Error

When you're trying to follow the document or site in SharePoint 2016, you can encounter the following error:

Something went wrong

Sorry, we couldn't follow the site.

Technical Details

InternalError : Could not follow the item https://test.krossfarm.com

Environment

Krossfarm has a multiple farm environment, where a dedicated services farm host the User profile and search service provisioned, While another farm which host the team sites and publishing Sites Called Team farm. They build the trust between Services Farm and Team farm and consume the services from the Services farm. They published the UPA from Services Farm and consume it in the team site farm.

 

Troubleshooting

Krossfarm's administrator will check the following things:

  • Check the app pool account from the Team's farm has permission on the UPA in services farm with full control
  • User Profile Service Proxy is associated with Team Web app and MySite Web app
  • Managed Meta Data Services proxy associated with Team Web app and MySite Web app
  • We check the root and sts certs are properly added
  • Even we checked the permission on the SQL server, App pool account does have rights on Profile db, Social db and Sync db.
  • Finally, we examine the ULS logs and found these entries

  

12/06/2016 12:15:19.23 w3wp.exe (kfsp:0x4884) 0x7D68 SharePoint Foundation Monitoring b4ly High Leaving Monitored Scope: (S2SMonitor: FollowedContent.FollowItem(https://test.krossfarm.com/); ) Execution Time=740.861923694252; CPU Milliseconds=494; SQL Query Count=4; Parent=FollowedContent.Follow(https://test.krossfarm.com/) 1254bd9d-552e-00bd-1962-54ae563214b4 

12/06/2016 12/06/2016 12:15:19.23 w3wp.exe (kfsp:0x4884) 0x7D68 SharePoint Portal Server Content Following afilq Unexpected FollowedContent.FollowItem:Exception:System.Net.WebException: The remote server returned an error: (401) Unauthorized. at System.Net.HttpWebRequest.GetResponse() at Microsoft.SharePoint.Client.SPWebRequestExecutor.Execute() at Microsoft.SharePoint.Client.ClientRequest.ExecuteQueryToServer(ChunkStringBuilder sb) at Microsoft.Office.Server.UserProfiles.FollowedContentProxy.Execute(String methodName) at Microsoft.Office.Server.UserProfiles.FollowedContentProxy.FollowItem(FollowedItem item) at Microsoft.Office.Server.UserProfiles.FollowedContent.FollowItem(FollowedItem item, Boolean isInternal) 1254bd9d-552e-00bd-1962-54ae563214b4  

12/06/2016 12:15:19.23 w3wp.exe (kfsp:0x4884) 0x7D68 SharePoint Foundation Monitoring b4ly High Leaving Monitored Scope: (FollowedContent.Follow(https://test.krossfarm.com/)) Execution Time=779.766706499348; CPU Milliseconds=523; SQL Query Count=7; Parent=Microsoft.Office.Server.UserProfiles.FollowedContent.Follow 1254bd9d-552e-00bd-1962-54ae563214b4 

12/06/2016 12:15:19.23 w3wp.exe (kfsp:0x4884) 0x7D68 Document Management Server Reporting ay6ke High FollowedContent.Follow Failure: Follow: Unexpected FollowedContentExceptionCode. 1254bd9d-552e-00bd-1962-54ae563214b4 

