We were doing a SharePoint 2013 Server domain migration in which we had to migrate Workflow Manager as well.
After migration, Workflow Manager 2013 did not work fine in new environment so we had to attached old environment server to new farm with the old domain account. You can call this as a temporary work around.
All SharePoint Workflow 2013 stopped working and were getting “cancelled” whenever they were running.
Mainly two issues:
- Wokflow App Permissions were not correct, if you are not sure what I am talking about please refer to this link https://docs.microsoft.com/en-us/sharepoint/dev/general-development/create-a-workflow-with-elevated-permissions-by-using-the-sharepoint-workflo
- Tasks were not getting created by Workflow 2013 in Task list and workflow failed or canceled.
- First issue was resolved by using the same link posted earlier and I will say half of the workflows worked fine
- Second issue was complex and I was not able to find a resolution but one of my colleague found resolution, I was able to only collect error messages which was also important as we were not able to pin point root cause
You may see following error messages in the SharePoint ULS logs, the key issue for us was the ones highlighted in bold
Trusted provider is missing. Provider: ‘00000003-0000-0ff1-ce00-000000000000’
Request does not have SPBasePermissions.UseRemoteAPIs permission. Need to check it when each API is accessed
SocialRESTExceptionProcessingHandler.DoServerExceptionProcessing – SharePoint Server Exception [System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.
at Microsoft.SharePoint.Client.ServerStub.CheckRequiredResourceRight(ProxyContext proxyContext, String memberName, ResourceRight right)
at Microsoft.SharePoint.Client.ServerStub.CheckBlockedGetProperty(String propName, ProxyContext proxyContext)
at Microsoft.SharePoint.ServerStub.SPContextServerStub.GetStaticProperty(String propName, ProxyContext proxyContext)
at Microsoft.SharePoint.Client.ServerStub.GetStaticPropertyWithMonitoredScope(String propertyName, ProxyContext proxyContext)]
Throw UnauthorizedAccessException instead of SPUtilityInternal.Send401 for client.svc request.
So what does this mean? It means that API calls are failing and not reachable when workflows are running. In our set up due to domain migration we had two https url and one of them was default. We observed that the API calls via default urls were always failing so we decided to dig deeper.
We found out that in web application web.config file if you have below attributes and have urls under it then API calls are working only for those urls so first we thought we can add all the urls but it seems you cannot add two https url and it is not supported, bascially we are talking about host headers we had three host headers in IIS but only two here.
<serviceHostingEnvironment aspNetCompatibilityEnabled=”true”> <baseAddressPrefixFilters>
<add prefix=”https url” />
<add prefix=”http url” />
To fix this and allow all the traffic what you can do is to have only one https url or host header which I will say is ideal way of running SharePoint 2013. Note that SharePoint 2016 or 2019 are not expected to have these issues
Other way is to change config like below and allow all urls
<serviceHostingEnvironment aspNetCompatibilityEnabled=”true”> </serviceHostingEnvironment>
I hope this helps someone as it took lot of time for us to find this.