Can't create secure store target application
-
06-10-2020 - |
Question
I've just gone through the fun of a domain change on a SharePoint instance, and I've almost got everything working, except for things that rely on the Secure Store service. Unfortunately, the password for the master key was lost, so I've deleted the old Secure Store service, and created a new one.
Now I am attempting to recreate the target applications. For this example called "My Target"
However, when I click the final "Ok", SharePoint gives the message:
Failed to create the target application because of the following error:
Cannot finish this operation successfully. Please contact your administrator.
Looking through the ULS logs, the only clues I've been able to find are sampled below:
10/28/2015 18:47:12.01 w3wp.exe (0x3D9C) 0x4594
SharePoint Foundation Topology e5mc Medium
WcfSendRequest: RemoteAddress: 'https://spMyServer:32844/eea4e32b0f614bf4ac1b083bdcf48f7a/SecureStoreService.svc/https'
Channel: 'Microsoft.Office.SecureStoreService.Server.ISecureStoreServiceApplication'
Action: 'http://schemas.microsoft.com/sharepoint/2009/06/securestoreservice/ISecureStoreServiceApplication/GetApplication'
MessageId: 'urn:uuid:7147f0b9-ab10-4537-9383-048f181f3721' ce333c9d-44a7-d009-b44d-2dc4f75aa994
10/28/2015 18:47:12.03 w3wp.exe (0x1B90) 0x4334
SharePoint Foundation Monitoring nasq Medium
Entering monitored scope (ExecuteWcfServerOperation).
Parent No c7333c9d-943f-d009-b44d-23bdbfe15c67
10/28/2015 18:47:12.03 w3wp.exe (0x1B90) 0x4334
SharePoint Foundation Topology e5mb Medium
WcfReceiveRequest: LocalAddress: 'https://spMyServer.mydomain:32844/eea4e32b0f614bf4ac1b083bdcf48f7a/SecureStoreService.svc/https'
Channel: 'System.ServiceModel.Channels.ServiceChannel'
Action: 'http://schemas.microsoft.com/sharepoint/2009/06/securestoreservice/ISecureStoreServiceApplication/GetApplication'
MessageId: 'urn:uuid:7147f0b9-ab10-4537-9383-048f181f3721' ce333c9d-44a7-d009-b44d-2dc4f75aa994
10/28/2015 18:47:12.09 w3wp.exe (0x1B90) 0x4334
SharePoint Server Database ahjqp High
[Forced due to logging gap, cached @ 10/28/2015 18:47:12.08, Original Level: Verbose] SQL connection time: 0.1232 ce333c9d-44a7-d009-b44d-2dc4f75aa994
10/28/2015 18:47:12.09 w3wp.exe (0x1B90) 0x4334
Secure Store Service Secure Store elm4 High
SQL command failed: Sproc name: proc_sss_GetApplicationInfo,
Application Id: My Target, Error code: 80630490,
Error message: Target application not found (application id: My Target). ce333c9d-44a7-d009-b44d-2dc4f75aa994
10/28/2015 18:47:12.09 w3wp.exe (0x1B90) 0x433
Secure Store Service Secure Store efl2 High
GetApplication failed with the following exception:
System.ServiceModel.FaultException`1[Microsoft.Office.SecureStoreService.Server.SecureStoreServiceTargetApplicationNotFoundFault]:
Target application not found (application id: My Target).
(Fault Detail is equal to Microsoft.Office.SecureStoreService.Server.SecureStoreServiceTargetApplicationNotFoundFault). ce333c9d-44a7-d009-b44d-2dc4f75aa994
...
10/28/2015 18:47:21.40 w3wp.exe (0x3D9C) 0x44BC
Secure Store Service Secure Store 00000
Unexpected Claim is null on the resolved pickerentity. d0333c9d-b4ed-d009-b44d-2985afb5fa91
La solution
So after many attempts at uninstalling and reinstalling the secure store service, and still getting the error, another coworker tried to create the secure store service target application, and it worked. I tried under the same account, and it didn't work, which meant that we were doing something differently.
It turns out that if on the final screen where specifying the administrators for the target application, typing in the account name and clicking "verify" even though it showed the name was valid, would yield this error.
However, clicking the "Address Book" icon, then searching for the account and selecting it from there would allow creation of the target application.
Additionally, creating target applications via powershell worked.
I suspect it may have to do with vestiges of a custom claims provider we had (at least partially) uninstalled.