Hi everyone,
I'm currently using Office Web Apps (OWA) 2013 farm (including 4 servers of Windows 2012R2 / IIS8) which are serving my SharePoint (SP) 2013 farm.
Recently I have successfully updated both farms with October 2021 release , OWA2013 farm (KB 5002036) & SP2013 farm (KB 5002040).
After the OWA update, the "Get-OfficeWebAppsMachine" command returns "Unhealthy" from all servers in my OWA2013 farm. I have done the following steps in my troubleshooting so far for this issue:
- I have added my four OWA2013 servers FQDN as DNS entries into the certificate created for my OWA2013 farm (initially the certificate created from "Managed Web Server" template)
- I have checked the HTTP Activation feature is installed on all my OWA2013 servers.
- Even tried removing and re-creating the OWA farm couples of times.
- Run Update-SPWOPIProofKey , Set-OfficeWebAppsFarm -CertificateName "MyCertificate" , New-SPWOPIBinding -ServerName "OWA-FQDN-URL" , all look set-up correctly after those commands.
- I was doing "Restart-Service WACSM" & IISReset , sever Reboot after each time when I was doing the above changes.
- The "Get-OfficeWebAppsFarm" command returns nothing unusual , can see my certificate name, Internal/External URLs , Allow HTTP & SSLOffloaded = FALSE, the four OWA servers listed correctly.
- This URL "https:///OWA-FQDN-URL/discovery returns XML file correctly.
There is no issue reports from the SP2013 with the functionalities of this OWA2013 , except this issue of "Unhealthy" . By checking the event log for "Microsoft Office Web Apps" log those types of errors found in my OWA2013 farm:
<?xml version="1.0" encoding="utf-16"?> <HealthReport xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <HealthMessage>BroadcastServicesWatchdog_Wfe reported status for BroadcastServices_Host in category 'BroadcastWfeRedirect'. Reported status: Exception when checking /default.aspx: System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure. at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception) at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result) at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size) at System.Net.ConnectStream.WriteHeaders(Boolean async) --- End of inner exception stack trace --- at System.Net.HttpWebRequest.GetResponse() at Microsoft.Office.Web.Common.WatchdogHelper.CheckWfeRedirect(ServiceInstance instance, Int16 category, String categoryName)</HealthMessage> </HealthReport>
OTHER ERRORS:
<?xml version="1.0" encoding="utf-16"?> <HealthReport xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <HealthMessage>HostingServiceWatchdog reported status for HostingService in category 'CheckDiscoveryResponse'. Reported status: The Discovery request failed with an exception: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.</HealthMessage> </HealthReport>
<?xml version="1.0" encoding="utf-16"?> <HealthReport xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <HealthMessage>BroadcastServicesWatchdog_Wfe reported status for BroadcastServices_Host in category '4'. Reported status: Contacting Present_2_0.asmx failed with an exception: Could not establish trust relationship for the SSL/TLS secure channel with authority 'MY-SERVRE-FQDN'.</HealthMessage> </HealthReport>
Thank you for your help...