Sharepoint 2013 and Office Web Apps 2013: Unable to view documents, domain CA certs not trusted?
I have setup a WAC 2013 server and hooked it up to a SharePoint 2013 web app (it was upgraded to claims based authentication). It looks like WAC does not trust the SSL cert on the Sharepoint web app. I am not sure why this is an issue since all certs in question were generated by our domain CA. 

Error i receive on SP:
Microsoft Word Web App
Sorry, there was a problem and we can't open this document. If this happens again, try opening the document in Microsoft Word.

Some errors I receive on WAC server are:
HttpRequestAsync WOPICheckFile WACSERVER  no response [WebExceptionStatus:TrustFailure, url:https://...
WOPICheckFile WACSERVER HttpRequestAsyncException url:https://... Microsoft.Office.Web.Apps.Common.HttpRequestAsyncException: No Response in WebException ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure
WOPI CheckFile: Catch-All Failure [exception:Microsoft.Office.Web.Common.EnvironmentAdapters.UnexpectedErrorException: HttpRequest failed ---> Microsoft.Office.Web.Apps.Common.HttpRequestAsyncException: No Response in WebException ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
FileUnknownException while loading the app. 


I set it up according to the following:
http://technet.microsoft.com/en-us/library/jj219455.aspx
http://technet.microsoft.com/en-us/library/ff431687.aspx

Commands Run On WAC Server:
New-OfficeWebAppsFarm -InternalUrl "https://wacserver" -ExternalUrl "https://wacserver.domain-dev.com" CertificateName "wacserver.domain-dev.com" -EditingEnabled -Verbose  -ClipartEnabled -TranslationEnable

Commands Run On SP2013
New-SPWOPIBinding -ServerName wacserver.domain-dev.com
Get-SPWOPIZone
Set-SPWOPIZone zone "external-https"

Cert on SP Webapp is named intrante-dev.domain-dev.com
Cert on WAC Server is named wacserver.domain-dev.com
---The Wac Server Cert was setup with SAN of 3 other hostnames. It was designed to be behind a load balancer, but I dialed it down to 1 server while trying to figure out this one issue.

Full ULS Log entry around the error:

