This project has moved. For the latest updates, please go here.

Membership Request - Unknown Error

Mar 20, 2012 at 8:16 PM

Hello,

I deployed and tested FBA on one site.  All works well including emails being sent.  I they deployed to a second site and when doing a Membership Request receive a Unknown Error after clicking on create user.  We are using SMTP and a rely has been set up.  The Event log on SharePoint does show "The Incoming E-Mail service has completed a batch.  The elapsed time was 00:00:00.  The service processed 0 message(s) in total"  EventID 6871.  I have not been able to find anything in the SharePoint logs that has to do with this issue. 

 

Thank you

Coordinator
Mar 21, 2012 at 1:57 AM

If you get "Unknown Error" there should be the full exception in the SharePoint logs. Try searching for "FBA".

Does other SharePoint email functionality work on that server?

Mar 21, 2012 at 2:18 AM

All Sharepoint email functionality works.  I did get it working but am a little confused.  I deployed to https://Client.KWW.com/project/DFKW - this is an Extranet site URL.  The Membership Request here gave me the Unknown Error. I then logged into the site using the default URL http://sharepoint/project/DFKW and the request works.

This would be fine but must of users will be logging into Extranet sit and request is needed there.  What can I do about this??

Coordinator
Mar 21, 2012 at 2:28 AM

The problem is probably because it's being accessed by https. You need to register the root certificate with SharePoint so that SharePoint will trust it. Otherwise it will return an error about trusting the connection when reading the email xml templates.

Mar 21, 2012 at 3:13 PM

You said “The problem is probably because it's being accessed by https. You need to register the root certificate with SharePoint so that SharePoint will trust it. Otherwise it will return an error about trusting the connection when reading the email xml templates.”

I didn’t setup the SharePoint but to my knowledge the root certificate was registered – had it not been, we would not be able to reach the https sites.

Is there something else I can look at to resolve this issue?

Thank you for all your help

Coordinator
Mar 21, 2012 at 4:25 PM

By register the root certificate with SharePoint, I mean add it to the trusted sites in SharePoint. Central Admin -> Security -> Manage Trust.

Mar 21, 2012 at 4:31 PM
Edited Mar 21, 2012 at 4:36 PM

 

You said: ” By register the root certificate with SharePoint, I mean add it to the trusted sites in SharePoint. Central Admin -> Security -> Manage Trust.”

My server shows - local - when I click on local it shows certificates. 

 

Coordinator
Mar 21, 2012 at 5:16 PM

As long as local is the root certificate for your ssl certificate (not the ssl certificate itself) you should be fine. Search the log file for FBA after the error occurs and the error will say if it's a trust error or something else. 

Mar 21, 2012 at 8:14 PM
Edited Mar 21, 2012 at 8:33 PM

Here is the error:

Are is the error:

Failed to open the file 'C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\Resources\FBAPackMembershipRequestWebPart.en-US.resx'.        ca7a4eb4-a241-4a7a-a059-35faf00e12a3

03/21/2012 14:54:32.54          w3wp.exe (0x1164)                            0x14D4           SharePoint Foundation                     General                       b9y4    High               #20015: Cannot open "": no such file or folder.         ca7a4eb4-a241-4a7a-a059-35faf00e12a3

I also found The Incoming E-Mail service has completed a batch.  The elapsed time was 00:00:00.  The service processed 0 message(s) in total.

As mentioned - a relay has been setup.  We are able to send internal and external emails from SharePoint.

Very strange

 

Coordinator
Mar 21, 2012 at 9:03 PM

This isn't the error you're looking for. Unfortunately SharePoint logs if the language file for the sites locale does not exist, even though it does correctly load the resources from the default resource file.

Keep looking - there should be another error message.

