none
Workflows "Failed on Start" after SP1 and updates RRS feed

  • 問題

  • I can't find anything on any blogs or KBs or articles that are specific to my current issue.  But I think that they deal with the App Pool Permissions.

     

    After upgrading to MOSS SP1, all of my workflows stopped working.  Built-in workflows on the MS Application Templates, just stopped.  Some say "Failed on Start", some just don't do anything.  

     

    After a bit of poking around, I see that SP1 implemented a new security policy that disallows "System" accounts from being the account that runs the Application Pool.  That's fine and probably a good step.  I'm sure that, in my pure ignorance, I configured my MOSS system insecurely and now Microsoft is (not very gently) encouraging... *ahem* forcing... me to do it right.

     

    So now, I'm stuck trying to change the user that the Application Pool runs as away from "Network Service" to a local or domain account.  Everytime I do this, though, the whole MOSS server becomes inaccessible... HELP!!!

     

    2009年1月19日 下午 12:37

解答

  • SOLVED: ***Only took a shade under a decade to figure out... not bad :( ***

    In my case... the issue was due to the fact that I have the Citrix/SharePoint connector installed (WISP) and it had apparently added a "shared.dll" file into the default website folder.  Once I deleted that file... all of my workflows started workin' and flowin' again.  Special thanks to John McBride (the author on link #2 below) for the post that saved my SharePoint server.

    See the following forum posts for more information:

    http://forums.citrix.com/thread.jspa?messageID=751748

    http://www.sharepoint-stuff.com/?p=155

    • 已標示為解答 kmomrik 2009年2月4日 下午 07:58
    2009年2月4日 下午 07:58

所有回覆

  • This might help you.

    http://kbalertz.com/947284/declarative-workflow-start-automatically-after-install-Windows-SharePoint-Services-Service.aspx


    According to the article, after sp1, system is refusing any workflow which is created by any system account automatically as you know.


    Beside, this is the detail of network service account
    http://msdn.microsoft.com/en-us/library/ms684272(VS.85).aspx

    so.. Suppose that you follow the first link to create an account and set in inside service account of operation section inside central admin. Your problem will be solved.


    2009年1月20日 上午 03:17
  • Dear customer:

     

    In order to better troubleshoot the issue, please help collect the following information:

     

    1.       After upgrading to MOSS SP1, all of my workflows stopped working.  Built-in workflows on the MS Application Templates, just stopped.  Some say "Failed on Start", some just don't do anything. Send the screenshot of the error to v-rocwan@microsoft.com for analyze.

     

    2.       Tell me which application tool did you modify?

     

    3.       Open Event Viewer, save application file and cleanup them,

     

    4.       Open SharePoint central administration website, click operation and then click diagnostic logging, navigate to event throttling, select workflow infrastructure under select a category,

     

    5.       Under least critical event to report to the event log, select error.

     

    6.       Under least critical event to report to the trace log, select verbose,

     

    7.       Click ok,

     

    8.       Reproduce the issue, and save the application log as .evt or .evtx file and trace log file to me for analyze.

     

    Note: when you send e-mail to me, please let me know the URL of your post.

     

    Thanks for your cooperation.

     

    Rock Wang – MSFT

     

    2009年1月20日 上午 09:40
    版主
  • In a site created with the ‘Timecard Management’ Custom Template downloaded from Microsoft, when I try to start the ‘Punch In’ action… it doesn’t appear to work.  Sometimes it just does nothing as the first few entries show… occasionally is generates a "Failed on Start" message.  

     

    The reason I’m leaning towards it being the SP1 security update to blame is that shows the User ID as System Account (which I’m lead to believe doesn’t work in SP1 now).  If someone could just let me know how to configure an account to set the Application Pool to run as, I think I’d be good to go.  I just don’t know how to do that. 

     

    As far as modification, I haven’t modified anything.  Even the default templates from Microsoft don’t work. All I modified was SharePoint itself by installing the Service Pack.  I also installed some .NET 3 updates as well.  

     

    My Application log is now filled with the same error (due to my failed attempt at configuring a different user to run the App Pool). The error is:

    Event Type:        Error

    Event Source:    Office SharePoint Server

    Event Category: Office Server General

    Event ID:              7888

    Date:                     1/20/2009

    Time:                    11:42:12 AM

    User:                     N/A

    Computer:          <servername>

    Description:

    A runtime exception was detected. Details follow.

    Message: 'MOSS_APP_POOL' is not a valid Windows NT name. Give the complete name: <domain\username>.

