While installing Workflow Host Manager, you might get following error:

Processing completed

Validating input and configuration parameters.

Installing auto generated certificate.

Granting 'Log on as Service' privilege to the run as account.

Workflow configuration starting.

Configuring workflow runtime settings.

System.Management.Automation.CmdletInvocationException: The token provider was unable to provide a security token while accessing 'https://host:4446/WorkflowDefaultNamespace/$STS/Windows/'. Token provider returned message: 'The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.'. ---> System.UnauthorizedAccessException: The token provider was unable to provide a security token while accessing 'https://host/WorkflowDefaultNamespace/$STS/Windows/'. Token provider returned message: 'The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.'. ---> System.IdentityModel.Tokens.SecurityTokenException: The token provider was unable to provide a security token while accessing 'https://host/WorkflowDefaultNamespace/$STS/Windows/'. Token provider returned message: 'The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.'. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)

at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)

at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)

at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)

at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)

at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)

at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)

at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)

at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)

at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)

at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)

This error is caused by missing trust between the context of the account (user) who started the setup and Workflow Host Manager service. The setup is trying to send the REST message by using SSL. Unfortunately the the certificate chain trust is broken. Following can cause this error:

1. Setup is trying to access the service via host header which does not correspond to certificate. host.domain.com is not equal host.com, if the certificate does not provide host-wildcards.

2. Certificate is not trusted.

3. Your Fiddler is running and Fiddler's certificate is not trusted.