Mar 21, 2012 at 10:52 PM

Thanks for you for all your help.  I hope this is the complete error this time:

 

ailed to open the file 'C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\Resources\FBAPackFeatures.en-US.resx'.    5b1f3e57-278d-4d8d-81b3-4ec1768e91b8
03/21/2012 17:41:22.93     w3wp.exe (0x1164)                           0x0F8C    SharePoint Foundation             General                           b9y4    High        #20015: Cannot open "": no such file or folder.    5b1f3e57-278d-4d8d-81b3-4ec1768e91b8
03/21/2012 17:41:22.93     w3wp.exe (0x1164)                           0x0F8C    SharePoint Foundation             General                           b9y4    High        (#2: Cannot open "": no such file or folder.)    5b1f3e57-278d-4d8d-81b3-4ec1768e91b8
03/21/2012 17:41:22.93     w3wp.exe (0x1164)                           0x0F8C    SharePoint Foundation             General                           b9y9    High        Failed to read resource file "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\Resources\FBAPackFeatures.en-US.resx" from feature id "(null)".    5b1f3e57-278d-4d8d-81b3-4ec1768e91b8
03/21/2012 17:41:22.93     w3wp.exe (0x1164)                           0x0F8C    SharePoint Foundation             General                           8e26    Medium      Failed to open the language resource keyfile FBAPackFeatures.    5b1f3e57-278d-4d8d-81b3-4ec1768e91b8
03/21/2012 17:41:22.93     w3wp.exe (0x1164)                           0x0F8C    SharePoint 2010 FBA Pack          General                           0000    High        System.Exception: Error sending mail notification     at Visigo.Sharepoint.FormsBasedAuthentication.MembershipRequest.ApproveMembership(MembershipRequest request, SPWeb web)    5b1f3e57-278d-4d8d-81b3-4ec1768e91b8
03/21/2012 17:41:22.93     w3wp.exe (0x1164)                           0x0F8C    SharePoint 2010 FBA Pack          General                           0000    High        System.Exception: Error sending mail notification     at Visigo.Sharepoint.FormsBasedAuthentication.MembershipRequest.ApproveMembership(MembershipRequest request, SPWeb web)     at Visigo.Sharepoint.FormsBasedAuthentication.MembershipRequestControl.<>c__DisplayClass2.<OnCreatedUser>b__0()    5b1f3e57-278d-4d8d-81b3-4ec1768e91b8

 

Just a note - if I go to Site Settings==>FBA User Management and Add a user - an email will send from here.

Coordinator
Mar 22, 2012 at 2:23 AM

I'm surprised there's no error message about an untrusted certificate, as that would be my guess as to the issue. If you can send an email from FBA User Management - Add a user, then the problem has something to do with the templates. That's the only difference between sending from the web parts and the user management screen - the user management page does not use templates. And it's opening the templates that doesn't work over https if the root certificate is not trusted by SharePoint.  So i'd still guess that is your problem. There's some more details on trusting the certificate at the bottom of this discussion: http://sharepoint2010fba.codeplex.com/discussions/281876. You might want to try adding a new trust with the root certificate - maybe the existing trust is incorrect.

Mar 22, 2012 at 2:32 AM

I agree with you - I believe it's the certificate also.  I will speak with the person originally installed before doing anything and give an update as soon as I can

Mar 22, 2012 at 4:21 AM

Hi,

I had the same issue with simplier configuration, not https for intranet.

http://servername/ works fine. User got created and email sent out.

AAM http://www.abc.com/ unknow error. AAM is set as intranet. In Log file, beside resource file entry, I didn't find other FBA related entries.

Thank you

Coordinator
Mar 22, 2012 at 4:49 AM

Does the rest of the site work properly using the intranet url? How about the FBA managment screens? I assume you extended the web application - did you make all of the FBA web.config changes in the extended web.config?

Mar 22, 2012 at 1:57 PM

Thanks for your note. 

The site works fine with the intranet url, in terms of general SharePoint functions. Other part of FBA also works, create roles, list role, view request etc. I re-dployed the FBA pack and still the same error.

