Many of us have experienced errors when starting SharePoint 2013 Designer for Workflows. One of the most common errors is:
“Retrying last request. Next attempt scheduled in less than one minute. Details of last request: HTTP Unauthorized to /_vti_bin/client.svc/SP.WorkflowServices.InteropService.Current/StartWorkflow Correlation Id: abeacd31-09ba-4a4e-8fdf-79eb7af480fe Instance Id: 9c909563-00c1-4b66-b3b4-d48c6da06b22”
In starting to troubleshoot, you will see messages like the following in the ULS Log files:
- Entering monitored scope (Getting Site Subscription Id). Parent [Marketplace] Getting token from STS and setting Thread Identity
- SecurityTokenServiceSendRequest: RemoteAddress: ‘http://###/SecurityTokenServiceApplication/securitytoken.svc’ Channel: ‘Microsoft.IdentityModel.Protocols.WSTrust.IWSTrustChannelContract’ Action: ‘http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue’
- SPJsonWebSecurityBaseTokenHandler: ValidateActorIsSelfIssuer! Issuer ‘00000005-0000-0000-c000-000000000000’ is not self issuer.
Why is this happening?
Often this is because the user was given permission to the site/list via an AD security group instead of being directly added to the SharePoint group. If the user is added directly, the Workflow works as desired. When added via AD security group, once the SharePoint 2013 Designer Workflow starts you will see the above-mentioned error. Here are a few things to check:
- Make sure User Profile Service is up and running.
- Make sure workflow initiator has a user profile associated.
- Make sure the Security Token Service App Pool has the Load User Profile property set to True as shown in the image below.
- Recycle the application pool.
- Make sure the AD Security group is part of the OU that is being sync’ed and then run full synchronization.
If you have validated all of the above-mentioned options and the issue is still not resolved, try the following:
Grant permission for the user to same SharePoint group that has the AD Security group in NT AUTHORITY\Authenticated Users.
Have questions? Need help building a scalable platform? Send us an email at firstname.lastname@example.org or call 630.832.0075 to start the conversation.