locked
SharePoint 2013 - workflow manager certificate requested with thumbprint not found in the certificate store RRS feed

  • Question

  • Hi

    My SharePoint 2013 Workflow Manager was working fine.   today workflow 2013 is not initiated and  server Service Bus Gateway and Service Bus Message Broker services are not running.

    I then discovered that in IIS - Workflow Management Site - Binding, the certificate had expired few days ago.

    I then created a new certificate in Certificate Store and in IIS - Workflow Management Site - Binding , I replaced the expired certificate with the new one.

    replaced certificate OK and did IISreset OK but workflow 2013 still not working

    I then used PowerShell just to check WFM status and see these errors. 

    Get-WFFarm
    Get-WFFarm : Certificate requested with thumbprint 1B8A5AB5C9D8D50337BE4C905F672F8B8CA37747 not found in the certificate store LocalMachine\My.

    Get-SBFarm
    Get-SBFarm : Certificate requested with thumbprint 8A9C0F8E1984E570DE52F76C6C939FCFF9274652 not found in the certificate store

    Look like the PS tried to find expired certificates thumbprint, 

    I had not deleted the expired certificates and they are still in certificate store.   So I open IIS - Workflow Management Site - Binding and put back the expired certificate and IISreset.  (only certificate for WFFARM)

    but now I still got the same error not finding the certificate thumbprint.

    Please anyone have seen this issue or have any suggestion or solution, please share.

    Thanks in advance.


    Swanl

    Tuesday, April 9, 2019 9:00 PM

Answers

  • Hi Allen

    I tried the steps but that didn't helps.  but you are right,  we were able to change the certificate and WFM are working now. 

    I engaged Microsoft and worked with an engineer to go through a number of steps that include the two steps that you suggested above.  the key to fix is to change the server date back to before the cert expiration date to fix it.

    • you should do this with an outage windows
    • Stop and disable SP Time service,  Windows Time service,  Hyper-V Time Synchronization Service
    • change WFM server date back to the date before the certificate expiration date
    • now WFM is back running,  remove from farm 2 of the 3 WFM servers
    • on the remain WFM servers
    • either auto generate or set SB and WF certificates (key steps)
    • run Get-SBFarm and Get-WFFarm to verify that the new certificates are correct.
    • check all WFM services are up running
    • Change the date forward to present date
    • turn back all SP and Windows services on all WFM servers
    • Re-add other WFM servers
    • Add the workflow manager certificate to SharePoint's trust  (your step)
    • Force the immediate run of the "Refresh Trusted Security Token Services Metadata" timer job
    • test publishing a new workflow

    Thanks


    Swanl


    Friday, April 12, 2019 4:15 PM

All replies

  • Hi Swanl,

    Make sure if you have done below twos steps before do IISReset:

    1. Force the immediate run of the "Refresh Trusted Security Token Services Metadata" timer job. 

    2. Add the workflow manager certificate to SharePoint's trust.

    If not, re-test your solution with using above two steps.

    Best regards,

    Allen Bai


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Wednesday, April 10, 2019 7:09 AM
  • Thanks Allen

    I will try these steps today.


    Swanl

    Thursday, April 11, 2019 6:25 PM
  • Hi Allen

    I tried the steps but that didn't helps.  but you are right,  we were able to change the certificate and WFM are working now. 

    I engaged Microsoft and worked with an engineer to go through a number of steps that include the two steps that you suggested above.  the key to fix is to change the server date back to before the cert expiration date to fix it.

    • you should do this with an outage windows
    • Stop and disable SP Time service,  Windows Time service,  Hyper-V Time Synchronization Service
    • change WFM server date back to the date before the certificate expiration date
    • now WFM is back running,  remove from farm 2 of the 3 WFM servers
    • on the remain WFM servers
    • either auto generate or set SB and WF certificates (key steps)
    • run Get-SBFarm and Get-WFFarm to verify that the new certificates are correct.
    • check all WFM services are up running
    • Change the date forward to present date
    • turn back all SP and Windows services on all WFM servers
    • Re-add other WFM servers
    • Add the workflow manager certificate to SharePoint's trust  (your step)
    • Force the immediate run of the "Refresh Trusted Security Token Services Metadata" timer job
    • test publishing a new workflow

    Thanks


    Swanl


    Friday, April 12, 2019 4:15 PM
  • Hi Swanl,

    I am glad that you have solved your issue.

    You could mark your reply as an answer so that other who meets the similar issue will directly see your answer.

    Best regards,

    Allen Bai


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Monday, April 15, 2019 1:59 AM