12/06/2016 12:15:19.23 w3wp.exe (kfsp:0x4884) 0x7D68 SharePoint Foundation CSOM ahjq1 High Exception occurred in scope Microsoft.Office.Server.UserProfiles.FollowedContent.Follow. Exception=Microsoft.Office.Server.UserProfiles.FollowedContentException: InternalError : Could not follow the item https://test.krossfarm.com at Microsoft.Office.Server.UserProfiles.FollowedContent.FollowItem(FollowedItem item, Boolean isInternal) at Microsoft.Office.Server.UserProfiles.FollowedContent.Follow(Uri url, FollowedItemData data) at Microsoft.Office.Server.UserProfiles.FollowedContentServerStub.InvokeMethod(Object target, String methodName, XmlNodeList xmlargs, ProxyContext proxyContext, Boolean& isVoid) at Microsoft.SharePoint.Client.ServerStub.InvokeMethodWithMonitoredScope(Object target, String methodName, XmlNodeList args, ProxyContext proxyContext, Boolean& isVoid) 1254bd9d-552e-00bd-1962-54ae563214b4 12/06/2016 12:15:19.23 w3wp.exe (kfsp:0x4884) 0x7D68 SharePoint Foundation CSOM agmjp Medium Original error: Microsoft.Office.Server.UserProfiles.FollowedContentException: InternalError : Could not follow the item https://test.krossfarm.com at Microsoft.Office.Server.UserProfiles.FollowedContent.FollowItem(FollowedItem item, Boolean isInternal) at Microsoft.Office.Server.UserProfiles.FollowedContent.Follow(Uri url, FollowedItemData data) at Microsoft.Office.Server.UserProfiles.FollowedContentServerStub.InvokeMethod(Object target, String methodName, XmlNodeList xmlargs, ProxyContext proxyContext, Boolean& isVoid) at Microsoft.SharePoint.Client.ServerStub.InvokeMethodWithMonitoredScope(Object target, String methodName, XmlNodeList args, ProxyContext proxyContext, Boolean& isVoid) 1254bd9d-552e-00bd-1962-54ae563214b4 12/06/2016 12:15:19.23 w3wp.exe (kfsp:0x4884) 0x7D68 SharePoint Portal Server Microfeeds aizmo Medium SocialRESTExceptionProcessingHandler.DoServerExceptionProcessing - SharePoint Server Exception [Microsoft.Office.Server.UserProfiles.FollowedContentException: InternalError : Could not follow the item https://test.krossfarm.com  at Microsoft.Office.Server.UserProfiles.FollowedContent.FollowItem(FollowedItem item, Boolean isInternal) at Microsoft.Office.Server.UserProfiles.FollowedContent.Follow(Uri url, FollowedItemData data) at Microsoft.Office.Server.UserProfiles.FollowedContentServerStub.InvokeMethod(Object target, String methodName, XmlNodeList xmlargs, ProxyContext proxyContext, Boolean& isVoid) at Microsoft.SharePoint.Client.ServerStub.InvokeMethodWithMonitoredScope(Object target, String methodName, XmlNodeList args, ProxyContext proxyContext, Boolean& isVoid)]1254bd9d-552e-00bd-1962-54ae563214b4 

 

Above errors are not giving enough information, but force me to re-check my trust settings.  Let's check the below settings one by one:

  1. Exchange trust certificates between the farms. Completed Successfully
  2. On the publishing farm, publish the service application. Completed Successfully
  3. On the consuming farm, set the permission to the appropriate service applications. Completed Successfully
  4. On the consuming farm, connect to the remote service application. Completed Successfully
  5. Add the shared service application to a Web application proxy group on the consuming farm. Completed Successfully
  6. Configure server-to-server authentication between the publishing and consuming farms. Realm settings on both farms are different which means Server to Server authentication is not configured correctly.

Resolution

In the cross farm environment, if you want to enable the following documents, access the User profile data or posting in the feed on the behalf of users. Then we have to build the Server to Server Authentication.

 

Configure Publishing Farm

First, run the below commands on the Publishing Farm.

 

# Set the friendly Realm name for the Publishing

Set-SPAuthenticationRealm -Realm PubTrust

 

# Now configure the Name Id settings on publishing farm

$sts=Get-SPSecurityTokenServiceConfig
 
$Realm=Get-SpAuthenticationRealm
 
$nameId = "00000003-0000-0ff1-ce00-000000000000@$Realm"
 
Write-Host "Setting STS NameId to $nameId"
 
$sts.NameIdentifier = $nameId
 
$sts.Update()

 

#  Configure the Server to Server Authentication

New-SPTrustedSecurityTokenIssuer -MetadataEndpoint "https://test.krossfarm.com/_layouts/15/metadata/json/1" -Name "Consumer-Trust"

 

Note: https://test.krossfarm.com is URL of the web application from consumer farm

 

Configure Consuming Farm

Now run the below commands on the Consuming Farm:

# Set the friendly Realm name for the Consuming, Realm name should be same of the Publishing farm

Set-SPAuthenticationRealm -Realm PubTrust

 

# Now configure the Name Id settings on Consuming farm 

$sts=Get-SPSecurityTokenServiceConfig

$Realm=Get-SpAuthenticationRealm

$nameId = "00000003-0000-0ff1-ce00-000000000000@$Realm"

Write-Host "Setting STS NameId to $nameId"

$sts.NameIdentifier = $nameId

$sts.Update()

 

#  Configure the Server to Server Authentication at consuming farm

New-SPTrustedSecurityTokenIssuer -MetadataEndpoint "https://mysite.krossfarm.com/layouts/15/metadata/json/1" -Name "Pub-Trust"

Note:  https://mysite.krossfarm.com is URL of the web application from publishing farm

Testing

Now, if you try to follow a document/ site from Consuming Farm you will see it.