Share via

SharePoint 2013 Event ID 8321 Topology

Alice01 46 Reputation points
2021-03-16T04:57:12.93+00:00

I have done everything I can but nothing has solved it
Export and install SharePoint root certificate
Change the hosts file crl.microsoft.com, ctldl.windowsupdate.com to 127.0.0.1
Disable the automatic update of certificates

Please help

Microsoft 365 and Office | SharePoint Server | For business

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Echo Du_MSFT 17,316 Reputation points
    2021-03-16T06:17:40.817+00:00

    Hello @Alice01 ,

    The error comes about every 5 minutes. It is a topology error which says:

    78124-8321.png

    In order to resolve this problem, the local trust relationship has to be created. This can be done by running the following PowerShell commands: 

    $rootCert = (Get-SPCertificateAuthority).RootCertificate     
New-SPTrustedRootAuthority -Name  "localNew" -Certificate  $rootCert

    After running the above commands, perform an IISReset on all servers in the farm.

    More information, please refer to this article.

    Thanks,
    Echo Du

    =======================
    Updated Answer ======================

    Hi @Alice01 ,

    Typically, this error occurs on SharePoint servers which are running with no internet connectivity where SharePoint Root Authority was not added to Trusted Root Certification Authorities store (which is the default behaviour) .

    79562-event-8321.png

    Please the following steps:

    Step 1: Export the SharePoint Root Authority certificate using PowerShell 

    #Open SharePoint Management Shell   
$RootCertFile="C:\SPRootCert.cer"  
$SPRootCert = (Get-SPCertificateAuthority).RootCertificate  
$SProotCert.Export("Cer") | Set-Content $RootCertFile –Encoding Byte

    Step 2: Import the SharePoint Root Authority certificate into the Trusted Root Certificate store. 

    $RootCertFile="C:\SPRootCert.cer"  
Import-Certificate -FilePath $RootCertFile -CertStoreLocation Cert:\LocalMachine\Root

    You can verify if the SharePoint root authority certificate is imported to trusted root certificate store by going to:

    • Start >> Run >> MMC >> File >> Add/Remove Snap-in
    • Click on Certificate >> Add >> Select computer account and click next >> select local computer and click finish.
    • Expend Certificate >> Trusted Root Certification Authorities >> Certificate
    • You should see "SharePoint Root Authority" there.

    79536-cert.png

    Step3: Repeat these two steps in all SharePoint servers of the farm.

    Step4: IIS reset 

    #Open SharePoint Management Shell   
iisreset

    If it still does not work, please attach detailed screenshots or logs.

    Thanks,
    Echo Du

    ===============

    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.