Blogroll

Thursday, August 7, 2014

SharePoint 2007 Search: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel

Issue: We have a much wearied issue reported today morning on one of our SharePoint 2007 environment.

Error: Out WFE’s were flooded with the below error message.

Event Type:  Error
Event Source:         Office SharePoint Server
Event Category:      Office Server Shared Services
Event ID:      6482
Date:           07/08/2014
Time:           16:05:32
User:            N/A
Computer:   
Description:
Application Server Administration job failed for service instance Microsoft.Office.Server.Search.Administration.SearchServiceInstance (99cefecd-f814-4ead-bd5a-a79f79d3a757).
Reason: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
Techinal Support Details:
System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
   at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
   at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.ConnectStream.WriteHeaders(Boolean async)
   --- End of inner exception stack trace ---
   at Microsoft.Office.Server.Search.Administration.SearchApi.RunOnServer[T](CodeToRun`1 remoteCode, CodeToRun`1 localCode, Boolean useCurrentSecurityContext, Int32 versionIn)
   at Microsoft.Office.Server.Search.Administration.SearchApi..ctor(WellKnownSearchCatalogs catalog, SearchSharedApplication application)
   at Microsoft.Office.Server.Search.Administration.SearchServiceInstance.Synchronize()
   at Microsoft.Office.Server.Administration.ApplicationServerJob.ProvisionLocalSharedServiceInstances(Boolean isAdministrationServiceJob)

ULS Logs says:

08/07/2014 16:09:32.25   OWSTIMER.EXE (0x0914)                     0x0A98        Search Server Common                    MS Search Administration            86ze   High             Exception caught in Search Admin web-service proxy (client). System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.     at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)     at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)     at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)     at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyn...     

Search Administration in Says:

Could not connect to server for application 'Web App Name'. This error might occur if the server is not responding to client requests, the firewall or proxy configuration is preventing the server from being contacted, or the search administration Web service is not running on the server.



Troubleshooting:

I was not sure from where to start with, but first thing was to check on the SSL side.
Checked on the server but no SSL was installed and as I am aware of we have never used SSL on out this environment. So what could have caused the issue?

There are many post around the internet which gives to many details about the event ID 6482 specially for Office Search being affected but they had different Reason given with this Event ID, which was not relating to issue I had in my environment.

I have checked every possible combination of the search to check the search application down or affected due to SSL issue.

I thought of giving it a go by comparing it with outer WFE’s we have and out of 4 WFE’s had ‘View Certificates’ option as disabled 



And one among them had it active.



Once I clicked on view Certificate, then I get to know the root cause of the issue.
  
The certificate was expired on the 4 of Aug, 14 and it needs to be re-issued. 



Resolution:

Coming to the resolution part if we have IIS 6.0 resource kit installed then its good. If not first install it form here: http://www.microsoft.com/en-gb/download/details.aspx%3Fid%3D17275


Assigned a new SSL certificate to the Office SharePoint Server Web Services site on the index server using the selfssl tool from the resource kit.
Selfssl /s:(IIS ID of the Office Server Web Services site) /v:(length of validity for the certificate in days)
Selfssl /s:1720207907 /v:99999
Replaced the existing certificate with the newly created SelfSSL certificate.
Restart IIS and check if the certificate validity had changed and check in Event logs, ULS logs and Search administration if you still see the issue.

Applies to:
  • SharePoint Server 2007
  • IIS 6.0


Wednesday, August 6, 2014

Sharepoint Administrator account Lost its control (Permissions) over a SiteCollection

Issue Description: User not able to perform the administrative task in a site collection(He is having full control over the site).Even Primary site collection administrator lost control over the site.



àWhen clicking on "Site Action", he is not able to see the full range of option like "create new site, Document library ..etc). He is able to see only few options as shown above.
à Administrator not able see option to add users under site permission.

àNobody could add new documents or edit documents, nearly every single Document or Library option is greyed out.
Resolution:
Method 1:
1.     Central Administration -> Site Collection Quotas and Locks.
2.     Select your site collection
3.     Change the Site Lock Information radio button from “Read-only” to “Not locked
4.     OK 


Method 2: Use Stsadm command
stsadm -o setsitelock -url http://sitecollection -lock none
Root Cause: Usually While taking a sharepoint back up, site collection goes to read-only mode. Once it is completed it will returned to “Not Locked” mode.
Reason for this issue might be while taking back up got interrupted in middle and it left the site collection to read mode.


SharePoint 2010: MsiInstaller errors while attempting to manage a User Profile Service Application


Issue: while managing the User Profile services you get warning in the event viewer post restarting the IIS.

Error: Detection of product '{90140000-104C-0000-1000-1000000FF1CE}', feature 'PeopleILM', component '{1C12B6E6-898C-4D58-9774-AAAFBDFE273C}' failed.  The resource %programfiles%\Microsoft Office Servers\14.0\Service\Microsoft.ResourceManagement.Service.exe' does not exist.

Or

Detection of product '{90140000-104C-0000-1000-1000000FF1CE}', feature 'PeopleILM' failed during request for component '{1681AE41-ADA8-4B70-BC11-98A5A4EDD046}'

Or

Failed to connect to server. Error: 0x80070005.



Background: Many time we have seen these error keeps on recorded in event viewer after our servers either patched or we do an IIS following any change in the server of the SharePoint Web App.

It was not having any business impact, however keep on flooding the event viewer leading to miss some important error and information.

Troubleshooting: I did not bang my head much on this as I have got KB article which support this behavior completely and  KB says that this issue happens when you attempt to manage the User Profile Service Application via Central Admin on a SharePoint Server 2010 with the User Profile Synchronization service started after an IISReset, the following warnings are logged in the application log of the SharePoint server:

Resolution:

Grant the Network Service account read access to the %programfiles%\Microsoft Office Servers\14.0 folder.

Reference: MS KB supporting this behavior http://support.microsoft.com/kb/2473430

If you have any issues/queries, please do let me know.

APPLIES TO

  •         Microsoft SharePoint Server 2010

Tuesday, August 5, 2014

[New eBook]: The wikiNinjas Guide to SharePoint – Part II

I feel immense proud to see my name listed in the contributors list of the MS Wiki Ninjas Guide to SharePoint –Part II, which is put together by my friend Mr. Gokan Ozcifci.



Please join me to congratulate the authors:
·         Joe Davis
·         Matthew Yarlett
·         Thuan Soldier
·         Craig Lussier
·         Benoit Jester
·         Margriet Bruggeman
·         Inderjeet Singh Jaggi
·         RaghuAriga
·         Brent Groom
·         Dan Christian
·         Aulakh Amardeep
·         Rashu Rahul
·         Melick
·         Jason Barkes
·         Steven Andrews
·         Jesper Arnecke
·         Nikolas Charlebois-Laprade

You can also refer to the previously released books on wikiNinjas here by Gokan Ozcifci:



Largest collection of FREE Microsoft eBooks ever

While working on something today and doing some research I got to see the very interesting blog post from Eric Ligman, Microsoft Senior Sales Excellence Manager.


It enlist 1 million of the free e-books on various MS technology.

You can also utilize the any free resource post by Eric by making use of Microsoft Info Partner Mobile App.

Worth having a look and downloading.


Happy Reading……!

Sunday, August 3, 2014

Cannot navigate to the requested page because user profile synchronization service is not running: SharePoint 2013

Issue: While setting or new UPA service or starting an existing User profile service I was getting error message.

Error: Cannot navigate to the requested page because user profile synchronization service is not running, Please start the User Profile Synchronization Service before creating a connection.




Troubleshooting:

Checked CA and noticed that User profile synchronization is stopped.

Checked Forefront Identity Manager Service and Forefront Identity Manager Synchronization Service was also started.

Resolution: You can check if you are clicking on User Profiles, you are supposed to User Profile Service Application and click on User Profile Service Applications, and click on Start Profile Synchronization or Configure synchronization connection-new connection.

In my case was having an existing UPA service and every time I tried to create new connection the old was selected from the drop-down menu.

Hope this helps.

You can refer to another issue, if you have this error due to some other reasons.



Applies to: SharePoint Server 2010 SharePoint server 2013

ShareThis

snow flakes

blogger widgets Blogspot Tutorial

LinkWithin

Related Posts Plugin for WordPress, Blogger...