from that perspective). I suspect that int = sharepoint hosted and ext = provider hosted, but I haven't found any details on that. The powershell cmdlets only let me register "ext" principals, as there is no way to specify "int" instead. The weird thing is that this does work ok on the primary farm, so aparently the normal installation procedure registers the correct type.
Anyone ever seen this behaviour and perhaps has more indepth knowledge on what's going on behind the scenes?
Update: after some more digging I found out that when the app is added to the site (doesn't matter if it's via catalog or powershell); it creates app permissions on site and web level. These are properly synced to the DR farm. But on Central Administration level, the app principal only exists in the primary farm and not in the secondary farm. The problem when you register on the DR farm via powershell, is that you get the "ext" identifier and not the "int" one, so it doesn't work. What I'm now looking for is a way to sync those principals on CA level.
Solution
Found it. In DR scenario's, you need to synchronize the app management and subscription settings databases. Although designed this way, the farm in this case hadn't been set-up like this. Therefore, the app registrations weren't properly synced and this issue occurs. So if you're in the same situation: verify the syncs between your databases!