05/16/2013 09:11:26.58 w3wp.exe (0x14EC) 0x04C0 Office Web Apps Office Web Apps common ajba4 Medium WAC Server HttpModule: Beginning request at target [/wv/wordviewerframe.aspx?ui=en%2DUS&rs=en%2DUS&WOPISrc=https%3A%2F%2Fintranet%2Ddev%2Edomain%2Ddev%2Ecom%2Fhr%2F%5Fvti%5Fbin%2Fwopi%2Eashx%2Ffiles%2Fa757f9d60ff54c9f9c3f6fb9bd7ddee0&sc=https%3A%2F%2Fintranet%2Ddev%2Edomain%2Ddev%2Ecom%2Fhr%2FHSA%2FForms%2FAllItems%2Easpx&wdEnableRoaming=1] in session [c1d96176-e70f-492e-a81c-1779ec465e07] c1d96176-e70f-492e-a81c-1779ec465e07
05/16/2013 09:11:26.58 w3wp.exe (0x14EC) 0x04C0 ULS Logging Logging Correlation Data xmnv Medium UserSessionId=c1d96176-e70f-492e-a81c-1779ec465e07 c1d96176-e70f-492e-a81c-1779ec465e07
05/16/2013 09:11:26.58 w3wp.exe (0x14EC) 0x04C0 Office Web Apps WAC Hosting Interaction ai85o Medium WOPI Proof Keys - WS Farm State has no Old key (this is expected if recently installed) c1d96176-e70f-492e-a81c-1779ec465e07
05/16/2013 09:11:26.58 w3wp.exe (0x14EC) 0x04C0 Office Web Apps WAC Hosting Interaction adhse Medium WOPI CheckFileInfo: Start [url:https://intranet-dev.domain-dev.com/hr/_vti_bin/wopi.ashx/files/a757f9d60ff54c9f9c3f6fb9bd7ddee0] c1d96176-e70f-492e-a81c-1779ec465e07
05/16/2013 09:11:26.58 w3wp.exe (0x14EC) 0x04C0 Office Web Apps WAC Hosting Interaction ag7pm Medium URL generated for WOPI CheckFile Request: https://intranet-dev.domain-dev.com/hr/_vti_bin/wopi.ashx/files/a757f9d60ff54c9f9c3f6fb9bd7ddee0?access_token=REDACTED_1079&access_token_ttl=1368745886487 c1d96176-e70f-492e-a81c-1779ec465e07
05/16/2013 09:11:26.58 w3wp.exe (0x14EC) 0x04C0 Office Web Apps WAC Hosting Interaction afk6b Medium WOPI Proof Data: AccessToken Hash '659012424' [1059 bytes], URL 'HTTPS://INTRANET-DEV.domain-DEV.COM/HR/_VTI_BIN/WOPI.ASHX/FILES/A757F9D60FF54C9F9C3F6FB9BD7DDEE0?ACCESS_TOKEN=REDACTED_1079&ACCESS_TOKEN_TTL=1368745886487' [1221 bytes], TimeStamp '635043066865838639' [8 bytes] c1d96176-e70f-492e-a81c-1779ec465e07
05/16/2013 09:11:26.58 w3wp.exe (0x14EC) 0x04C0 Office Web Apps WAC Hosting Interaction ai85q Medium WOPI Proof: Using Current private key (to sign) that matches Current public key  BgIAAACkAABSU0ExAAgAAAEAAQCfPBcXECGyj3nLnbu50tcebe6BqsCup93zSBkgrt2TW8zn8QaTBdDq/J2h6q/xyC3qr8hJaIHyXgGvs0BwvLsDPV7HzVtvFZrSAULZmfHqFiZSTWwTKriJNZXgusXBAHNNozY1mecRUZCFwKIJciB9jNNEI2ctcM0gdJndv+TNLSEh+q2qAAf9kdcVcu2EpfLD0zLNePa3VupDN7hTWRWJhXBV8I0WnAC/kB5rEfJZb+lJ9Ld2vAZyiXO6RtsAnE4cUUcBCb7s0oM2jbH5YnGU9Hp+Oq0WCEF8u5hs4csbJcnbqWaC1FkmLJVH/j6Y6eh/e99aD8NwCfbCUiuOQBu2 c1d96176-e70f-492e-a81c-1779ec465e07
05/16/2013 09:11:26.59 w3wp.exe (0x14EC) 0x04C0 Office Web Apps WAC Hosting Interaction ai85a Medium WOPI Proof - Successfully signed the data with the Current private key [10 ms] c1d96176-e70f-492e-a81c-1779ec465e07
05/16/2013 09:11:26.59 w3wp.exe (0x14EC) 0x04C0 Office Web Apps WAC Hosting Interaction ai85o Medium WOPI Proof Keys - WS Farm State has no Old key (this is expected if recently installed) c1d96176-e70f-492e-a81c-1779ec465e07
05/16/2013 09:11:26.59 w3wp.exe (0x14EC) 0x04C0 Office Web Apps WAC Hosting Interaction agxqi Medium Cannot create WOPI Proof Token - could not find valid Old proof key data c1d96176-e70f-492e-a81c-1779ec465e07
05/16/2013 09:11:26.59 w3wp.exe (0x14EC) 0x04C0 Office Web Apps WAC Hosting Interaction adhq7 Medium HttpRequestAsync (WOPICheckFile,WACSERVER) Starting [mode: GET, url: https://intranet-dev.domain-dev.com/hr/_vti_bin/wopi.ashx/files/a757f9d60ff54c9f9c3f6fb9bd7ddee0?access_token=REDACTED_1079&access_token_ttl=1368745886487] c1d96176-e70f-492e-a81c-1779ec465e07
05/16/2013 09:11:26.59 w3wp.exe (0x14EC) 0x04C0 Office Web Apps WAC Hosting Interaction adhro Medium HttpRequestAsync (WOPICheckFile,WACSERVER) End Called c1d96176-e70f-492e-a81c-1779ec465e07
05/16/2013 09:11:26.59 w3wp.exe (0x14EC) 0x0CDC Office Web Apps WAC Hosting Interaction adhrk Unexpected HttpRequestAsync, (WOPICheckFile,WACSERVER) no response [WebExceptionStatus:TrustFailure, url:https://intranet-dev.domain-dev.com/hr/_vti_bin/wopi.ashx/files/a757f9d60ff54c9f9c3f6fb9bd7ddee0?access_token=REDACTED_1079&access_token_ttl=1368745886487] c1d96176-e70f-492e-a81c-1779ec465e07
05/16/2013 09:11:26.59 w3wp.exe (0x14EC) 0x0CDC Office Web Apps WAC Hosting Interaction adhrr Medium HttpRequestAsync (WOPICheckFile,WACSERVER) Setting Completion [Time in ms: 4, Bytes Read: 0] c1d96176-e70f-492e-a81c-1779ec465e07
