question

msdc avatar image
0 Votes"
msdc asked 94310651 answered

Service Bus Gateway Certificate Expired

Hello,

A 2013 Workflow stopped working in my environment last Monday (10/12/2020) I noticed so I started doing some digging and actually found that a error/alert started 10/10/2020 with the following errors below:

 Warning    10/10/2020 8:38:42 PM    CertificateServicesClient-AutoEnrollment    64    None
 Certificate for local system with Thumbprint f7 42 1f 81 c8 c2 1e 87 ae f4 f8 d8 dd 3a 24 92 74 98 20 53 is about to expire or already expired.
    
 Application: Microsoft.ServiceBus.Gateway.exe
 Framework Version: v4.0.30319
 Description: The process was terminated due to an unhandled exception.
 Exception Info: System.ArgumentException
    at Microsoft.ServiceBus.Gateway.ServiceHealthCheck.GetCertExpiryTimeRemaining(System.String, System.String ByRef)
    at Microsoft.ServiceBus.Gateway.ServiceHealthCheck.CheckForHealth()
    at Microsoft.ServiceBus.Gateway.Gateway.DoHealthCheck(System.Object)
    at Microsoft.ServiceBus.Common.IOThreadScheduler+ScheduledOverlapped.IOCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)
    at Microsoft.ServiceBus.Common.Fx+IOCompletionThunk.UnhandledExceptionFrame(UInt32, UInt32, System.Threading.NativeOverlapped*)
    at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)
    
    
 Faulting application name: Microsoft.ServiceBus.Gateway.exe, version: 2.0.20922.0, time stamp: 0x505e1bac
 Faulting module name: KERNELBASE.dll, version: 6.2.9200.23141, time stamp: 0x5f30a4ed
 Exception code: 0xe0434352
 Fault offset: 0x000000000001897c
 Faulting process id: 0xa14
 Faulting application start time: 0x01d69466c79ad11f
 Faulting application path: C:\Program Files\Service Bus\1.0\Microsoft.ServiceBus.Gateway.exe
 Faulting module path: C:\Windows\system32\KERNELBASE.dll
 Report Id: 7b971d2e-0b5a-11eb-9489-0050568545c0
 Faulting package full name: 
 Faulting package-relative application ID: 
    
 Error    10/10/2020 8:42:12 PM    Service Bus Gateway    0    None
 Service cannot be started. System.InvalidOperationException: Certificate requested with thumbprint F7421F81C8C21E87AEF4F8D8DD3A249274982053 not found in the certificate store LocalMachine\My.
    at Microsoft.ServiceBus.Commands.Common.DBEncryptionHelper.FindCert(String thumbprint)
    at Microsoft.ServiceBus.Commands.Common.DBEncryptionHelper.DecryptStringUsingCertificate(String thumbprint, String encryptedStr)
    at Microsoft.ServiceBus.Commands.Common.DBEncryptionHelper.DecryptDbConnectionStringIfEncrypted(String encryptedEncryptionToken, String encryptionCertThumbprint, String dbConnectionString)
    at Microsoft.ServiceBus.Commands.Common.ServerInfo.FillServerInfo(ServerInfo serverInfo, String registryPath)
    at Microsoft.ServiceBus.Commands.SBServerInfo.GetSBServerInfo()
    at Microsoft.ServiceBus.Gateway.Gateway.OnStart(String[] args)
    at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

I'm guessing I just need to get the Cert renewed to get things back working but not sure what are the steps to get cert renewed on the Service Bus server. The Service Bus Gateway is configured on the web server currently. I am unable to remove the 2013 workflows or anything I'm guessing since the cert is expired it has somehow locked any kind of 2013 workflow functionality.

office-sharepoint-server-administrationoffice-sharepoint-server-developmentoffice-sharepoint-server-itpro
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

sharatha avatar image
0 Votes"
sharatha answered

To renew the certificate you need to change the change the time on your server to before the certificate expired date and then update the certificate, below article will help you to update/renew certificate.

http://www.harbar.net/articles/wfm3.aspx
https://social.technet.microsoft.com/Forums/en-US/a123f2c0-33af-4a56-9ffa-5a6296703ef9/problem-with-servicebus-certificate-error?forum=sharepointadmin

Thanks & Regards,

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ChelseaWu-MSFT avatar image
0 Votes"
ChelseaWu-MSFT answered

Here are the steps to renew an expired certificate for Service Bus for Windows Server farm certificate:

  1. Call Stop-SBFarm on one of the nodes in the farm.

  2. Install a new certificate on all Service Bus machines.

  3. Call the Set-SBCertificate cmdlet and run this cmdlet on one of the farm machines: Set-SBCertificate -FarmCertificateThumbprint $cert.Thumbprint -SkipKeyReEncryption

  4. Call the Update-SBHost cmdlet on all farm nodes.

  5. Call the Set-SBNamespace cmdlet and run this cmdlet on one of the farm machines: Set-SBNamespace -Name <namespace> -PrimarySymmetricKey <Base64 string>

  6. Call the Start-SBFarm cmdlet on one of the farm nodes.

Detailed information can be found via this document: Service Bus Configuration How-to - How to renew an expired certificate.


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

94310651 avatar image
0 Votes"
94310651 answered

server bus client startted 12h,auto stop

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.