SharePoint 2013 Event ID 8321 Topology

Alice01 46 Reputation points
2021-03-16T04:57:12.93+00:00

I have done everything I can but nothing has solved it
Export and install SharePoint root certificate
Change the hosts file crl.microsoft.com, ctldl.windowsupdate.com to 127.0.0.1
Disable the automatic update of certificates

Please help

SharePoint Server Management
SharePoint Server Management
SharePoint Server: A family of Microsoft on-premises document management and storage systems.Management: The act or process of organizing, handling, directing or controlling something.
2,890 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Echo Du_MSFT 17,141 Reputation points
    2021-03-16T06:17:40.817+00:00

    Hello @Alice01 ,

    The error comes about every 5 minutes. It is a topology error which says:

    78124-8321.png

    In order to resolve this problem, the local trust relationship has to be created. This can be done by running the following PowerShell commands:

    $rootCert = (Get-SPCertificateAuthority).RootCertificate     
    New-SPTrustedRootAuthority -Name  "localNew" -Certificate  $rootCert  
    

    After running the above commands, perform an IISReset on all servers in the farm.

    More information, please refer to this article.

    Thanks,
    Echo Du

    =======================
    Updated Answer ======================

    Hi @Alice01 ,

    Typically, this error occurs on SharePoint servers which are running with no internet connectivity where SharePoint Root Authority was not added to Trusted Root Certification Authorities store (which is the default behaviour) .

    79562-event-8321.png

    Please the following steps:

    Step 1: Export the SharePoint Root Authority certificate using PowerShell

    #Open SharePoint Management Shell   
    $RootCertFile="C:\SPRootCert.cer"  
    $SPRootCert = (Get-SPCertificateAuthority).RootCertificate  
    $SProotCert.Export("Cer") | Set-Content $RootCertFile –Encoding Byte  
    

    Step 2: Import the SharePoint Root Authority certificate into the Trusted Root Certificate store.

    $RootCertFile="C:\SPRootCert.cer"  
    Import-Certificate -FilePath $RootCertFile -CertStoreLocation Cert:\LocalMachine\Root  
    

    You can verify if the SharePoint root authority certificate is imported to trusted root certificate store by going to:

    • Start >> Run >> MMC >> File >> Add/Remove Snap-in
    • Click on Certificate >> Add >> Select computer account and click next >> select local computer and click finish.
    • Expend Certificate >> Trusted Root Certification Authorities >> Certificate
    • You should see "SharePoint Root Authority" there.

    79536-cert.png

    Step3: Repeat these two steps in all SharePoint servers of the farm.

    Step4: IIS reset

    #Open SharePoint Management Shell   
    iisreset  
    

    If it still does not work, please attach detailed screenshots or logs.

    Thanks,
    Echo Du

    ===============

    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.