Problem:

When trying to follow the document or site in SharePoint 2016, we encountered the following error

 

Something went wrong

Sorry, we couldn't follow the site.

Technical Details

InternalError: Could not follow the item https://test.krossfarm.com

Environment:

Krossfarm has multiple farm environment, where a dedicated services farm host the  User profile and search service provisioned, While another farm which host the team sites and publishing Sites Called Team farm. They build the trust between Services Farm and Team farm and consume the services from the Services farm. They published the UPA from Services Farm and consume it in the team site farm.

Troubleshooting:

  • Krossfarm's administrator check the following things
  • Check the app pool account from the Team's farm has permission on the UPA in services farm with full control
  • User Profile Service Proxy is associated with Team Web app and MySite Web app
  • Managed Meta Data Services proxy associated with Team Web app and MySite Web app
  • We check the root and sts certs are properly added
  • Even we checked the permission on the SQL server, App pool account does have rights on Profile db, social db and Sync db.
  • Finally we examine the ULS logs and found these entries

12/02/2016 11:03:23.28 w3wp.exe (KFWFE1:0x4884) 0x7D68 SharePoint Foundation Monitoring b4ly High Leaving Monitored Scope: (S2SMonitor: FollowedContent.FollowItem(https://test.krossfarm.com/); ) Execution Time=740.861923694252; CPU Milliseconds=494; SQL Query Count=4; Parent=FollowedContent.Follow(https://test.krossfarm.com/) 3727bd9d-552d-00bd-2004-54ae858124b4 

12/02/2016 11:03:23.28 w3wp.exe (KFWFE1:0x4884) 0x7D68 SharePoint Portal Server Content Following afilq Unexpected FollowedContent.FollowItem:Exception:System.Net.WebException: The remote server returned an error: (401) Unauthorized. at System.Net.HttpWebRequest.GetResponse() at Microsoft.SharePoint.Client.SPWebRequestExecutor.Execute() at Microsoft.SharePoint.Client.ClientRequest.ExecuteQueryToServer(ChunkStringBuilder sb) at Microsoft.Office.Server.UserProfiles.FollowedContentProxy.Execute(String methodName) at Microsoft.Office.Server.UserProfiles.FollowedContentProxy.FollowItem(FollowedItem item) at Microsoft.Office.Server.UserProfiles.FollowedContent.FollowItem(FollowedItem item, Boolean isInternal) 3727bd9d-552d-00bd-2004-54ae858124b4 

12/02/2016 11:03:23.28 w3wp.exe (KFWFE1:0x4884) 0x7D68 SharePoint Foundation Monitoring b4ly High Leaving Monitored Scope: (FollowedContent.Follow(
https://test.krossfarm.com/)) Execution Time=779.766706499348; CPU Milliseconds=523; SQL Query Count=7; Parent=Microsoft.Office.Server.UserProfiles.FollowedContent.Follow 3727bd9d-552d-00bd-2004-54ae858124b4 12/02/2016 11:03:23.28 w3wp.exe (KFWFE1:0x4884) 0x7D68 Document Management Server Reporting ay6ke High FollowedContent.Follow Failure: Follow: Unexpected FollowedContentExceptionCode. 3727bd9d-552d-00bd-2004-54ae858124b4 12/02/2016 11:03:23.28 w3wp.exe (KFWFE1:0x4884) 0x7D68 SharePoint Foundation CSOM ahjq1 High Exception occured in scope Microsoft.Office.Server.UserProfiles.FollowedContent.Follow. Exception=Microsoft.Office.Server.UserProfiles.FollowedContentException: InternalError : Could not follow the item https://test.krossfarm.com at Microsoft.Office.Server.UserProfiles.FollowedContent.FollowItem(FollowedItem item, Boolean isInternal) at Microsoft.Office.Server.UserProfiles.FollowedContent.Follow(Uri url, FollowedItemData data) at Microsoft.Office.Server.UserProfiles.FollowedContentServerStub.InvokeMethod(Object target, String methodName, XmlNodeList xmlargs, ProxyContext proxyContext, Boolean& isVoid) at Microsoft.SharePoint.Client.ServerStub.InvokeMethodWithMonitoredScope(Object target, String methodName, XmlNodeList args, ProxyContext proxyContext, Boolean& isVoid) 3727bd9d-552d-00bd-2004-54ae858124b4 

