Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

SharePoint Foundation Error

Posted on 2016-08-14
5
27 Views
Last Modified: 2016-08-21
Hey everyone.  I've run into a major problem with my SharePoint 2013 server that's running on Server 2012.  Over the last couple of days, I've run into an error trust issue between the Server 2012 machine and the Domain Controller.  Basically what happened was the server 2012 machine came up with the trust error, and couldn't login.  I changed the machine to the local workgroup and rejoin the domain (note - I did NOT delete the machine in AD).  This fixed it, at least temporarily.  Was still having the trust issue, and after a couple days of leaving the domain and rejoining - the machine seems to be stable within.  

Now for the bigger problem.  SharePoint users were constantly being required to authenticate with credentials (which wasn't working).  Checking the event logs I've been seeing this show up every 15 minutes:

An exception occurred while updating addresses for connected app {7b42a9c7-0157-4d48-ab6b-7512333d72b9_06ad76b1-9f8b-4067-ac8b-42c105370ca5}. The uri endpoint information may be stale. System.SystemException: The trust relationship between this workstation and the primary domain failed.

   at System.Security.Principal.SecurityIdentifier.TranslateToNTAccounts(IdentityReferenceCollection sourceSids, Boolean& someFailed)
   at System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection sourceSids, Type targetType, Boolean forceSuccess)
   at System.Security.Principal.SecurityIdentifier.Translate(Type targetType)
   at Microsoft.SharePoint.Administration.SPAce`1.get_PrincipalName()
   at Microsoft.SharePoint.Administration.SPAcl`1.Add(String principalName, String displayName, SPIdentifierType identifierType, Byte[] identifier, T grantRightsMask, T denyRightsMask)
   at Microsoft.SharePoint.Administration.SPAcl`1..ctor(String persistedAcl)
   at Microsoft.SharePoint.Administration.SPIisWebServiceApplication.OnDeserialization()
   at Microsoft.SharePoint.Administration.SPPersistedObject.Initialize(ISPPersistedStoreProvider persistedStoreProvider, Guid id, Guid parentId, String name, SPObjectStatus status, Int64 version, XmlDocument state)
   at Microsoft.SharePoint.Administration.SPFileSystemCache.FetchObjectFromFileSystem(Guid id)
   at Microsoft.SharePoint.Administration.SPFileSystemCache.GetValue(Guid id)
   at Microsoft.SharePoint.Administration.SPCache`2.get_Item(K key)
   at Microsoft.SharePoint.Administration.SPConfigurationDatabase.GetObject(Guid id, Boolean checkInMemoryCache, Boolean checkFileSystemCache)
   at Microsoft.SharePoint.Administration.SPFarm.GetObject(Guid id)
   at Microsoft.SharePoint.SPTopologyWebServiceApplicationProxy.GetEndPoints(Guid serviceId)
   at Microsoft.SharePoint.SPConnectedServiceApplicationAddressesRefreshJob.Execute(Guid targetInstanceId)

I've ran Test-ComputerSecureChannel -Repair and the error still shows every 15 mins.  Any help with fixing this would be greatly appreciated.
0
Comment
Question by:jjacob72
  • 3
  • 2
5 Comments
 
LVL 17

Assisted Solution

by:Walter Curtis
Walter Curtis earned 500 total points
ID: 41755901
SharePoint communicates with service accounts that should be domain based. When the machine left the domain, the service accounts should have been okay, since the accounts still existed in the domain. BUT, somehow SharePoint might have lost connection to authenticate some of the accounts. It appears that your farm account is okay, I presume you can get in to Central Admin. So go the security settings for SharePoint found in Central Admin and confirm account credentials.

I never had the need to remove a SP server from the domain in a prod farm, and if I did might not have the gonads to do it, because everythime I did it in a test environment it broke things to a point where a reinstall was needed.

Good luck..
0
 
LVL 17

Expert Comment

by:Walter Curtis
ID: 41757985
Any luck?
0
 

Accepted Solution

by:
jjacob72 earned 0 total points
ID: 41758744
Thanks SneekCo.  I couldn't even get into the service accounts through central admin.  I ended up restoring the primary domain controller from a backup image from a couple weeks ago (and in a test environment first) and all has been running well.  I did have to take 2012 server off the domain and to a workgroup and back to the domain after the restore, but there's been no more trust issues or errors within the SharePoint server (I'm happy that I didn't have to rebuild SharePoint from an earlier version).  

Issue closed, with the best advice I can provide is to be sure you have usable backups!  Now I need to figure out what to do with secondary dc....
0
 
LVL 17

Expert Comment

by:Walter Curtis
ID: 41758758
Glad you got it working again. Those kind of issues can be annoying.

Good luck with your secondary DC. If the primary is okay, it should be straight forward to get that one up and running.
0
 

Author Closing Comment

by:jjacob72
ID: 41764180
After spending two days trying to correct the trust/dns issue, restoring from backup was the best course of action - and solved the problem.  And make sure to have viable backups available!
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The related questions "How do I recover the passwords for my Q-See DVR" and "How can I reset my Q-See DVR to eliminate a password" are seen several times a week.  Here we discuss the grim reality of the situation.
If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question