Cetificate error with Workflow 1.0. RRS feed

  • Question

  • We installed workflow manager 1.0 to be used with SharePoint 2013.  It was working fine until I had a report telling me it was no longer working, after looking into the issue we seem to have a certificate issue.   a few months ago we removed our SharePoint SSL Certificate and added a new certificate (to add a few host names).  I suspect this is the cause of my issuesbut I am very new to Workflow 1.0 and not sure how to proceed.

    if I try to use powershellto stop-wfhostd I get the follow error.

    PS C:\Program Files\Workflow Manager\1.0> Stop-wfhost
    Stop-wfhost: Certificate requested with thumbprint
    0457A37D63EC057061FB9E94017600C5F85A2281 not found in the certificate store
    At line:1 char:1
    + Stop-wfhost
    + ~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [Stop-WFHost], InvalidOperatio
        + FullyQualifiedErrorId: System.InvalidOperationException,Microsoft.Workf

    EventVWRentries all refer to certificate issues.

    The Workflow Manager backend failed to start at location 'WorkflowServiceBackendHost.Start' due to an exception: System.InvalidOperationException: Certificate '0457A37D63EC057061FB9E94017600C5F85A2281' is not found in the certificate store.

       at Microsoft.Activities.Hosting.Security.WorkflowEncryptor.DecryptMasterKey(String thumbprint, String encryptedMasterKey)

       at Microsoft.Workflow.Management.WorkflowEncryptionSettings.InitializeInternal()

       at Microsoft.Workflow.Management.WorkflowServiceConfiguration.get_EncryptionSettings()

       at Microsoft.Workflow.Management.WorkflowServiceConfiguration.GetResourceManagementConnectionStringFromConfig()

       at Microsoft.Workflow.Management.WorkflowServiceConfiguration.get_ConfigProvider()

       at Microsoft.Workflow.Service.WorkflowServiceBackendHost.WorkflowServiceBackendStartAsyncResult..ctor(WorkflowServiceBackendHosthost, EventTraceActivitytraceActivityId, TimeSpanretryTimeout, AsyncCallbackcallback, Object state)

       at Microsoft.Workflow.Service.WorkflowServiceBackendHost.Start(Boolean keepAlive)



    Tuesday, July 16, 2013 5:53 PM

All replies

  • i think the wfm has been configured using certificate and Sharepoint is communicating with WFM using https binding. The certificate used by wfm has been removed. 

    check if you are able to browse the https uri of worflowmanagementservice and get the same error.

    if you get the same error, we may have to configure wfm using new certificate or use the http binding URI, register the http URI with the SP.

    Thanks, Shashi, Microsoft Developer Support.

    Thursday, July 18, 2013 5:16 AM
  • Pretty sure this is exactly what my problem is but I am not sure how to go about resolving it.

    When I try to browse I get page cannot be displayed, if I try to browse https I get the cert warning then I get page cannot be displayed.  I noticed that 3 of the 4 services for Workflow manager are not able to start. m (SP is on the same server so one of the services may be the Workflow Client).

    Thursday, July 18, 2013 6:06 PM
  • Adding a new certificate is not just removing the old one and import the new one to the server. It's because the certificate in your case is to secure service connection. This's not something like you just need to import a certificate to the server to trust or make SSL work for your website.

    You should find guidance on fully replacing the existing self-signed certificate by a new one. I can't find any article covering that at this moment.


    Thuan Soldier
    A 23-year-old man loving Microsoft technologies and making crazy ideas on business journey.
    SharePoint Vietnam | Blog | Twitter

    Thursday, July 18, 2013 6:25 PM