05/16/2013 09:11:26.59 w3wp.exe (0x14EC) 0x0CDC Office Web Apps WAC Hosting Interaction ajdv9 Medium HttpRequestAsync (WOPICheckFile,WACSERVER) SetCompletion Track start | setting trackers | WebRequest.Create() | Create() returned | _req.ContentLength 0 | setting request headers | setting user agent | setting keep alive | setting timeout callback | Start calling StartResponseProcessing | StartResponseProcessing._req.BeginGetResponse() | BeginGetResponse() returned | StartResponseProcessing RETURNS | Start RETURNS | End.AsyncWaitHandle.WaitOne() | GetResponseCallback isSync:False | _req.EndGetResponse() | GetResponseCallback WebException | RecordWebException | RecordWebException response == null | SetCompletion False | c1d96176-e70f-492e-a81c-1779ec465e07
05/16/2013 09:11:26.59 w3wp.exe (0x14EC) 0x04C0 Office Web Apps WAC Hosting Interaction adhr0 Medium WOPICheckFile,WACSERVER HttpRequestAsyncException [url:https://intranet-dev.domain-dev.com/hr/_vti_bin/wopi.ashx/files/a757f9d60ff54c9f9c3f6fb9bd7ddee0?access_token=REDACTED_1079&access_token_ttl=1368745886487, e:Microsoft.Office.Web.Apps.Common.HttpRequestAsyncException: No Response in WebException ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.     at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)     at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)     --- End of inner exception stack trace ---     at System.Net.HttpWebRequest.EndGetRespon... c1d96176-e70f-492e-a81c-1779ec465e07
05/16/2013 09:11:26.59* w3wp.exe (0x14EC) 0x04C0 Office Web Apps WAC Hosting Interaction adhr0 Medium ...se(IAsyncResult asyncResult)     at Microsoft.Office.Web.Apps.Common.HttpRequestAsync.GetResponseCallback(IAsyncResult asyncResult)     --- End of inner exception stack trace ---, host correlation:] c1d96176-e70f-492e-a81c-1779ec465e07
05/16/2013 09:11:26.59 w3wp.exe (0x14EC) 0x04C0 Office Web Apps WAC Hosting Interaction adhsk Unexpected WOPI CheckFile: Catch-All Failure [exception:Microsoft.Office.Web.Common.EnvironmentAdapters.UnexpectedErrorException: HttpRequest failed ---> Microsoft.Office.Web.Apps.Common.HttpRequestAsyncException: No Response in WebException ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.     at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)     at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)     --- End of inner exception stack trace ---     at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)     at Microsoft.Office.Web.Apps.Common.Ht... c1d96176-e70f-492e-a81c-1779ec465e07
05/16/2013 09:11:26.59* w3wp.exe (0x14EC) 0x04C0 Office Web Apps WAC Hosting Interaction adhsk Unexpected ...tpRequestAsync.GetResponseCallback(IAsyncResult asyncResult)     --- End of inner exception stack trace ---     --- End of inner exception stack trace ---     at Microsoft.Office.Web.Apps.Common.WopiDocument.LogAndThrowWireException(HttpRequestAsyncResult result, HttpRequestAsyncException delayedException)     at Microsoft.Office.Web.Apps.Common.HttpRequestAsync.End()     at Microsoft.Office.Web.Apps.Common.WopiDocument.GetWopiRequestResultWithRetry(Int32 maxSize, MemoryStream ms, WopiRequest wopiRequest)     at Microsoft.Office.Web.Apps.Common.WopiDocument.CheckWopiFile()] c1d96176-e70f-492e-a81c-1779ec465e07
05/16/2013 09:11:26.59 w3wp.exe (0x14EC) 0x04C0 Office Web Apps WAC Hosting Interaction ajjve Medium WOPI CheckFile: Catch-All Failure [url:https://intranet-dev.domain-dev.com/hr/_vti_bin/wopi.ashx/files/a757f9d60ff54c9f9c3f6fb9bd7ddee0] c1d96176-e70f-492e-a81c-1779ec465e07
05/16/2013 09:11:26.59 w3wp.exe (0x14EC) 0x04C0 Services Infrastructure Services Infrastructure Logging ai94t Unexpected FileUnknownException while loading the app. [FileSourceId: -1088102096] [ClusterId: 0] [ExtraErrorInfo: ] c1d96176-e70f-492e-a81c-1779ec465e07
05/16/2013 09:11:26.59 w3wp.exe (0x14EC) 0x04C0 Office Web Apps Office Web Apps common af46w Medium WACServer HttpModule: Completed request with status code [200] c1d96176-e70f-492e-a81c-1779ec465e07
May 16th, 2013 5:08pm

Hello

I didn't see this in the articel, but have you added your certificates as trusts in SharePoint?  Security->Manage trust

Free Windows Admin Tool Kit Click here and download it now
May 16th, 2013 11:13pm

I did not originally have certificates in the trust store. 

I added the domain cert, did and iisreset. Tests again showed the same error. 

I also added the wacserver.domain-dev.com cert as well. Same error.

May 17th, 2013 12:00am

Hello,

I guess you did figure out this one? I had the exact same error on my developement environment. I was doing the config over and over again after best practise but still the same result.

the problem for me (very embarrasing I know :-)) was DNS. My development Sharepoint was using DHCP so it worked after adding the IP address to the host file on the Web apps server and restart both machines.

Cheers

Free Windows Admin Tool Kit Click here and download it now
August 23rd, 2013 5:48am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics