Internal Status Suspended - State HTTP 401 Error RRS feed

  • Question

  • Problem - 2013 Workflows have suspended internal status after start workflow.

    Internal Status - Suspended (i)
    RequestorId: 1f14e013-aee9-6d6a-0000-000000000000. Details: An unhandled exception occurred during the execution of the workflow instance. Exception details: System.ApplicationException: HTTP 401 {"error":{"code":"-2147024891, System.UnauthorizedAccessException","message":{"lang":"en-US","value":"Access denied. You do not have permission to perform this action or access this resource."}}} {"Transfer-Encoding":["chunked"],"X-SharePointHealthScore":["0"],"SPClientServiceRequestDuration":["10"],"SPRequestGuid":["1f14e013-aee9-6d6a-8b32-7f2739ced3bb"],"request-id":["1f14e013-aee9-6d6a-8b32-7f2739ced3bb"],"X-FRAME-OPTIONS":["SAMEORIGIN"],"MicrosoftSharePointTeamServices":[""],"X-Content-Type-Options":["nosniff"],"X-MS-InvokeApp":["1; RequireReadOnly"],"Cache-Control":["max-age=0, private"],"Date":["Mon, 05 Oct 2015 18:49:21 GMT"],"Server":["Microsoft-IIS\/8.5"],"WWW-Authenticate":["NTLM"],"X-AspNet-Version":["4.0.30319"],"X-Powered-By":["ASP.NET"]} at Microsoft.Activities.Hosting.Runtime.Subroutine.SubroutineChild.Execute(CodeActivityContext context) at System.Activities.CodeActivity.InternalExecute(ActivityInstance instance, ActivityExecutor executor, BookmarkManager bookmarkManager) at System.Activities.Runtime.ActivityExecutor.ExecuteActivityWorkItem.ExecuteBody(ActivityExecutor executor, BookmarkManager bookmarkManager, Location resultLocation)

    Software -

      SharePoint 2013 Enterprise Edition 15.0.4701.1001 ​| March 2015 CU | on-premises | NTLM | SQL 2012 SP2 | Claims authentication

      Workflow Manager 1.0 Refresh 2 I believe.  (I will be happy to provide information if I can) (Control Panel |  Add Remove Programs - 2.0.20922.0)

      Service Bus 1.0 Refresh 2 I believe. (I will be happy to provide information if I can) (Control Panel | Add Remove Programs - 2.0.20922.0)

    Hardware - Hyper-V VM's, Server 2012 R2 Standard Edition | 2 - WFE's hardware load balanced | 3 app servers, one for search, and Workflow, and two for other like Visio, Word, User Profile Services, etc.

    Background - logging on as a domain user on the root site https://DOMAIN and have been granted contribute permissions to a custom list that was created and is a simple text column for title.  Created a 2013 Workflow in SharePoint Designer with full control as that user (then permission removed to contribute), the temporary permissions were granted from the Farm Account (System Account) which is NOT to use workflows, so I am NOT (the workflows, I know, don't work with the farm account)! 

    Custom List - Contribute permission, single column, set to email the name of the list item.  Set to kick off for change / addition of items automatically.

    Troubleshooting -

    Experiencing an issue almost exactly like this Marcel Medina post -   except it is not working for his solution.

    Another post extremely similar to the issue I am having -

    Full User Profile Synchronization performed weekly, however did so as needed for checking, then Refresh Trusted Security Token Services Metadata Feed or the PowerShell - Get-SPTimerJob "RefreshMetadataFeed" | Start-SPTimerJob

    I have set the group that my ad account is in to be in the custom list that is running the workflow and it has contribute permissions, I also checked and set contribute permission to Workflow History (https://DOMAIN/Lists/Workflow%20History/AllItems.aspx) | Workflow Tasks (https://DOMAIN/WorkflowTasks/AllItems.aspx)
    That account does NOT have access to https://DOMAIN/_layouts/15/workflow.aspx | Sorry, this site hasn't been shared with you.

    After I select / create "New Item" I select the ellipsis control and go to Workflows - Sorry, this site hasn't been shared with you.  If I select the them, I go to the View for the ribbon and I have Workflows, and if I select that, I get the same error - Sorry, this site hasn't been shared with you.

    I have checked on another link / blog -  SharePoint 2013 Workflow gets Suspended by ZA .. SharePoint -  I have the Workflow History and Workflow Tasks for the group that this user, with contribute permission is in, for SharePoint Designer, there should not be any related list for the workflow.

    User Profile Synchronization is started and running and a full synchronization has been performed.  Not running the workflow as a SharePoint system user.

    The 2013 workflow is able to be created, published, no problems.  History list - Workflow History | Task List - Workflow Tasks | Automatically update the workflow status to the current stage name (Selected).  Two stages (Start of 2013 Workflow), Email (contribute account user), Transition to (2013 Completd Workflow {2nd stage}), on 2nd stage, Comment "comment for completed workflow", Transition to stage (Go to End of Workflow).  About as basic as you can get.  No writing to the history - "log to history" to limit variables with possible issues with permissions on workflow history / history list.

    Thank you.


    Tuesday, October 6, 2015 7:13 PM

All replies

  • Hi Matt,

    Can you please check the below things to come up with exact culprit.

    1. Check if the requested user is available in User Information List. With same account name.
    2. Check if user is able to open the workflow setting page using browser.
    3. Check with other user who has full control for the site, and compare the result.
    4. Check if this issue is on entire site for that user or what about other site with same permission.
    5. Check the re-register the workflow service using SPWorkflowService PowerShell command.
    6. Final check is if still there is same I suggest you re-configure the Workflow Manager for SharePoint 2013.

    Krishana Kumar
    Please mark the replies and Proposed as answer if they help and solve your issue

    Tuesday, October 6, 2015 9:29 PM
  • Make sure that the SecurityTokenServiceApplication is running under the Farm account (a.k.a. OWSTimer service)

    Change it in the Central Administration page if it is not using the same account.
    Wednesday, September 19, 2018 4:28 PM