Workflow manager not trusting root certificate
Problem
Error Message
Timestamp: 20:36:01.162 Message: Error completing provisioning job for store 'Store'. Status: OK Workflow token: { Workflow id: fcdf24e0-451e-49e0-9253-d433b30a7d9a Bookmark name: c4e36fb7-2dda-4357-beae-08afe3f41c4e } Result: [Name: Enabled, Value: True] [Name: ZPErrorCode, Value: 0] [Name: ObjectGUID, Value: 8d1a409f-a64f-4320-9229-42fc550c6e25] [Name: ZPActivityStatus, Value: Hämtat användarinformation.] . System.UnauthorizedAccessException: The token provider was unable to provide a security token while accessing '[https://zervicepoint.dev.local:9355/ZervicePoint/$STS/Windows/](https://tcms006t.ad.toolscommon.com:9355/ZervicePoint/$STS/Windows/)'. Token provider returned message: 'The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.'. ---> System.IdentityModel.Tokens.SecurityTokenException: The token provider was unable to provide a security token while accessing '[https://](https://tcms006t.ad.toolscommon.com:9355/ZervicePoint/$STS/Windows/)[zervicepoint.dev.local](https://tcms006t.ad.toolscommon.com:9355/ZervicePoint/$STS/Windows/)[:9355/ZervicePoint/$STS/Windows/](https://tcms006t.ad.toolscommon.com:9355/ZervicePoint/$STS/Windows/)'. Token provider returned message: 'The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.'. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure. at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception) at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result) at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size) at System.Net.ConnectStream.WriteHeaders(Boolean async) --- End of inner exception stack trace --- at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context) at System.Net.HttpWebRequest.GetRequestStream() at Microsoft.ServiceBus.TokenProviderHelper.GetWindowsAccessTokenCore(IEnumerator`1 stsUris, Func`2 uriBuilder, String requestToken, TimeSpan timeout, DateTime& expiresIn) --- End of inner exception stack trace --- at Microsoft.ServiceBus.TokenProviderHelper.ThrowException(Uri requestUri, WebException exception) at Microsoft.ServiceBus.TokenProviderHelper.GetWindowsAccessTokenCore(IEnumerator`1 stsUris, Func`2 uriBuilder, String requestToken, TimeSpan timeout, DateTime& expiresIn) at Microsoft.ServiceBus.WindowsTokenProvider.OnBeginGetWebToken(String appliesTo, String action, TimeSpan timeout, AsyncCallback callback, Object state) at Microsoft.ServiceBus.TokenProvider.GetWebTokenAsyncResult..ctor(TokenProvider tokenProvider, String appliesTo, String action, Boolean bypassCache, TimeSpan timeout, AsyncCallback callback, Object state) at Microsoft.ServiceBus.TokenProvider.BeginGetWebToken(String appliesTo, String action, Boolean bypassCache, TimeSpan timeout, AsyncCallback callback, Object state) at Microsoft.ServiceBus.TokenProviderUtility.GetMessagingWebToken(ITokenProvider tokenProvider, String appliesTo, String action, Boolean bypassCache, TimeSpan timeout) --- End of inner exception stack trace --- Server stack trace: at Microsoft.ServiceBus.TokenProviderUtility.GetMessagingWebToken(ITokenProvider tokenProvider, String appliesTo, String action, Boolean bypassCache, TimeSpan timeout) at Microsoft.ServiceBus.Messaging.HttpWebRequestExtensions.AddAuthorizationHeader(HttpWebRequest request, ITokenProvider tokenProvider, Uri baseAddress, String action) at Microsoft.ServiceBus.Messaging.ServiceBusResourceOperations.GetAsyncResult`1.<GetAsyncSteps>d__11.MoveNext() at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.EnumerateSteps(CurrentThreadType state) at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.Start() Exception rethrown at [0]: at Microsoft.ServiceBus.Common.AsyncResult.End[TAsyncResult](IAsyncResult result) at Microsoft.ServiceBus.NamespaceManager.OnEndQueueExists(IAsyncResult result) at Zipper.ZervicePoint.ProcessSystem.Engine.Queues.ServiceBusQueue.EnsureQueue(String queueName) at Zipper.ZervicePoint.ProcessSystem.Engine.Queues.ServiceBusQueue.get_Queue() at Zipper.ZervicePoint.ProcessSystem.Engine.Queues.ServiceBusQueue.SendMessage(IMessage message) at Zipper.ZervicePoint.ProcessSystem.Service.Services.OrderService.ResumeServiceOrder(Guid workflowId, String bookmark, Dictionary`2 data, String storeName, Boolean hasFailed, String errorMessage) at Zipper.ZervicePoint.ProcessSystem.Service.WebServices.ProvisioningServiceFacade.CompleteProvisioningJob(CompletedProvisioningJobData completedJob, String storeName) Category: All Events Priority: -1 EventId: 66 Severity: Error Title: Machine: TCMS002T Application Domain: /LM/W3SVC/4/ROOT/ProcessSystem-5-131317471714586492 Process Id: 2896 Process Name: c:\\windows\\system32\\inetsrv\\w3wp.exe Win32 Thread Id: 1972 Thread Name: Extended Properties:
Solution
Make sure all workflow manager hosts trust the certificate chain for certificate AppServerGeneratedSBCA
- Locate the workflow manager with certificate AppServerGeneratedSBCA
- Export the certificates (AppServerGeneratedSBCA and Workflow root certificate), preferably by using the following guide https://msdn.microsoft.com/en-us/library/jj192993.aspx
- For each additional workflow manager server import the exported certificates to Trusted Root Certification Authority