[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 58
  • Last Modified:

SharePoint Foundation Error

Hey everyone.  I've run into a major problem with my SharePoint 2013 server that's running on Server 2012.  Over the last couple of days, I've run into an error trust issue between the Server 2012 machine and the Domain Controller.  Basically what happened was the server 2012 machine came up with the trust error, and couldn't login.  I changed the machine to the local workgroup and rejoin the domain (note - I did NOT delete the machine in AD).  This fixed it, at least temporarily.  Was still having the trust issue, and after a couple days of leaving the domain and rejoining - the machine seems to be stable within.  

Now for the bigger problem.  SharePoint users were constantly being required to authenticate with credentials (which wasn't working).  Checking the event logs I've been seeing this show up every 15 minutes:

An exception occurred while updating addresses for connected app {7b42a9c7-0157-4d48-ab6b-7512333d72b9_06ad76b1-9f8b-4067-ac8b-42c105370ca5}. The uri endpoint information may be stale. System.SystemException: The trust relationship between this workstation and the primary domain failed.

   at System.Security.Principal.SecurityIdentifier.TranslateToNTAccounts(IdentityReferenceCollection sourceSids, Boolean& someFailed)
   at System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection sourceSids, Type targetType, Boolean forceSuccess)
   at System.Security.Principal.SecurityIdentifier.Translate(Type targetType)
   at Microsoft.SharePoint.Administration.SPAce`1.get_PrincipalName()
   at Microsoft.SharePoint.Administration.SPAcl`1.Add(String principalName, String displayName, SPIdentifierType identifierType, Byte[] identifier, T grantRightsMask, T denyRightsMask)
   at Microsoft.SharePoint.Administration.SPAcl`1..ctor(String persistedAcl)
   at Microsoft.SharePoint.Administration.SPIisWebServiceApplication.OnDeserialization()
   at Microsoft.SharePoint.Administration.SPPersistedObject.Initialize(ISPPersistedStoreProvider persistedStoreProvider, Guid id, Guid parentId, String name, SPObjectStatus status, Int64 version, XmlDocument state)
   at Microsoft.SharePoint.Administration.SPFileSystemCache.FetchObjectFromFileSystem(Guid id)
   at Microsoft.SharePoint.Administration.SPFileSystemCache.GetValue(Guid id)
   at Microsoft.SharePoint.Administration.SPCache`2.get_Item(K key)
   at Microsoft.SharePoint.Administration.SPConfigurationDatabase.GetObject(Guid id, Boolean checkInMemoryCache, Boolean checkFileSystemCache)
   at Microsoft.SharePoint.Administration.SPFarm.GetObject(Guid id)
   at Microsoft.SharePoint.SPTopologyWebServiceApplicationProxy.GetEndPoints(Guid serviceId)
   at Microsoft.SharePoint.SPConnectedServiceApplicationAddressesRefreshJob.Execute(Guid targetInstanceId)

I've ran Test-ComputerSecureChannel -Repair and the error still shows every 15 mins.  Any help with fixing this would be greatly appreciated.
0
jjacob72
Asked:
jjacob72
  • 3
  • 2
2 Solutions
 
Walter CurtisSharePoint AEDCommented:
SharePoint communicates with service accounts that should be domain based. When the machine left the domain, the service accounts should have been okay, since the accounts still existed in the domain. BUT, somehow SharePoint might have lost connection to authenticate some of the accounts. It appears that your farm account is okay, I presume you can get in to Central Admin. So go the security settings for SharePoint found in Central Admin and confirm account credentials.

I never had the need to remove a SP server from the domain in a prod farm, and if I did might not have the gonads to do it, because everythime I did it in a test environment it broke things to a point where a reinstall was needed.

Good luck..
0
 
Walter CurtisSharePoint AEDCommented:
Any luck?
0
 
jjacob72Author Commented:
Thanks SneekCo.  I couldn't even get into the service accounts through central admin.  I ended up restoring the primary domain controller from a backup image from a couple weeks ago (and in a test environment first) and all has been running well.  I did have to take 2012 server off the domain and to a workgroup and back to the domain after the restore, but there's been no more trust issues or errors within the SharePoint server (I'm happy that I didn't have to rebuild SharePoint from an earlier version).  

Issue closed, with the best advice I can provide is to be sure you have usable backups!  Now I need to figure out what to do with secondary dc....
0
 
Walter CurtisSharePoint AEDCommented:
Glad you got it working again. Those kind of issues can be annoying.

Good luck with your secondary DC. If the primary is okay, it should be straight forward to get that one up and running.
0
 
jjacob72Author Commented:
After spending two days trying to correct the trust/dns issue, restoring from backup was the best course of action - and solved the problem.  And make sure to have viable backups available!
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now