    Techinal Details:

    System.Data.SqlClient.SqlException: 'MOSS_APP_POOL' is not a valid Windows NT name. Give the complete name: <domain\username>.

       at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)

       at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection)

       at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)

       at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)

       at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)

       at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async)

       at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)

       at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(DbAsyncResult result, String methodName, Boolean sendToPipe)

       at System.Data.SqlClient.SqlCommand.ExecuteNonQuery()

       at Microsoft.Office.Server.Data.SqlSession.ExecuteNonQuery(SqlCommand command)

       at Microsoft.Office.Server.Data.SqlServerManager.GrantLogin(String user)

       at Microsoft.Office.Server.Administration.SharedDatabase.Microsoft.Office.Server.Administration.ISharedAccessControl.SetAccessControl(SharedComponentSecurity security)

       at Microsoft.Office.Server.Administration.SharedResourceProvider.SynchronizeAccessControl(SharedComponentSecurity sharedApplicationSecurity)

       at Microsoft.Office.Server.Administration.SharedResourceProvider.Microsoft.Office.Server.Administration.ISharedComponent.Synchronize()

    2009年1月20日 下午 05:19
  • Dear customer:

     

    Open IIS manager, expand application pools, send the screenshot of it to me.

     

    Which application pool did you modify, please let me know its name. is it MSSharePointAppPool or OfficeServerApplication Pool?

     

    Thanks for your cooperation.

     

    Rock Wang - MSFT

     

    2009年1月22日 上午 03:03
    版主
  • I didn't modify it in IIS, so I don't know.  I modified it in SharePoint Central Admin (as you're never supposed to manually do ANYTHING in IIS with SharePoint). 

    2009年1月22日 下午 01:23
  •  

    Dear customer:

     

    Did you change Windows SharePoint Services Web Application or not?

     

    What is used for Windows SharePoint Services Web Application pool before you modify?

     

    Please select configurable, and use the account that you install MOSS 2007, then check the effect.

     

    If anything is unclear, please feel free to let me know.

     

    Rock Wang - MSFT

    2009年1月23日 上午 06:18
    版主
  •  Kenmo32 wrote:

      If someone could just let me know how to configure an account to set the Application Pool to run as, I think I’d be good to go.  I just don’t know how to do that. 

     

     

     

     

    Here is the step to change the account

     

    1. go to or remote to your sharepoint server

    2. login (as farm admin or whatever domain admin)

    3. start -> all programs -> administrative tools -> sharepoint 3.0 central administration

    4. click "operation" tab

    5. Find "Security Configuration" Section

    6. click "Service accounts"

    7. select radio box of "Web application pool"

    8. select web service as "Windows SharePoint Services Web Application"

    9. find your application which running the Timecard Management's application pool aand select it

    10. select radio box of Configurable

    11. input account(you have to create that first)  info below

    12. press OK button

     

    Is this what you want?

    2009年1月23日 上午 07:28
  • It is step 11 (creating the account) that I'm lost on. I've already done the above steps, I even tried to put the domain administrator account in there and I STILL can't make it work with ANYTHING but Network Service.

     

    My issue is that I don't know:

    1. Where I should create the account (domain or local)
    2. What Rights I need to give it in SQL (if at all)
    3. What security groups it needs to be in on the local box
    4. What Rights it needs to domain resources (if any)
    5. What Rights I need to give it to the local file system on my MOSS server (if at any)

    This server - by the way - is a single-server farm.  I'm fairly certain that is my problem. As I understand it, if you create this AppPool account before hand and define it during INSTALL... the setup program configures the proper Rights and if I'd done the service accounts correctly in the first place... I wouldn't be having these issues.  However, I stupidly configured them to just run as "Network Service"... which appears to be my problem.

     

    If anyone knows the answer to the above questions... I'd be eternally grateful for some assistance.

     

    Thanks!

     

    Ken

     

    2009年1月23日 下午 03:39
  • I did change the account, but I didn't change anything manually in IIS. I did it all through the Central Admin. I tried and failed at creating a local account to run the app pool as is painfully obvious by the error message that's filling up my Application Log.  I've also even tried the domain admin account (which is the account I was using during the install of the MOSS product).

    2009年1月23日 下午 03:46
  •  

    Dear customer:

     

    I just want to know what account is used for Timecard Management's application pool before you modify?

     

    Did it work before you modify the account?

     

    Open Event Viewer, save application file and cleanup them,

     

    Open SharePoint central administration website, click operation and then click diagnostic logging, navigate to event throttling, select Office Server General under select a category,

     

    Under least critical event to report to the event log, select information.

     

    Under least critical event to report to the trace log, select verbose,

     

    Click ok,

     

    Reproduce the issue, and save the application log as .evt or .evtx file and trace log file to me for analyze.

     

    Note: when you send e-mail to me, please let me know the URL of your post.

