Wednesday, 26 August 2015

App Model Troubleshooting Guide SharePoint 2013

Apps Troubleshooting Guide

 
This article will walk you through some of the known issues you will encounter when deploying provider hosted app’s or accessing provider hosted app’s for the first time
Error :
App token requested from appredirect.aspx for site: 7b407d5d-8096-4007-b829-d59c14021063 but there was an error in generating it.  This may be a case when we do not need a token or when the app principal was not properly set up.  LaunchUrl:https://xxxx..com/pages/Setup.aspx?SPHostUrl=xxx&SPLanguage=en-US&SPClientTag=0&SPProductNumber=15.0.4569.1000&SPAppWebUrl=https://apps-af87c5df31b1da.xxxxxxxo Exception Message:The endpoint address 'https://xxx.xxx.com/Pages/Setup.aspx?SPHostUrl=&SPLanguage=en-US&SPClientTag=0&SPProductNumber=15.0.4569.1000&SPAppWebUrl=https://apps-af87c5df31b1da.&HostTitle=does not match the app's endpoint xxxxx.com'.  Stacktrace:  
 at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenPrivate(SPServiceContext serviceContext, String appId, Uri appEndpointUrl, SPAppPrincipalInfo appPrincipal, SPApplicationContextAccessTokenType tokenType, Boolean useThreadIdentity, SPUserToken userToken)   
 at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenFromThreadIdentityOrUserToken(SPServiceContext serviceContext, String appId, Uri appEndpointUrl, SPApplicationContextAccessTokenType tokenType, SPAppPrincipalInfo appPrincipal, Boolean useThreadIdentity, SPUserToken userToken)   
 at Microsoft.SharePoint.ApplicationPages.AppRedirectPage.ValidateAndProcessRequest().  Since this is a nonfatal error, it will be sanitized and posted to the app as part of the app launch.
 
Or Getting Error Message for Exception Microsoft.SharePoint.SPException: The endpoint address 'httpszzz/Pages/Setup.aspx?SPHostUrl=https://xxxx&SPLanguage=en-US&SPClientTag=0&SPProductNumber=15.0.4569.1000&SPAppWebUrl=https://apps-af87c5df31b1da.xxxx&HostTitle=does not match the app's endpoint .com'.   
 at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenPrivate(SPServiceContext serviceContext, String appId, Uri appEndpointUrl, SPAppPrincipalInfo appPrincipal, SPApplicationContextAccessTokenType tokenType, Boolean useThreadIdentity, SPUserToken userToken)   
 at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenFromThreadIdentityOrUserToken(SPServiceContext serviceContext, String appId, Uri appEndpointUrl, SPApplicationContextAccessTokenType tokenType, SPAppPrincipalInfo appPrincipal, Boolean useThreadIdentity, SPUserToken userToken)   
 at Microsoft.SharePoint.ApplicationPages.AppRedirectPage.ValidateAndProcessRequest()
 
This indicates there is a problem with certificate so handshake cannot happen. It can be due to Root Authortiy or SP Trusted Security Token Issuer or Realm ID or rogue Certificate, in most cases it will be certificate.
 
To resolve this, follow the below steps to remove the security token issuer, create a new pfx and cer , and setup the trust between SharePoint and IIS with the new certificates

Get the SP Trusted Security Token Issuer Name, Issuer ID
 
Get-SPTrustedSecurityTokenIssuer | select Name,RegisteredIssuerName | fl
 
Get the SP App Principal
 Get-SPAppPrincipal -NameIdentifier IssuerID@RealmID  -Site https://intranet.contoso.com/services/site1

Get the Farm ID to Validate Realm ID is same , if its different apps won't be able to issue the app token
 $SPFarm = Get-spfarm
$SPFarm.ID

Remove Root Authority and Security Token Issuer

Get-SPTrustedSecurityTokenIssuer | ?{$_.RegisteredIssuerName -eq " IssuerID@RealmID "} | Remove-SPTrustedSecurityTokenIssuer
 
 



1 comment:

  1. I started all stopped SharePoint services, then opened an elevated command shell, and ran psconfig. Livetiles

    ReplyDelete