Coordinator
Mar 22, 2012 at 2:47 PM

There should be an error in the log file when you get "Unknown Error". Does the email sending work when you add a user using the FBA User Management screen?

Mar 22, 2012 at 5:43 PM

FBA User Management both internal or intranet URL created user but none of them send email out.

I did find error in Log file when register user from intranet URL. xxx.xx.xxx.xxx:80 is intranet public IP address. When I traced SQL Profile, the user registration only invoked  dbo.aspnet_Membership_GetUserByName. 

03/22/2012 12:21:34.12  w3wp.exe (0x20C8)                        0x1D7C SharePoint 2010 FBA Pack       General                        0000 High     System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it xxx.xx.xxx.xxx:80     at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)     at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& exception)     --- End of inner exception stack trace ---     at System.Net.HttpWebRequest.GetResponse()     at System.Xml.XmlDownloadManager.GetNonFileStream(Uri uri, ICredentials credentials)     at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn) ... eb81cce9-a081-4e58-969c-1836416180b2
03/22/2012 12:21:34.12* w3wp.exe (0x20C8)                        0x1D7C SharePoint 2010 FBA Pack       General                        0000 High     ...    at System.Xml.Xsl.Xslt.XsltLoader.CreateReader(Uri uri, XmlResolver xmlResolver)     at System.Xml.Xsl.Xslt.XsltLoader.Load(Compiler compiler, Object stylesheet, XmlResolver xmlResolver)     at System.Xml.Xsl.Xslt.Compiler.Compile(Object stylesheet, XmlResolver xmlResolver, QilExpression& qil)     at System.Xml.Xsl.XslCompiledTransform.CompileXsltToQil(Object stylesheet, XsltSettings settings, XmlResolver stylesheetResolver)     at System.Xml.Xsl.XslCompiledTransform.LoadInternal(Object stylesheet, XsltSettings settings, XmlResolver stylesheetResolver)     at System.Xml.Xsl.XslCompiledTransform.Load(String stylesheetUri, XsltSettings settings, XmlResolver stylesheetResolver)     at Visigo.Sharepoint.FormsBasedAuthentication.Email.SendEmail(SPWeb web, String emailTo, String xsltTemplate... eb81cce9-a081-4e58-969c-1836416180b2
03/22/2012 12:21:34.12* w3wp.exe (0x20C8)                        0x1D7C SharePoint 2010 FBA Pack       General                        0000 High     ...File, IDictionary xslValues) eb81cce9-a081-4e58-969c-1836416180b2
03/22/2012 12:21:34.13  w3wp.exe (0x20C8)                        0x1D7C SharePoint Foundation          Monitoring                     b4ly Medium   Leaving Monitored Scope (Request (POST:http://www.dotnet-training.ca:80/SitePages/Registration.aspx)). Execution Time=1244.44831675534 eb81cce9-a081-4e58-969c-1836416180b2

 

 

Coordinator
Mar 22, 2012 at 5:58 PM

So with /servername/ the web parts will send emails, but the user management page won't? That sounds strange, since they both use the same mechanism to send email.

As for the error you sent, it's unable to open the templates using the url. Try to access them manually with your web browser (the path to the templates are in the FBA Site Configuration page). I'd guess there's either an issue with the AAM, so SharePoint is not recognizing the URL, or anonymous access is not turned on for that zone.

Mar 22, 2012 at 6:34 PM

I've re-tested the cases. FBA User Management works for both servername and URL, with email sent out.

I was able to access email template (.xls) through URL in browser as anonymous user.

Coordinator
Mar 22, 2012 at 10:24 PM

Do you have anonymous access turned on for the zone?

Mar 22, 2012 at 10:47 PM

Anonymous is set to "All Zones"   None - no policy

I also verified that the root certificate was installed.  Still unable to send the emails.

Mar 23, 2012 at 12:22 AM
ccoulson wrote:

Do you have anonymous access turned on for the zone?


