none
BI - Secure Store Service problem RRS feed

  • Question

  • Hello everyone,

    I have a problem when rendering Sample Reports in BI. I get the following message the first time I try running a sample report in BI:


    "An error occurred while accessing Secure Store Service. The following connections failed to refresh: Project Server -  Deliverables "

     

    However, if I go back and then chose the report again, it renders fine (either second or third time, or if I click TWICE "Data -> Refresh All Connections"). After that, it is fine for a while, unless I leave the computer and come back after some times, the problem shows up again as if something is timing out. I get the following errors in the logs:

    "An operation failed because the following certificate has validation errors:\n\nSubject Name: CN=SharePoint Services, OU=SharePoint, O=Microsoft, C=US\nIssuer Name: CN=SharePoint Root Authority, OU=SharePoint, O=Microsoft, C=US\nThumbprint: A0E829095B90CAE8D0A73CC7E1FE79AEB6BF01D2\n\nErrors:\n\n SSL policy errors have been encountered.  Error code '0x6'.."    ----> Which certificate is this ??

     

    and another right after:

     

    The Secure Store Service application Secure Store Service is not accessible. The full exception text is: There was no endpoint listening at https://webapp2:32844/8a1151c4e5a64e6d9dd01a3a4b1902b1/SecureStoreService.svc/https that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.

     

    More about my setup:

    - two front web/app nodes ... with a load balancer in front. The problem is happening on both servers, each server is trying to access the SSS on the other one, so the error message above is when accessing the first web node (webapp1).

    - Claims based authentication with LDAP provider

    - SSL enabled in extended web app on 443

     

    Any help would be greatly appreciated!

    Thank you.

     

    EDIT: More details:

    - when I got to Central Admin, and click on Secure Storage Service I get an error. Checking the logs, I get the same errors as above.

    - deleted/recreated the Secure Storage Service Application, same problems.

     

    Is there any way to "bring back to stock" only the Secure Storage Service ?

    Wednesday, February 23, 2011 6:00 PM

Answers

  •  

    EDIT:

    Nico, based on your suggestion I'm one step closer to the fix it's now fixed :)

     

    I found out which certificate was the "culprit". I followed the MMC way, but it can be shown in Powershell also (Get-ChildItem cert:\LocalMachine\SharePoint )

     

    Checking the thumbprint, I found out it was the SharePoint Services certificate (used for SSL port on the Sharepoint Web Services).

     

    Import-Module WebAdministration
    (Get-Item 'IIS:\SslBindings\0.0.0.0!32844') | Format-List Store, Thumbprint


    From the errors in the log it looked like the web node that was handling the request was calling the other node's web services. The certificate error was for the first node's certificate so that was a bit fishy ...

    I am using Linux LVS-DR to provide load balancing, and require a loopback interface with a live IP inside the web nodes. To make the story short, the virtual IP shared by all web nodes and the load balancer director was picked up by the DNS server in AD. It's working fine after taking care of the DNS !


    Thanks again!

    • Marked as answer by Alex S.O_ Thursday, February 24, 2011 8:32 PM
    Thursday, February 24, 2011 6:21 PM

All replies

  • No real idea, but I do now that SharePoint by default does not trust all the authorites that are trusted by windows - you have to specifically import them.

     

    So maybe see if you can find the cert that its complaining about (using MMC --> Certificates --> Local Computer), see who issued it, and try and find the issuer's cert.  Then import this cert in SharePoint (Central Administration --> Security --> Manage Trust), to make sure that SP trusts the issuer.

    Wild try...


    http://blogs.umtsa.co.za/nicoo
    Wednesday, February 23, 2011 10:03 PM
  •  

    EDIT:

    Nico, based on your suggestion I'm one step closer to the fix it's now fixed :)

     

    I found out which certificate was the "culprit". I followed the MMC way, but it can be shown in Powershell also (Get-ChildItem cert:\LocalMachine\SharePoint )

     

    Checking the thumbprint, I found out it was the SharePoint Services certificate (used for SSL port on the Sharepoint Web Services).

     

    Import-Module WebAdministration
    (Get-Item 'IIS:\SslBindings\0.0.0.0!32844') | Format-List Store, Thumbprint


    From the errors in the log it looked like the web node that was handling the request was calling the other node's web services. The certificate error was for the first node's certificate so that was a bit fishy ...

    I am using Linux LVS-DR to provide load balancing, and require a loopback interface with a live IP inside the web nodes. To make the story short, the virtual IP shared by all web nodes and the load balancer director was picked up by the DNS server in AD. It's working fine after taking care of the DNS !


    Thanks again!

    • Marked as answer by Alex S.O_ Thursday, February 24, 2011 8:32 PM
    Thursday, February 24, 2011 6:21 PM
  • Try this link out, it worked for had the same problem and all got fixed.

    http://technet.microsoft.com/en-us/library/ee662106.aspx#section3

     

    Wednesday, March 23, 2011 9:34 AM