12/02/2016 11:03:23.28 w3wp.exe (KFWFE1:0x4884) 0x7D68 SharePoint Foundation CSOM agmjp Medium Original error: Microsoft.Office.Server.UserProfiles.FollowedContentException: InternalError : Could not follow the item 
https://test.krossfarm.com at Microsoft.Office.Server.UserProfiles.FollowedContent.FollowItem(FollowedItem item, Boolean isInternal) at Microsoft.Office.Server.UserProfiles.FollowedContent.Follow(Uri url, FollowedItemData data) at Microsoft.Office.Server.UserProfiles.FollowedContentServerStub.InvokeMethod(Object target, String methodName, XmlNodeList xmlargs, ProxyContext proxyContext, Boolean& isVoid) at Microsoft.SharePoint.Client.ServerStub.InvokeMethodWithMonitoredScope(Object target, String methodName, XmlNodeList args, ProxyContext proxyContext, Boolean& isVoid) 3727bd9d-552d-00bd-2004-54ae858124b4 

12/02/2016 11:03:23.28 w3wp.exe (KFWFE1:0x4884) 0x7D68 SharePoint Portal Server Microfeeds aizmo Medium SocialRESTExceptionProcessingHandler.DoServerExceptionProcessing - SharePoint Server Exception [Microsoft.Office.Server.UserProfiles.FollowedContentException: InternalError : Could not follow the item 
https://test.krossfarm.com  at Microsoft.Office.Server.UserProfiles.FollowedContent.FollowItem(FollowedItem item, Boolean isInternal) at Microsoft.Office.Server.UserProfiles.FollowedContent.Follow(Uri url, FollowedItemData data) at Microsoft.Office.Server.UserProfiles.FollowedContentServerStub.InvokeMethod(Object target, String methodName, XmlNodeList xmlargs, ProxyContext proxyContext, Boolean& isVoid) at Microsoft.SharePoint.Client.ServerStub.InvokeMethodWithMonitoredScope(Object target, String methodName, XmlNodeList args, ProxyContext proxyContext, Boolean& isVoid)] 3727bd9d-552d-00bd-2004-54ae858124b4

 

Above errors not giving too much information but forced to recheck trust settings.  Checked the below settings one by one:

  1. Exchange trust certificates between the farms. Completed Successfully
  2. On the publishing farm, publish the service application. Completed Successfully
  3. On the consuming farm, set the permission to the appropriate service applications. Completed Successfully
  4. On the consuming farm, connect to the remote service application. Completed Successfully
  5. Add the shared service application to a Web application proxy group on the consuming farm. Completed Successfully

Root Cause:

Configure server-to-server authentication between the publishing and consuming farms. OH man, this is what we did not set properly, realm settings on both farms are different which means Server to Server authentication is not configured correctly.

 

Resolution:

In the cross farm environment if we want to enable the following documents, access the User profile data or posting in a feed on the behalf of users then we have to build the Server to Server Authentication.

On Publishing Farm

First, run the below commands on the Publishing farm.

 

# Set the friendly Realm name for the Publishing

Set-SPAuthenticationRealm -Realm PubTrust

 

# Now configure the Name Id settings on publishing farm

 

$sts=Get-SPSecurityTokenServiceConfig
 
$Realm=Get-SpAuthenticationRealm
 
$nameId = "00000003-0000-0ff1-ce00-000000000000@$Realm"
 
Write-Host "Setting STS NameId to $nameId"
 
$sts.NameIdentifier = $nameId
 
$sts.Update()

 

#  Configure the Server to Server Authentication

New-SPTrustedSecurityTokenIssuer -MetadataEndpoint "https://test.krossfarm.com/_layouts/15/metadata/json/1" -Name "Consumer-Trust"

 

Note: https://test.krossfarm.com is URL of the web application from consumer farm

On Consuming Farm

Now run the below commands on the consuming farm

 

# Set the friendly Realm name for the Consuming, Realm name should be same of the Publishing farm

Set-SPAuthenticationRealm -Realm PubTrust

# Now configure the Name Id settings on Consuming farm 

$sts=Get-SPSecurityTokenServiceConfig
 
$Realm=Get-SpAuthenticationRealm
 
$nameId = "00000003-0000-0ff1-ce00-000000000000@$Realm"
 
Write-Host "Setting STS NameId to $nameId"
 
$sts.NameIdentifier = $nameId
 
$sts.Update()

#  Configure the Server to Server Authentication at consuming farm

New-SPTrustedSecurityTokenIssuer -MetadataEndpoint "https://mysite.krossfarm.com/layouts/15/metadata/json/1" -Name "SWORK-UPATrust"

 

Note:  https://mysite.krossfarm.com is URL of the web application from publishing farm

 

Now test it. We will able to follow the documents.

Applies To:

  • SharePoint 2010, 2013, 2016. (When Using UPA in a cross shared farm)

See Also: