we were testing in our test ServiceBus to add in the failover DB instance in the Service Bus connection string. After successfully following the steps below, we encounter the error "Security token service finished processing a request with failure" in events logs almost every minute.
I have a case with Microsoft for 3 weeks and they seem unable to find out the root cause. Would anyone here seen such similar token service error ?
Why would the connection string is going to a local host -> https://localhost:9355/ServiceBusDefaultNamespace/$STS/OAuth/
Steps to add in DB failover string:
1. Execute “SB-GetFarm” cmdlet, to collect information about your current configuration: Certificates thumbprint, connection string, RunAsAccount , MessageBrokerPort , etc. You will need that info on step 3.
2. Remove all nodes from the Service Bus Farm
3. On one of the farm nodes, Restore the SBFarm using the new Connection string. As an example, let’s imagine that we need to modify SB connection string to add “Failover Partner” attribute. The cmdlet would be like below:
Restore-SBFarm -FarmCertificateThumbprint F91C37410FBE53B92E1B24FAC7A0D82EA4391B81 -GatewayDBConnectionString “Data Source=<SQL Server>;Failover Partner=<SQL Mirroring Server>;Initial Catalog=SbGatewayDatabase;Integrated Security=True;Encrypt=False” -SBFarmDBConnectionString “Data Source=<SQL Server>;Failover Partner= Mirroring Server>;Initial Catalog=SbManagementDBNew;Integrated Security=True;Encrypt=False” -EncryptionCertificateThumbprint 91C37410FBE53B92E1B24FAC7A0D82EA4391B81 -RunAsAccount <YourAccount> -MessageBrokerPort <MessageBrokerPort> -HttpsPort <HttpsPort> -TCPPort <TCPPort>
Note: The Restore-SBFarm cmdlet creates a new Service Bus for Windows Server farm database (SbManagementDBNew). You can delete the old Service Bus for Windows Server farm database. Once above cmdlet is executed, next two connections strings will have been changed: GatewayDBConnectionString and SBFarmDBConnectionString
4. On all new farm nodes, run the Add-SBHost :
$secure_string_pwd = convertto-securestring “<Your Password>” -asplaintext -force
Add-SBHost -SBFarmDBConnectionString “Data Source=<SQL Server>;Failover Partner=<SQL Mirroring Server>;Initial Catalog=SbManagementDBNew;Integrated Security=True;Encrypt=False” -RunAsPassword $secure_string_pwd -EnableFirewallRules $T
5. Call the Stop-SBFarm cmdlet to stop all Service Bus for Windows Server services on all hosts, that’s a prerequisite for next step.
6. Restore the message containers. This step is required to modify the connection string to the message containers. Remember that you can have more than one (For more information, see the Get-SBMessageContainer cmdlet).
Restore-SBMessageContainer -Id 1 –ContainerDBConnectionString “Data Source=<SQL Server>;Failover Partner=<SQL Mirroring Server>;Initial Catalog=SBMessageContainer01;Integrated Security=True;Encrypt=False”
7. Call the Start-SBFarm cmdlet to start all Service Bus for Windows Server services on all hosts.
Error after update connection string for failover DB:
Security token service finished processing a request with failure. TrackingId: dff19ba2-f023-42fc-9cdd-150cd2d21f47_GCE-MAS-0021, Absolute Uri: https://localhost:9355/ServiceBusDefaultNamespace/$STS/OAuth/, Message: System.FormatException: Cannot resolve a namespace for scope: https://localhost:9355/ServiceBusDefaultNamespace.
at Microsoft.Cloud.ServiceBus.Security.OAuthAuthenticationRequest.Parse(Message message, Int32 maxArrayLength)
at Microsoft.Cloud.ServiceBus.Security.SecurityTokenServiceProtocolHandler.GetTokenAsyncResult.ParseAuthenticationRequest(Message requestMessage, Int32 maxArrayLength)
at Microsoft.Cloud.ServiceBus.Security.SecurityTokenServiceProtocolHandler.GetTokenAsyncResult.<GetAsyncSteps>d__2c.MoveNext()
at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.EnumerateSteps(CurrentThreadType state)
at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.Start()