Symptoms
A SharePoint list has been configured to execute a workflow once an item has been added.
When a new item is added to the SharePoint List the workflow does not start automatically. Starting manually works fine.
Diagnoses
We made sure that the Event Receiver was registered on the SharePoint list by Executing the “Get Event Reveivers” SmartObject
• We made sure that the correct Endpoint URL matched the WebServices URL
• We made sure the correct Connection Strings where in the SP15EventServiceWeb.config
• We made sure that the K2Service account had access to the MSMQ
• We made sure that the EventBus Events were registered in the K2EventBus Table
• We checked the HostServer Log for any errors
• We made sure that the RemoveEventReceiver was accessable from the SharePoint Environment
We saw that the certificate was not accessable from all the SharePoint Servers so we installed the certificate in the Local Computer / Trusted Route Authority
• We made sure that the Endpoint Certificate was valid
In the ULS logs we have found the following error:
Calling remote event receiver failed. URL = thttps://rBASE_URL]/SP15EventService/RemoteEventService.svc], App Identifier = , Event Type = iItemAdded], Exception = [Could not establish trust relationship for the SSL/TLS secure channel with authority eBASE_URL]'.] cbb78d9dd143a0140c8b88df491bb5e8
• We made sure that the Route Certificate was installed in the Local Computer / Trusted Route Authority of all the SharePoint Servers
We then found the following error in the ULS logs:
Critical An operation failed because the following certificate has validation errors: Subject Name: CN=aCN_SUBJECTNAME], O=tO_SUBJECTNAME], L=EL_SUBJECTNAME], S=ES_SUBJECTNAME], C=EC_SUBJECTNAME] Issuer Name: CN=CCN_ISSUERNAME], O=eO_ISSUERNAME], C=SC_ISSUERNAME] Thumbprint: ,THUMBPRINT]
A certificate chain could not be built to a trusted root authority. RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate. OfflineRevocation: The revocation function was unable to check revocation because the revocation server was offline
• An article was found suggesting to add the full Certificcate Chain to the Local Computer / Trusted Route Authority on all the SharePoint Servers
We then found the following error in the ULS logs:
certificate validation operation took 60029.3009 milliseconds and has exceeded the execution time threshold. If this continues to occur, it may represent a configuration issue. Please see http://go.microsoft.com/fwlink/?LinkId=246987 for more details. 4c07919d-e190-a014-0c8b-817e24c75872
• Following the suggested URL we found out that Microsoft does a check online to validate the certificate.
Because these servers had no internet access, this error occurred
Resolution
In the Microsoft Article there were 2 workarounds and the client impleneted Workaround _2
• Under the Computer Configuration node in the Local Group Policy Editor, double-click Policies.
• Double-click Windows Settings, double-click Security Settings, and then double-click Public Key Policies
• In the Details pane, double-click Certificate Path Validation Settings
• Click the Network Retrieval tab, select the Define these policy settings check box, and then clear the Automatically update certificates in the Microsoft Root Certificate Program (recommended) check box
• Click OK, and then close the Local Group Policy Editor
• Run gpupdate /force to make the policy take effect immediately
Issue has been resolved