Hello,

Recently we discovered that some SharePoint 2013 workflows that we created before and used to work, now suddenly stopped working. The workflows can be very simple as logging a message to the workflow history list, or send a test email.

Nowadays, when we kick off a workflow for an item, we will first get an error like this:

Activity in progress       
Retrying last request. Next attempt scheduled in less than one minute. Details of last request: HTTP Unauthorized to http://webappspcollabfst.asbbank.co.nz/sites/spupdatetest/_vti_bin/client.svc/web/lists/getbyid(guid'4863587b-3633-44a9-8c3d-e6e4c53f0927') Correlation Id: c7440199-28cb-f7c2-8cf3-2a4ed0abb870 Instance Id: 3e6b679a-a826-45b3-a4c7-6712f072dcea

The after the workflow retries itself and eventually it suspends and we get something like this:

RequestorId: c7440199-28cb-f7c2-0000-000000000000. Details: RequestorId: c7440199-28cb-f7c2-0000-000000000000. Details: An unhandled exception occurred during the execution of the workflow instance. Exception details: System.ApplicationException: HTTP 401 The root of the certificate chain is not a trusted root authority. {"SPRequestGuid":["c7440199-28cb-f7c2-a816-f9c578b559b0"],"request-id":["c7440199-28cb-f7c2-a816-f9c578b559b0"],"X-FRAME-OPTIONS":["SAMEORIGIN"],"SPRequestDuration":["4"],"SPIisLatency":["0"],"Server":["Microsoft-IIS\/7.5"],"WWW-Authenticate":["Bearer realm=\"8ea9a5bd-7429-4ad6-9756-8a434df5b5c9\",client_id=\"00000003-0000-0ff1-ce00-000000000000\",trusted_issuers=\"00000005-0000-0000-c000-000000000000@*,00000003-0000-0ff1-ce00-000000000000@8ea9a5bd-7429-4ad6-9756-8a434df5b5c9\"","NTLM"],"X-Powered-By":["ASP.NET"],"MicrosoftSharePointTeamServices":["15.0.0.4420"],"X-Content-Type-Options":["nosniff"],"X-MS-InvokeApp":["1; RequireReadOnly"],"Date":["Tue, 28 Jul 2015 05:42:47 GMT"]}   at Microsoft.Activities.Hosting.Runtime.Subroutine.SubroutineChild.Execute(CodeActivityContext context)   at System.Activities.CodeActivity.InternalExecute(ActivityInstance instance, ActivityExecutor executor, BookmarkManager bookmarkManager)   at System.Activities.Runtime.ActivityExecutor.ExecuteActivityWorkItem.ExecuteBody(ActivityExecutor executor, BookmarkManager bookmarkManager, Location resultLocation)

I've googled around and found similar issues but none match exactly what we're facing so there I could not find any solutions yet. I'm hoping someone here can look at the error messages and know what's going on, and provide guidance in resolving this issue.

Many thanks for your time and support.

Conway

Hi Conway,

I faced the similar Issue once but creating the same workflow in SharePoint 2010 based workflow helped me.

Generally the certificate error arises due to the improper Workflow service registration steps(SP2013 workflows). Could you please confirm if any other SP2013 workflow is running smoothly on the same environment?

You should be mainly concentrated on this error " Exception details: System.ApplicationException: HTTP 401 The root of the certificate chain is not a trusted root authority".

1. Check the IIS bindings, if you have added the correct hostname there. This hostname should match the VIP name, if your workflow servers are behind VIP.

2. You should also use a hostname besides FQDN as a SAN name in the certificate.

3. If you are using multiple Workflow Manager hosts, you will need to add a signed certificate to the local Trusted Root Authority of all machines in the farm.

4. That same certificate must also be in the local Personal certificate store of all WFM hosts.

5. Run the command Register-SPWorkflowService again on the SP farm to register it with the workflow farm.

Hope this helps.

Thank you Rupesh. Yes I personally always try to avoid 2013 workflows at the moment and uses 2010 workflows most of the time, all because of 2013 wfs require additional workflow servers, which adds more chances for error to occur.

Unfortunately, some actions we require can only be provided by 2013 workflows.

Kind regards

Conway

Thanks Nayana and Mohit.

We have three environments. The issue is happening on two environments. The third environment have been going through some maintenance tasks so I have not tested the issue there.

On the two environment that are having the issue, the issue does not always occur. It's one of those problems that happens some where but not everywhere and it's hard to work out why. So we can only rely on the error message returned when the error occurs.

Back in 2012/2013, we had created one simple 2013 workflow in each environment so that we can check from time to time that the workflow servers were working properly. After many months of success we stopped checking. It's only recently when one of the production 2013 workflow is having a different issue that we start creating new test workflows in order to replicate that issue and found that the new workflows we created often suspend due to this issue. Then I tried to run the test workflows that were successful before and found they have stopped working as well.

To Mohit, your suggests seem to shine a bit of light on this. But I'm not too familiar on the certificate side of things. We're not using SSL so I'm a bit puzzled when I saw "HTTP 401 The root of the certificate chain is not a trusted root authority" in the error message.

Our environments have Web Front Ends and Workflow Servers, and we do also have HLB. On what servers and where on the servers should I check the certificate mentioned in the error message?

Thanks you all for your input.

Conway

Hi Conway

If you are not using SSL, its interesting error then. Are you using self generated certificate when configured workflow manager? Also, you need to check this on the servers where workflow manager is running. And can you try running register-spworkflowservice with -allowoauthhttp switch again on the SP farm. Just wanted to check if it gives any errors.

Hope this helps.