SharePoint Workflow Cannot Access External List

I set up a Site Workflow that reads some properties of an employee from an external SQL Database.
* created a dbreader user in SQL Server
* added the SQL credentials to Secure Store
* created External Content Type in Designer
* created External List based on the previously created ECT
* user is able to see data in the External List
* created Workflow that reads data from the External List.
* running the Workflow will return empty data for any query from the External List
* following error in the logs

w3wp.exe (0x029C)                         0x3D4C  Secure Store Service            Secure Store                    efr5  High      ValidateCredentialClaims - Access Denied: Claims stored in the credentials did not match with the group claim for a group app.

w3wp.exe (0x029C)                         0x3D4C  Secure Store Service            Secure Store                    7493  Critical  The Microsoft Secure Store Service application Secure Store Service failed to retrieve credentials. The error returned was 'Access is denied.'. For more information, see the Microsoft SharePoint Products and Technologies Software Development Kit (SDK).

w3wp.exe (0x029C)                         0x3D4C  Secure Store Service            Secure Store                    efp6  Monitorable  GetRestrictedCredentials failed with the following exception: System.ServiceModel.FaultException`1[Microsoft.Office.SecureStoreService.Server.SecureStoreServiceFault]: Access is denied. (Fault Detail is equal to Microsoft.Office.SecureStoreService.Server.SecureStoreServiceFault). &nbsp

w3wp.exe (0x43B8)                         0x4320  SharePoint Foundation           Workflow Infrastructure         el2x  Medium    The workflow could not find the specified item in the external data source. Make sure the user has permissions to access the external data source and read items.

Solution:

The System Account had no permission over the Secure Store Object to read the credentials to the SQL Server. The System Account is the account which is running the Application Pool .

Central Administration -> Manage Service Applications -> Secure Store Service : Manage -> Edit the application ID -> Next -> Next -> Add the AppPool user to the Members list.

A really nice, detailed guide on Business Connectivity Services can be found here.

Comments

Post a Comment

Popular posts from this blog

"There's a configuration problem preventing us from getting your document. If possible, try opening this document in Microsoft Word." Office WebApp Error

Problem: When Opening a word document I get the following error when Office Web Apps tries to render the document " There's a configuration problem preventing us from getting your document. If possible, try opening this document in Microsoft Word. " Initial Hypothesis: Check the ULS logs on the Web Front End (SharePoint Server) as this doesn't tell me much.  I found the following issue in my UL S: WOPI (CheckFile) - Invalid Proof Signature for file SandPit Environment Setup.docx url: http://web-sp2013-uat.demo.dev/Docs/_vti_bin/wopi.ashx/files/6d0f38c0d5554c87a655558da9cedcad?access_token... Resolution: Run the following PS> Update-SPWOPIProofKey -ServerName "wca-uat.demo.dev" More Info: http://technet.microsoft.com/en-us/library/jj219460.aspx
Continue Read

"Sorry, Word Web App can't open this ... document because the service is busy." Office WebApp

Problem: Intermitten requests are not returning the pdf/word documents.  Most requests are working and occasionally 1 request doesn't work.  Every 4th request tries to get the pdf to display on Office Web Apps for a few minutes without any error message and then stops trying and displays the message "Sorry, Word Web App can't open this ... document because the service is busy." Initial Hypothesis: Originally I thought it was only happening to pdfs but it is happening to word and pdf documents (I don't have excel docs in my system).  My monitoring software SolarWinds is badly configured on my OWA servers as the monitor is showing green, drining into the servers monitoring the 2 application monitors are failing.  The server should go amber if either of the 2 applications fail and in turn red after 5 minutes.  At this point I notice that I can't log onto my 4 OWA/WCA server.  Web request are not being returned.  I look at my KEMP load balancer and it says al
Continue Read

Unable to create a "Send to Connection"- verification failed -url is a not a valid routing destination

ISSUE : Unable to successfully create a send to connection. When creating the Send to connection from Sharepoint 2010 Central Administration and click on Test URL for the Destination URL , we get the following error "verification failed -url is a not a valid routing destination" we see the following entry in the ULS logs Url validation failed for http://gmallya.test.com/sites/testrecordcenter/_vti_bin/OfficialFile.asmx   during Record and document center connection configuration with exception The request failed with HTTP status 401: Unauthorized .:  at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)     at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)     at Microsoft.SharePoint.OfficialFileSoap.GetServerInfo()     at Microsoft.SharePoint.ApplicationPages.OfficialFileAdminPage.<>c__DisplayClass2.&l
Continue Read