An exception occurred when trying to issue security token

sharepoint.stackexchange https://sharepoint.stackexchange.com/questions/267257

質問

I am trying to run SharePoint 2013 workflow on SharePoint 2016 farm but it is not working. I am logged in as SharePoint Setup account (the one which installed SharePoint) and it is a local admin. I can publish workflows fine but workflow remain in "Activity in progress". It's internal status is "Started". Here's the error I receive:

Retrying last request. Next attempt scheduled after 8/1/2019 12:50. Details of last request: HTTP Unauthorized to http://mysharepoint/_api/web/lists(guid'c31057f3-1a73-4354-bd5b-e41433ec3695') Correlation Id: 062f0b82-8ac1-d3c8-90a3-523d9f67c7e0

In ULS logs I am getting following error:

An exception occurred when trying to issue security token: UserProfileApplicationNotAvailableException_Logging :: UserProfileApplicationProxy.GetRawPartitionID has null proxy.

When I try to access workflow manager site in browser http://localhost:12291/ then I get following error:

<Code>AuthorizationError</Code>

<Message>The caller does not have the necessary permissions required for this operation. Permissions granted: None. Required permissions: ReadScope.</Message>

Everything appears to be working fine such as:

In CA Workflow Service Application Proxy says Workflow is connected. Both App Management Service and Subscription Settings Service service applications are started.

App Management Service, Claims to Windows Token Service and Microsoft SharePoint Foundation Subscription Settings Service services on the server are started. Even User Profile Service is started although no service application has been configured because I don't need it.

I can browse Security Token service in browser. http://mysharepoint:32843/SecurityTokenServiceApplication/securitytoken.svc

I even tried PowerShell mentioned on following page and it is issuing me tokens just fine.

https://blogs.technet.microsoft.com/spjr/2018/06/18/sharepoint-troubleshooting-the-security-token-service-sts/

Also tried following commands: 

$sec = New-Object Microsoft.Workflow.Client.Security.WindowsSecurityConfiguration("All Users")
$sec.WorkflowAdminGroupName = "Users"
Set-WFScopeSecurity -ScopeUri http://mysharepoint:12291/ -SecurityConfiguration $sec

In IIS under SecurityTokenServiceApplicationPool I have set Load User Profile to True

As you can see I have tried everything I can but still same issue. I turned on verbose logging and here are some results from ULS:

Token Cache:  Successfully wrote token XML.  
Using windows integrated auth.  
SPFederationAuthenticationModule.IsRedirectToLogOnPage: This is a 302 redirect to /_login/default.aspx?ReturnUrl=%2f_api%2fweb%2flists(guid%27c31057f3-1a73-4354-bd5b-e41433ec3695%27)  
SPFederationAuthenticationModule.OnEndRequest: User was being redirected to authenticate.  
Claims Windows Sign-In: Sending 401 for request 'http://mysharepoint/_api/web/lists(guid'c31057f3-1a73-4354-bd5b-e41433ec3695')' because the user is not authenticated and resource requires authentication.  
SPOAuthHttpChallenge: Setting WWW-Authenticate header to:Bearer realm="167929ff-bd38-46c3-b82c-e0da00fc0f7e",client_id="00000003-0000-0ff1-ce00-000000000000",trusted_issuers="00000005-0000-0000-c000-000000000000@*,00000003-0000-0ff1-ce00-000000000000@167929ff-bd38-46c3-b82c-e0da00fc0f7e"  
SPSuspendedFeaturesHttpHeader: Setting x-ms-suspended-features header to:features=""

Do I really need to configure User Profile Service application for this work? I don't think it is necessary right!?

How to fix this issue?

役に立ちましたか?

解決

Short answer is YES, you need to UPS to be running and the user triggering the Work Flow has to have a profile in the UPS.

https://sharepointv15.wordpress.com/2013/08/07/install-and-configure-workflow-for-sharepoint-2013/

他のヒント

No, User profile doesn't need to be configured. This is a known issue and i have faced it before.

Follow the below mentioned steps to solve this.

On the server where the workflow manager has been installed.

  1. $configuration = New-Object Microsoft.Workflow.Client.Security.WindowsSecurityConfiguration("All Users")
  2. $configuration.WorkflowAdminGroupName = "Users"
  3. Set-WFScopeSecurity -ScopeUri https://:12290/ -SecurityConfiguration $configuration

On the SharePoint server

  1. Register-SPWorkflowService –SPSite "https:///" –WorkflowHostUri "https://:12290/" –AllowOAuthHttp –Force

Follow the steps above and let me know if this does not solve your issue.

ライセンス: CC-BY-SA帰属
所属していません sharepoint.stackexchange
scroll top