שלום חברים,
היום נתקלתי ב-Error לאחר שבדקתי את ה-Event Viewer כחלק מבדיקות
תשתית שאני מבצע אצל לקוחותיי.
ה-Error מתריע על בעיית Certificate :
Log
Name : Application
Source
: Microsoft-SharePoint
Products-SharePoint Foundation
Event
ID : 8311
Task Category: Topology
Level
: Error
Description :
An
operation failed because the following certificate has validation errors:\n\n
Subject Name: CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft,
C=US \n Issuer Name: CN=SharePoint Root Authority, OU=SharePoint, O=Microsoft,
C=US\nThumbprint: 7884622F8B008E7AFAAFD3DDF98BE8AC69D4F952\n\n
Errors:\n\n
The root of the certificate chain is not a trusted root authority.
בד"כ הבעיה נובעת ממחיקת ה- "local" trust relationship של החווה מהגדרות
ה-Security ב-Central
Admin . (Central Administration > Security > Manage Trust)
נראה כי ה-root certificate חסר
ב- SharePoint certificate store . כתוצאה מכך claims authentication בחווה לא עובד כראוי. כדי לפתור את הבעיה צריך לייצא את ה-certificate מה- Certificate
Store בשרת ולהוסיף אותו
ל-SharePoint Certificate Store. רצוי
להשתמש ב"טביעת האצבע"
של התעודה שנמצא ב-Event Log, הייצוא מבוצע ע"י פקודת PowerShell :
$rootCert = (Get-SPCertificateAuthority).RootCertificate
New-SPTrustedRootAuthority -Name "localNew"
-Certificate $rootCert
אחרי הרצת הפקודה יש לבצע IISRESET.
לי זה פתר את הבעיה.. מקווה שגם לכם J
בהצלחה,
רון נס.
============================================================================================================================================================================================================================================================
Hello
friends,
Today
I found an Error after I checked the Event Viewer as Part of Health Check that I
do on my Customers SharePoint Environment
The
Error alerts on Certificate problem:
Log Name: Application
Source:
Microsoft-SharePoint Products-SharePoint Foundation
Event
ID: 8311
Task
Category: Topology
Level:
Error
Description:
An
operation failed because the following certificate has validation errors: \ n \
n Subject Name: CN = SharePoint Security Token Service, OU = SharePoint, O =
Microsoft, C = US \ n Issuer Name: CN = SharePoint Root Authority, OU = SharePoint,
O = Microsoft, C = US \ nThumbprint: 7884622F8B008E7AFAAFD3DDF98BE8AC69D4F952 \ n \ n
Errors:
\ n \ n The root of the certificate chain is not a trusted root authority.
Usually
the problem is due to deletion off
of the "local" farm trust relationship of the Security settings in
Central Admin. (Central Administration> Security> Manage Trust)
It
seems that the root certificate is missing in SharePoint certificate store. As
a result, farm claims authentication does not work properly. To solve the
problem you need to export the certificate from the Certificate Store on the
server and add it to SharePoint Certificate Store. Use the certificate thumb
print that found in the Event Log, the export is done by PowerShell
command:
$rootCert = (Get-SPCertificateAuthority).RootCertificate
New-SPTrustedRootAuthority -Name "localNew"
-Certificate $rootCert
After
running the command you must do IISRESET.
For
me it solved the problem... hope for you too J
Good
luck,
Ron
Ness.
No comments:
Post a Comment