Anonymous is enabled.

Mar 23, 2012 at 3:36 AM

It's been resolved. It turn out DNS issue. Public URL is not resolved properly from inside. That's why I got Socket connection issue.

Thanks for your help on this! 

Coordinator
Mar 23, 2012 at 4:18 AM

Trixie: I'm not sure. If you'd like you can purchase a support plan at http://www.visigo.com/purchase.html and i'll do a screen sharing session with you and work at solving the problem in your environment.

Mar 23, 2012 at 2:13 PM

Thanks but after many test membership request and looking through thousands of lines logs and I found the Trust info.  It appears that the certificate was installed as "Personal Certificates" instead of Root CA. Just trying to get the person who installed it to correct their mistake. 

Question in regard to the emails that are sent out - Will modifying the emails cause a problem??

Coordinator
Mar 23, 2012 at 3:50 PM

You mean modifying the xslt templates for the emails? No, that shouldn't cause a problem at all.

Mar 23, 2012 at 3:53 PM

Great!!  Thank you so much for all your help

Mar 28, 2012 at 7:51 PM

Hi Chris,

Just to give you an update and see your thoughts on this issue.  The certificate needed to be repaired, once repaired I added to it to SharePoint.  There are two certificates listed under Mange Trust - one is the SharePoint Certificate and the other root CA needed.  I then try to register an individual and receive the Unknown Error again.  Logs show:

Critical  An operation failed because the following certificate has validation errors:\n\nSubject Name: CN=SharePoint Services, OU=SharePoint, O=Microsoft, C=US\nIssuer Name: CN=SharePoint Root Authority, OU=SharePoint, O=Microsoft, C=US\nThumbprint: C36240461511D6FB3BFE479C04AADC9E1B6DB90E\n\nErrors:\n\n The root of the certificate chain is not a trusted root authority..        af099337-f2b1-4b34-9876-0ddf58440ea6

Note - if I remove the local certificate (list above from the log) the webpart works fine.

I've opened an incident with Microsoft.  As usual, MS says it's a problem with the Web Part - the web part must be having an issue determining which certificate to use.  Have you seen this before?

Thank you once again

Coordinator
Mar 29, 2012 at 5:08 AM

Actually you should only need the root certificate to be trusted, and then by default all certificates generated by that root authority are trusted. That's how I have it in all of my configurations.

Of course I wouldn't think that adding the actual certificate should cause problems. From the error my guess is that the problem is that the certificate is a self generated certificate. All of my testing has been with certificates from real certificate authorities. I expect you can probably get rid of this error by setting up windows to recognize the authority that generated this certificate as a trusted authority. I'd try following a guide like this one:

http://blogs.technet.com/b/sbs/archive/2007/04/10/installing-a-self-signed-certificate-as-a-trusted-root-ca-in-windows-vista.aspx

Mar 31, 2012 at 4:57 AM

I'm back - still having issues.  After 3 days on te phone with Microsoft I am no longer receiving:

Critical  An operation failed because the following certificate has validation errors:\n\nSubject Name: CN=SharePoint Services, OU=SharePoint, O=Microsoft, C=US\nIssuer Name: CN=SharePoint Root Authority, OU=SharePoint, O=Microsoft, C=US\nThumbprint: C36240461511D6FB3BFE479C04AADC9E1B6DB90E\n\nErrors:\n\n The root of the certificate chain is not a trusted root authority..        af099337-f2b1-4b34-9876-0ddf58440ea6

I am now receiving:

 An operation failed because the following certificate has validation errors:\n\nSubject Name: CN=client.king-worldwide.com, O="D.F. King & Co., Inc.", L=New York, S=New York, C=US, SERIALNUMBER=2283065, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization\nIssuer Name: CN=DigiCert High Assurance EV CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US\nThumbprint: 7DE9ED8A075CD3E7933BD1CDFE7AB943D3C9BCD9\n\nErrors:\n\n The root of the certificate chain is not a trusted root authority.

I followed all of the directions in the blogs (in your reply above) and still no luck.  I even undeployed and deployed again.  I'm at a loss

Coordinator
Mar 31, 2012 at 5:52 AM

Since you're now receiving ' The root of the certificate chain is not a trusted root authority' - all you should have to do it export the root of the certificate and add it to the trusted certificates in SharePoint. To get the root certificate:

-> Certificate Information -> Certification Path -> View Certificate on top certificate in the path -> Details tab -> Copy to File...

Apr 10, 2012 at 4:52 PM

An update for others who may be having the same issue.  This problem was finally resolved.  Microsoft support was useless - inexperienced support person who would not escalated the issue even after emailing their team leader and their manager.  Luckily the certificate company support  person made some suggestions that helped.  Namely, add the Entrust certificate and it worked.

Jul 6, 2012 at 9:59 PM

Hello, I am experiencing a similar issue. The Membership Request webpart returns 'unknown error' on submit. My logs says "...The root of the certificate chain is not a trusted root authority..." I have a wildcard certificate installed under Personal and have exported it and added it to my trust relationships in SharePoint. The Password Reset sends email fine, so I'm confused why one webpart works and the other doesn't. Do I need to move the cert from Personal to Trusted Root? What would be the optimal settings to have all the webparts functioning? Thanks!

Coordinator
Jul 6, 2012 at 10:20 PM

If the password reset works fine - maybe you have <mailSettings> in the web.config - so the password recovery web part is actually sending the default email instead of the templated email. If it's working and using the templated email, the first line of the email will be:

You have requested this mail because you have forgotten your password to ...

As for the "root of the certificate chain" error - the issue is that you've probably just added the certificate to your trust relationships. It's not the actual certificate you add, but the root certificate. To do that, open up the certificate properties, click the 'Certification Path' tab, select the topmost certificate, click 'View Certificate', click 'Details', click 'Copy to File'. Finally, add that exported certificate to your trust relationships.

Now for some good news. I'm just testing the next version of the FBA Pack. It fixes both these errors:

Having <mailSettings> in the web.config still allows the password recovery web part to function properly.

The email templates are no longer stored in files, so they no longer have any SSL/trust issues.

If testing goes well, i'll hopefully have a new release out this weekend.

Jul 6, 2012 at 11:07 PM

Woo Hoo - guess I had the wrong cert referenced. Membership email is working! I look forward to the new rev - keep up the stellar work!

Aug 26, 2012 at 6:40 PM

I had a similar issue as above and after weeks of troubleshooting finally found my issue. I had the FBA pack working 100% in dev but no matter what i tried couldn’t get it to work in Prod. Was getting an exception

"System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond "when it tried to load the XSLT.

The solution for me included the certificate issue above but also was related to the DNS IP address. Our site is NAT'ed behind a firewall and the IP of the server is not the same as the public IP. The IP that the code had gotten was the External IP. Then it clicked, on Dev i had added local host entry’s to test access to the site (hence local DNS IP to 127.0.0.1). After a quick change on production to test, registration and other email related controls worked first time.

With a temporary fix in place, I now need to find something a bit more unwavering.

Hopefully this helps someone else.

 

Coordinator
Aug 27, 2012 at 2:42 AM

Just an FYI, as of version 1.3, the xslt/ssl loading errors should no longer be happening due to a change in the way the xslt is loaded.

Feb 14, 2013 at 9:12 PM
I am having a related problem. I had installed and configured fba. When using the register web part, I am getting an unknown error but there is no detail being logged in any of the log files (Sharepoint, IIS, Events).

Please help.
Coordinator
Feb 14, 2013 at 9:32 PM
Usually an unknown error in the register web parts is due to an inability to send the email. There always should be an error message in the SharePoint log file (C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\LOGS) for an unknown error.