Solved

SharePoint Foundation Error

Posted on 2016-08-14
5
36 Views
Last Modified: 2016-08-21
Hey everyone.  I've run into a major problem with my SharePoint 2013 server that's running on Server 2012.  Over the last couple of days, I've run into an error trust issue between the Server 2012 machine and the Domain Controller.  Basically what happened was the server 2012 machine came up with the trust error, and couldn't login.  I changed the machine to the local workgroup and rejoin the domain (note - I did NOT delete the machine in AD).  This fixed it, at least temporarily.  Was still having the trust issue, and after a couple days of leaving the domain and rejoining - the machine seems to be stable within.  

Now for the bigger problem.  SharePoint users were constantly being required to authenticate with credentials (which wasn't working).  Checking the event logs I've been seeing this show up every 15 minutes:

An exception occurred while updating addresses for connected app {7b42a9c7-0157-4d48-ab6b-7512333d72b9_06ad76b1-9f8b-4067-ac8b-42c105370ca5}. The uri endpoint information may be stale. System.SystemException: The trust relationship between this workstation and the primary domain failed.

   at System.Security.Principal.SecurityIdentifier.TranslateToNTAccounts(IdentityReferenceCollection sourceSids, Boolean& someFailed)
   at System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection sourceSids, Type targetType, Boolean forceSuccess)
   at System.Security.Principal.SecurityIdentifier.Translate(Type targetType)
   at Microsoft.SharePoint.Administration.SPAce`1.get_PrincipalName()
   at Microsoft.SharePoint.Administration.SPAcl`1.Add(String principalName, String displayName, SPIdentifierType identifierType, Byte[] identifier, T grantRightsMask, T denyRightsMask)
   at Microsoft.SharePoint.Administration.SPAcl`1..ctor(String persistedAcl)
   at Microsoft.SharePoint.Administration.SPIisWebServiceApplication.OnDeserialization()
   at Microsoft.SharePoint.Administration.SPPersistedObject.Initialize(ISPPersistedStoreProvider persistedStoreProvider, Guid id, Guid parentId, String name, SPObjectStatus status, Int64 version, XmlDocument state)
   at Microsoft.SharePoint.Administration.SPFileSystemCache.FetchObjectFromFileSystem(Guid id)
   at Microsoft.SharePoint.Administration.SPFileSystemCache.GetValue(Guid id)
   at Microsoft.SharePoint.Administration.SPCache`2.get_Item(K key)
   at Microsoft.SharePoint.Administration.SPConfigurationDatabase.GetObject(Guid id, Boolean checkInMemoryCache, Boolean checkFileSystemCache)
   at Microsoft.SharePoint.Administration.SPFarm.GetObject(Guid id)
   at Microsoft.SharePoint.SPTopologyWebServiceApplicationProxy.GetEndPoints(Guid serviceId)
   at Microsoft.SharePoint.SPConnectedServiceApplicationAddressesRefreshJob.Execute(Guid targetInstanceId)

I've ran Test-ComputerSecureChannel -Repair and the error still shows every 15 mins.  Any help with fixing this would be greatly appreciated.
0
Comment
Question by:jjacob72
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 17

Assisted Solution

by:Walter Curtis
Walter Curtis earned 500 total points
ID: 41755901
SharePoint communicates with service accounts that should be domain based. When the machine left the domain, the service accounts should have been okay, since the accounts still existed in the domain. BUT, somehow SharePoint might have lost connection to authenticate some of the accounts. It appears that your farm account is okay, I presume you can get in to Central Admin. So go the security settings for SharePoint found in Central Admin and confirm account credentials.

I never had the need to remove a SP server from the domain in a prod farm, and if I did might not have the gonads to do it, because everythime I did it in a test environment it broke things to a point where a reinstall was needed.

Good luck..
0
 
LVL 17

Expert Comment

by:Walter Curtis
ID: 41757985
Any luck?
0
 

Accepted Solution

by:
jjacob72 earned 0 total points
ID: 41758744
Thanks SneekCo.  I couldn't even get into the service accounts through central admin.  I ended up restoring the primary domain controller from a backup image from a couple weeks ago (and in a test environment first) and all has been running well.  I did have to take 2012 server off the domain and to a workgroup and back to the domain after the restore, but there's been no more trust issues or errors within the SharePoint server (I'm happy that I didn't have to rebuild SharePoint from an earlier version).  

Issue closed, with the best advice I can provide is to be sure you have usable backups!  Now I need to figure out what to do with secondary dc....
0
 
LVL 17

Expert Comment

by:Walter Curtis
ID: 41758758
Glad you got it working again. Those kind of issues can be annoying.

Good luck with your secondary DC. If the primary is okay, it should be straight forward to get that one up and running.
0
 

Author Closing Comment

by:jjacob72
ID: 41764180
After spending two days trying to correct the trust/dns issue, restoring from backup was the best course of action - and solved the problem.  And make sure to have viable backups available!
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question