Current configuration:
- 1 SharePoint 2019 farm (single server installation)
- 3 Workflow Manager Servers
- Workflow Manager servers are load balanced
- Workflow Manager is set to work only on https
- Workflow Manager SSL certificate with DNS=*.domain.com & all 3 server names
- Required permissions are in place
- URLs (SharePoint web application/site and wfm) are accessible both ways
Running with farm admin account: Register-SPWorkflowService -SPSite "https://siteurl" -WorkflowHostUri "https://wfmurl:12290/" -Force -Verbose Throws the following error:
Register-SPWorkflowService : Failed to query the OAuth S2S metadata endpoint at URI 'https://webappurl/_layouts/15/metadata/json/1'. Error details: 'There was an error deserializing the object of type Microsoft.Workflow.Management.Security.OAuthS2SJsonMetadataDocument+JsonMetadataDocumentContract. Encountered unexpected character '<'.'. HTTP headers received from the server - ActivityId: 6de1c881-b1ca-411d-9004-ceea397d4453. NodeId: SERVERNAME. Scope: /DEV. Client ActivityId : bdeb429f-7bb1-e0c1-d7d1-f868a175396b. At line:1 char:1 + Register-SPWorkflowService -SPSite https://webappurl ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidData: (Microsoft.Share...WorkflowService:RegisterSPWorkflowService) [Register-SPWorkflowService], InvalidRequestException + FullyQualifiedErrorId : Microsoft.SharePoint.WorkflowServices.PowerShell.RegisterSPWorkflowService
Any input is appreciated.
it's related with post installing the April 2020 CU KB 4484292 and KB 4484291.
After call with MS premier field engineer it's resolved like http://thewindowsupdate.com/2020/06/04/sharepoint-2019-issue-with-sharepoint-2013-workflows-post-april-2020-cu/
You need to remove the existing SPTrustedSecurityTokenIssuer and the register it like below
(id from Get-SPTrustedSecurityTokenIssuer collection)
or
New-SPTrustedSecurityTokenIssuer -Name "00000005-0000-0000-c000-000000000000" -MetadataEndPoint 'https://server:12290/$System/$Metadata/json/1' -RegisteredIssuerName "00000005-0000-0000-c000-000000000000@*"
PS No any concern here at
Remove-SPTrustedSecurityTokenIssuer
easy to go