none
Register-SPWorkflowService : The Root of the certificate chain is not the trusted root authority RRS feed

  • Question

  • Hi

    I am attempted to setup workflow manager on an "all in one" test box where SharePoint 2013 and Workflow Manager are hosted on the same box.

    Reigister-SPWorkflowSerive - SPSite "Https://intranet.domain.com" -workflowhostUri "https://sp2013allin:12290"

    Causes the above error. .

    I am thinking I may need to re-install the workflow manager as I think I might of replaced the personal cert after I first installed it.

    Daniel


    Freelance consultant

    Monday, February 16, 2015 5:29 PM

Answers

  •  We got this to work

    - after installation export the certificate from the workflow manager and make sure it goes in the Trusted Root Authority and SharePoint 

    -  run  Spencer's code against the cert

    $trustCert Get-PfxCertificate "c:\wfm.cer"
    2 New-SPTrustedRootAuthority -Name "Workflow Manager Farm" -Certificate$trustCert

    Next and this is important urls esp the Worflowhost URI must match the url in the cert so FQDN

    Register-SPWorkflowService -SPSite "https://intranet.fabrikam.com" -WorkflowHostUri "https://wfm.fabrikam.com:12290"


    Freelance consultant

    Wednesday, February 18, 2015 11:21 AM

All replies

  • you need to register the root cert within SHAREPOINT (not just Windows)... I don't recall the specific steps offhand, but they're readily searchable.

    Scott Brickey
    MCTS, MCPD, MCITP
    www.sbrickey.com
    Strategic Data Systems - for all your SharePoint needs

    Monday, February 16, 2015 9:54 PM
  • Scott

    Ok ,, not sure if I am on the right track

    I did attempt to generate a certificate which I imported into both Trusted Root Cert Authorities and SharePoint locations ( see MMC Snappin below) 

    Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
    $rootCert = (Get-SPCertificateAuthority).RootCertificate
    $rootCert.Export(“Cert”) | Set-Content C:\dev\cert\SharePointRootAuthority.cer -Encoding Byte


    However,  I wonder if I just don't import the "proper  3rd party cert ) into SharePoint as shown below

     

    However, I am now hitting another error when I attempt to register the WFM with my site collection. I am using the account I (autospinstalled) SharePoint with  but will look to see if local admin has been taken away


    PS C:\Windows\system32\WindowsPowerShell\v1.0> C:\dev\PS\Admin\Assoc-HNSCWithWorkflowMan.ps1
    Register-SPWorkflowService : The caller does not have the necessary permissions required for this operation. Permissions granted: None. Required permissions: WriteScope. HTTP headers received from the server - ActivityId: 
    c9f448fd-8210-4979-8690-6b280e6862a5. NodeId: Live-WFE. Scope: /SharePoint. Client ActivityId : e5dc2696-c873-4a34-becc-023e7b371ccc.

    Daniel


    Freelance consultant


    Tuesday, February 17, 2015 11:35 AM
  • Scott,

    Hope it's ok to chime in and ask a question here. I'm building a SharePoint test farm with a separate workflow manager farm, following the instructions from Spencer Harbar found here: www.harbar.net/articles/wfm2.aspx

    I'm getting this exact same error as well trying to run Register-SPWorkflowService

    How do I get the Root Cert that I need to register in SharePoint ?

    Thanks

    Tuesday, February 17, 2015 8:33 PM
  • Chime in dude!

    A couple of us stayed later at work and reinstalled Workflow Manager 1.0 - didn't have any effect but was useful to reminds of how quirky the process is- we installed the available CUs before running the manual config.

    Anyway we got as far as 

    https://technet.microsoft.com/en-us/library/jj658589  which I think might answer your question .  We got a bit carried away with removing old certs so and hence the cert associated with the workflow manager 1.0 ( see IIS site).  I am guessing here but we may need to export this cert into SharePoint via Central admin

    - Could Scott or somebody confirm please

    If you get this fixed can you post the steps as I have to get this working first thing tomorrow...

    Daniel


    Freelance consultant


    Tuesday, February 17, 2015 9:10 PM
  •  We got this to work

    - after installation export the certificate from the workflow manager and make sure it goes in the Trusted Root Authority and SharePoint 

    -  run  Spencer's code against the cert

    $trustCert Get-PfxCertificate "c:\wfm.cer"
    2 New-SPTrustedRootAuthority -Name "Workflow Manager Farm" -Certificate$trustCert

    Next and this is important urls esp the Worflowhost URI must match the url in the cert so FQDN

    Register-SPWorkflowService -SPSite "https://intranet.fabrikam.com" -WorkflowHostUri "https://wfm.fabrikam.com:12290"


    Freelance consultant

    Wednesday, February 18, 2015 11:21 AM
  • Dan,

    Where did the certificate from the workflow manager come from?

    Is it in the MMC Snapin for Certificates and can you tell me what it looks like?

    Thanks

    Wednesday, February 18, 2015 2:09 PM
  • David

    I took this screen dump earlier this morning. We found you don't get the cert error if you use the correct FQDN of the WFE in the url.   The key is everything needs to match so wfe.domain.com in the certs and also the registration.


    Good luck!

    Daniel


    Freelance consultant

    Wednesday, February 18, 2015 2:17 PM
  • So instead of using the VIP url I need to use the name of the computer?

    My front ends on load balanced as well as my wf farm, so there is a url like this on the SP farm http : // portal.somedomain.com and wfm.somedomain.com

    So it sounds like what you are saying is, that instead of using these url's I need to use the actual machine names?

    Wednesday, February 18, 2015 2:44 PM
  • I have similar issues as you reported. In my case adding of the parameter "-Force" fixed it:

    Reigister-SPWorkflowSerive - SPSite "Https://intranet.domain.com" -workflowhostUri "https://sp2013allin:12290" -AllowOAuthHttp -Force

    Friday, April 29, 2016 2:54 PM
  • HOW installation export the certificate from the workflow manager and make sure it goes in the Trusted Root Authority and SharePoint ???

    Friday, November 9, 2018 8:11 AM