Can't create secure store target application

sharepoint.stackexchange https://sharepoint.stackexchange.com/questions/160894

  •  06-10-2020
  •  | 
  •  

Question

I've just gone through the fun of a domain change on a SharePoint instance, and I've almost got everything working, except for things that rely on the Secure Store service. Unfortunately, the password for the master key was lost, so I've deleted the old Secure Store service, and created a new one.

Now I am attempting to recreate the target applications. For this example called "My Target"

However, when I click the final "Ok", SharePoint gives the message:

Failed to create the target application because of the following error:
Cannot finish this operation successfully. Please contact your administrator.

Looking through the ULS logs, the only clues I've been able to find are sampled below:

 10/28/2015 18:47:12.01     w3wp.exe (0x3D9C)                           0x4594  
   SharePoint Foundation            Topology                        e5mc    Medium      
   WcfSendRequest: RemoteAddress: 'https://spMyServer:32844/eea4e32b0f614bf4ac1b083bdcf48f7a/SecureStoreService.svc/https' 
   Channel: 'Microsoft.Office.SecureStoreService.Server.ISecureStoreServiceApplication' 
   Action: 'http://schemas.microsoft.com/sharepoint/2009/06/securestoreservice/ISecureStoreServiceApplication/GetApplication' 
   MessageId: 'urn:uuid:7147f0b9-ab10-4537-9383-048f181f3721'   ce333c9d-44a7-d009-b44d-2dc4f75aa994

 10/28/2015 18:47:12.03     w3wp.exe (0x1B90)                           0x4334  
   SharePoint Foundation            Monitoring                      nasq    Medium      
   Entering monitored scope (ExecuteWcfServerOperation). 
   Parent No    c7333c9d-943f-d009-b44d-23bdbfe15c67

 10/28/2015 18:47:12.03     w3wp.exe (0x1B90)                           0x4334  
   SharePoint Foundation            Topology                        e5mb    Medium      
   WcfReceiveRequest: LocalAddress: 'https://spMyServer.mydomain:32844/eea4e32b0f614bf4ac1b083bdcf48f7a/SecureStoreService.svc/https' 
   Channel: 'System.ServiceModel.Channels.ServiceChannel' 
   Action: 'http://schemas.microsoft.com/sharepoint/2009/06/securestoreservice/ISecureStoreServiceApplication/GetApplication' 
   MessageId: 'urn:uuid:7147f0b9-ab10-4537-9383-048f181f3721'   ce333c9d-44a7-d009-b44d-2dc4f75aa994

 10/28/2015 18:47:12.09     w3wp.exe (0x1B90)                           0x4334  
  SharePoint Server                 Database                        ahjqp   High        
  [Forced due to logging gap, cached @ 10/28/2015 18:47:12.08, Original Level: Verbose] SQL connection time: 0.1232 ce333c9d-44a7-d009-b44d-2dc4f75aa994

 10/28/2015 18:47:12.09     w3wp.exe (0x1B90)                           0x4334  
   Secure Store Service             Secure Store                    elm4    High        
   SQL command failed: Sproc name: proc_sss_GetApplicationInfo, 
   Application Id: My Target, Error code: 80630490, 
   Error message: Target application not found (application id: My Target). ce333c9d-44a7-d009-b44d-2dc4f75aa994

 10/28/2015 18:47:12.09     w3wp.exe (0x1B90)                           0x433
   Secure Store Service             Secure Store                    efl2    High        
   GetApplication failed with the following exception:
   System.ServiceModel.FaultException`1[Microsoft.Office.SecureStoreService.Server.SecureStoreServiceTargetApplicationNotFoundFault]: 
   Target application not found (application id: My Target). 
   (Fault Detail is equal to Microsoft.Office.SecureStoreService.Server.SecureStoreServiceTargetApplicationNotFoundFault).  ce333c9d-44a7-d009-b44d-2dc4f75aa994

...
 10/28/2015 18:47:21.40     w3wp.exe (0x3D9C)                           0x44BC  
   Secure Store Service             Secure Store                    00000   
   Unexpected   Claim is null on the resolved pickerentity. d0333c9d-b4ed-d009-b44d-2985afb5fa91
Était-ce utile?

La solution

So after many attempts at uninstalling and reinstalling the secure store service, and still getting the error, another coworker tried to create the secure store service target application, and it worked. I tried under the same account, and it didn't work, which meant that we were doing something differently.

It turns out that if on the final screen where specifying the administrators for the target application, typing in the account name and clicking "verify" even though it showed the name was valid, would yield this error.

However, clicking the "Address Book" icon, then searching for the account and selecting it from there would allow creation of the target application.

Additionally, creating target applications via powershell worked.

I suspect it may have to do with vestiges of a custom claims provider we had (at least partially) uninstalled.

Licencié sous: CC-BY-SA avec attribution
Non affilié à sharepoint.stackexchange
scroll top