Solved

SharePoint Foundation Error

Posted on 2016-08-14
5
42 Views
Last Modified: 2016-08-21
Hey everyone.  I've run into a major problem with my SharePoint 2013 server that's running on Server 2012.  Over the last couple of days, I've run into an error trust issue between the Server 2012 machine and the Domain Controller.  Basically what happened was the server 2012 machine came up with the trust error, and couldn't login.  I changed the machine to the local workgroup and rejoin the domain (note - I did NOT delete the machine in AD).  This fixed it, at least temporarily.  Was still having the trust issue, and after a couple days of leaving the domain and rejoining - the machine seems to be stable within.  

Now for the bigger problem.  SharePoint users were constantly being required to authenticate with credentials (which wasn't working).  Checking the event logs I've been seeing this show up every 15 minutes:

An exception occurred while updating addresses for connected app {7b42a9c7-0157-4d48-ab6b-7512333d72b9_06ad76b1-9f8b-4067-ac8b-42c105370ca5}. The uri endpoint information may be stale. System.SystemException: The trust relationship between this workstation and the primary domain failed.

   at System.Security.Principal.SecurityIdentifier.TranslateToNTAccounts(IdentityReferenceCollection sourceSids, Boolean& someFailed)
   at System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection sourceSids, Type targetType, Boolean forceSuccess)
   at System.Security.Principal.SecurityIdentifier.Translate(Type targetType)
   at Microsoft.SharePoint.Administration.SPAce`1.get_PrincipalName()
   at Microsoft.SharePoint.Administration.SPAcl`1.Add(String principalName, String displayName, SPIdentifierType identifierType, Byte[] identifier, T grantRightsMask, T denyRightsMask)
   at Microsoft.SharePoint.Administration.SPAcl`1..ctor(String persistedAcl)
   at Microsoft.SharePoint.Administration.SPIisWebServiceApplication.OnDeserialization()
   at Microsoft.SharePoint.Administration.SPPersistedObject.Initialize(ISPPersistedStoreProvider persistedStoreProvider, Guid id, Guid parentId, String name, SPObjectStatus status, Int64 version, XmlDocument state)
   at Microsoft.SharePoint.Administration.SPFileSystemCache.FetchObjectFromFileSystem(Guid id)
   at Microsoft.SharePoint.Administration.SPFileSystemCache.GetValue(Guid id)
   at Microsoft.SharePoint.Administration.SPCache`2.get_Item(K key)
   at Microsoft.SharePoint.Administration.SPConfigurationDatabase.GetObject(Guid id, Boolean checkInMemoryCache, Boolean checkFileSystemCache)
   at Microsoft.SharePoint.Administration.SPFarm.GetObject(Guid id)
   at Microsoft.SharePoint.SPTopologyWebServiceApplicationProxy.GetEndPoints(Guid serviceId)
   at Microsoft.SharePoint.SPConnectedServiceApplicationAddressesRefreshJob.Execute(Guid targetInstanceId)

I've ran Test-ComputerSecureChannel -Repair and the error still shows every 15 mins.  Any help with fixing this would be greatly appreciated.
0
Comment
Question by:jjacob72
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 18

Assisted Solution

by:Walter Curtis
Walter Curtis earned 500 total points
ID: 41755901
SharePoint communicates with service accounts that should be domain based. When the machine left the domain, the service accounts should have been okay, since the accounts still existed in the domain. BUT, somehow SharePoint might have lost connection to authenticate some of the accounts. It appears that your farm account is okay, I presume you can get in to Central Admin. So go the security settings for SharePoint found in Central Admin and confirm account credentials.

I never had the need to remove a SP server from the domain in a prod farm, and if I did might not have the gonads to do it, because everythime I did it in a test environment it broke things to a point where a reinstall was needed.

Good luck..
0
 
LVL 18

Expert Comment

by:Walter Curtis
ID: 41757985
Any luck?
0
 

Accepted Solution

by:
jjacob72 earned 0 total points
ID: 41758744
Thanks SneekCo.  I couldn't even get into the service accounts through central admin.  I ended up restoring the primary domain controller from a backup image from a couple weeks ago (and in a test environment first) and all has been running well.  I did have to take 2012 server off the domain and to a workgroup and back to the domain after the restore, but there's been no more trust issues or errors within the SharePoint server (I'm happy that I didn't have to rebuild SharePoint from an earlier version).  

Issue closed, with the best advice I can provide is to be sure you have usable backups!  Now I need to figure out what to do with secondary dc....
0
 
LVL 18

Expert Comment

by:Walter Curtis
ID: 41758758
Glad you got it working again. Those kind of issues can be annoying.

Good luck with your secondary DC. If the primary is okay, it should be straight forward to get that one up and running.
0
 

Author Closing Comment

by:jjacob72
ID: 41764180
After spending two days trying to correct the trust/dns issue, restoring from backup was the best course of action - and solved the problem.  And make sure to have viable backups available!
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
There is a lot to be said for protecting yourself and your accounts with 2 factor authentication.  I found to my own chagrin, that there is a big downside as well.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question