     

    Thanks for your cooperation.

     

    Rock Wang – MSFT

    2009年1月24日 上午 02:51
    版主
  • Perhaps it'll help for me to re-iterate the issue and I'll cover specifically your questions.

     

    We've had a MOSS 2007 server running for about a year and a half now.  Everything was working great.  When I first st set up the MOSS server, I accepted the default installation options (probably a mistake) which included setting "Network Service" as the 'user' that runs the application pool for the server.  We were using the Timecard Management template successfully and one of my users became VERY dependent on it for project time mapping. 

     

    NOW, since I did the SP1 upgrade, it would appear that MANY of my workflows aren't working properly.  Most of my sites work fine still (Wiki, Shared Documents, Knowledge Base, etc.), even my Alerts (which I would think MUST be tied to a workflow) still work.  However, the workflows in my Lending Library and Timecard Managment (and possibly others, but those are the only two noticable affected), stopped working.  They either do nothing at all or they report a "Failed on Start (retrying)" message. 

     

    I'm e-mailing you the eventlog file, but there has been no change after setting that new diagnostic logging.  I do see a new log in the "LOGS" folder on the server I'm e-mailing that to you as well.

    2009年1月26日 下午 02:21
  •  

    Dear customer:

     

    I accepted the default installation options (probably a mistake) which included setting "Network Service" as the 'user' that runs the application pool for the server. please sent the screenshot of it to me.

     

    Also, refer to the previous post enable trace log and reproduce the issue, send the trace log like APN-MOSS1-20090120-1142.log to me for analyze.

     

    Thanks for your cooperation.

     

    Rock Wang - MSFT

    2009年2月1日 上午 06:44
  • I think I've come to grips with the fact that I've been chasing the wrong resolution for weeks now.  I finally figured out that with Kerberos authentication, you have to create an SPN number for the account used in that field.  As opposed to doing this, I switched to NTLM authentication.  This allows me to set the Web App account to whatever I wish.  After converting to NTLM, I was able to set the Web App account to a domain user that I created <domain>\MOSS_WEB_APP.  I'm able to access MOSS even with that account set to run the Web App... however, the damn workflows still don't work.  I'm lost...  I HAVE to get this working.  There are two distinctly different sites that are experiencing the same symptom, so I'm convinced that the issue global. 

    Unfortunately, I installed ALOT of updates at the same time as the MOSS SP1.  Perhaps one of those could cause this issue...I also installed about 40 Windows security updates.  SP1 for .Net 2.0 and 3.0 as well as about 12 hotfix updates for both of those as well.  I really don't want to resort to having to build a whole new box and try to migrate data over... this would make me unhappy.  Any help?  I did manage to resolve my Application Log issue with that recurring 7888 error by removing the MOSS_APP_POOL user from the MSSQLxxxxx security group.  Since that user is not doing anything... it shouldn't be a problem.  I'll send you a trace log.  Please help me!
    2009年2月2日 下午 07:14
  •  

    Dear customer:

     

    Since you set the Web App account to a domain user that I created <domain>\MOSS_WEB_APP. Did domain\MOSS_WEB_APP have sufficient permission?

     

    Which groups does domain\MOSS_WEB_APP belong to?

     

    Please reproduce the issue, and save the application log as .evt or .evtx file and trace log file to me for analyze.

     

    Rock Wang - MSFT

    2009年2月3日 上午 06:30
  • I don't know what permissions it HAS to have... documentation is sparse and conflicting.  In one area it says that on a Stand-alone farm doesn't require ANY special permissions for the Web App Pool identity. then on the next document they outline permissions and groups that AREN'T EVEN THERE!

    I don't need to send you the .evt to analyze because there aren't any errors in there.  There are a few items about the Search service initiating a Master Merge... that's it. 

    The MOSS_WEB_APP user is a memeber of the following local groups: SQLServer2005MSSQLUser$<server>$OFFICESERVERS; WSS_WPG; IIS_WPG; Users

    2009年2月3日 下午 03:18
  • SOLVED: ***Only took a shade under a decade to figure out... not bad :( ***

    In my case... the issue was due to the fact that I have the Citrix/SharePoint connector installed (WISP) and it had apparently added a "shared.dll" file into the default website folder.  Once I deleted that file... all of my workflows started workin' and flowin' again.  Special thanks to John McBride (the author on link #2 below) for the post that saved my SharePoint server.

    See the following forum posts for more information:

    http://forums.citrix.com/thread.jspa?messageID=751748

    http://www.sharepoint-stuff.com/?p=155

    • 已標示為解答 kmomrik 2009年2月4日 下午 07:58
    2009年2月4日 下午 07:58