Service Bus Gateway Certificate Expired

Msdc 271 Reputation points
2020-10-18T18:21:17.897+00:00

Hello,

A 2013 Workflow stopped working in my environment last Monday (10/12/2020) I noticed so I started doing some digging and actually found that a error/alert started 10/10/2020 with the following errors below:

Warning 10/10/2020 8:38:42 PM   CertificateServicesClient-AutoEnrollment    64  None
Certificate for local system with Thumbprint f7 42 1f 81 c8 c2 1e 87 ae f4 f8 d8 dd 3a 24 92 74 98 20 53 is about to expire or already expired.

Application: Microsoft.ServiceBus.Gateway.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentException
   at Microsoft.ServiceBus.Gateway.ServiceHealthCheck.GetCertExpiryTimeRemaining(System.String, System.String ByRef)
   at Microsoft.ServiceBus.Gateway.ServiceHealthCheck.CheckForHealth()
   at Microsoft.ServiceBus.Gateway.Gateway.DoHealthCheck(System.Object)
   at Microsoft.ServiceBus.Common.IOThreadScheduler+ScheduledOverlapped.IOCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)
   at Microsoft.ServiceBus.Common.Fx+IOCompletionThunk.UnhandledExceptionFrame(UInt32, UInt32, System.Threading.NativeOverlapped*)
   at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)


Faulting application name: Microsoft.ServiceBus.Gateway.exe, version: 2.0.20922.0, time stamp: 0x505e1bac
Faulting module name: KERNELBASE.dll, version: 6.2.9200.23141, time stamp: 0x5f30a4ed
Exception code: 0xe0434352
Fault offset: 0x000000000001897c
Faulting process id: 0xa14
Faulting application start time: 0x01d69466c79ad11f
Faulting application path: C:\Program Files\Service Bus\1.0\Microsoft.ServiceBus.Gateway.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 7b971d2e-0b5a-11eb-9489-0050568545c0
Faulting package full name: 
Faulting package-relative application ID: 

Error   10/10/2020 8:42:12 PM   Service Bus Gateway 0   None
Service cannot be started. System.InvalidOperationException: Certificate requested with thumbprint F7421F81C8C21E87AEF4F8D8DD3A249274982053 not found in the certificate store LocalMachine\My.
   at Microsoft.ServiceBus.Commands.Common.DBEncryptionHelper.FindCert(String thumbprint)
   at Microsoft.ServiceBus.Commands.Common.DBEncryptionHelper.DecryptStringUsingCertificate(String thumbprint, String encryptedStr)
   at Microsoft.ServiceBus.Commands.Common.DBEncryptionHelper.DecryptDbConnectionStringIfEncrypted(String encryptedEncryptionToken, String encryptionCertThumbprint, String dbConnectionString)
   at Microsoft.ServiceBus.Commands.Common.ServerInfo.FillServerInfo(ServerInfo serverInfo, String registryPath)
   at Microsoft.ServiceBus.Commands.SBServerInfo.GetSBServerInfo()
   at Microsoft.ServiceBus.Gateway.Gateway.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

I'm guessing I just need to get the Cert renewed to get things back working but not sure what are the steps to get cert renewed on the Service Bus server. The Service Bus Gateway is configured on the web server currently. I am unable to remove the 2013 workflows or anything I'm guessing since the cert is expired it has somehow locked any kind of 2013 workflow functionality.

SharePoint Server
SharePoint Server
A family of Microsoft on-premises document management and storage systems.
2,190 questions
SharePoint Server Development
SharePoint Server Development
SharePoint Server: A family of Microsoft on-premises document management and storage systems.Development: The process of researching, productizing, and refining new or existing technologies.
1,565 questions
SharePoint Server Management
SharePoint Server Management
SharePoint Server: A family of Microsoft on-premises document management and storage systems.Management: The act or process of organizing, handling, directing or controlling something.
2,786 questions
0 comments No comments
{count} votes

Accepted answer
  1. Sharath Kumar Aluri 3,071 Reputation points
    2020-10-18T20:27:34.443+00:00

    To renew the certificate you need to change the change the time on your server to before the certificate expired date and then update the certificate, below article will help you to update/renew certificate.

    http://www.harbar.net/articles/wfm3.aspx
    https://social.technet.microsoft.com/Forums/en-US/a123f2c0-33af-4a56-9ffa-5a6296703ef9/problem-with-servicebus-certificate-error?forum=sharepointadmin

    Thanks & Regards,

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. ChelseaWu-MSFT 6,311 Reputation points
    2020-10-19T02:43:30.197+00:00

    Here are the steps to renew an expired certificate for Service Bus for Windows Server farm certificate:

    1. Call Stop-SBFarm on one of the nodes in the farm.
    2. Install a new certificate on all Service Bus machines.
    3. Call the Set-SBCertificate cmdlet and run this cmdlet on one of the farm machines: Set-SBCertificate -FarmCertificateThumbprint $cert.Thumbprint -SkipKeyReEncryption
    4. Call the Update-SBHost cmdlet on all farm nodes.
    5. Call the Set-SBNamespace cmdlet and run this cmdlet on one of the farm machines: Set-SBNamespace -Name <namespace> -PrimarySymmetricKey <Base64 string>
    6. Call the Start-SBFarm cmdlet on one of the farm nodes.

    Detailed information can be found via this document: Service Bus Configuration How-to - How to renew an expired certificate.


    If an Answer is helpful, please click "Accept Answer" and upvote it.
    **Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread. **

    0 comments No comments

  2. 興涛 劉 1 Reputation point
    2021-04-16T06:57:04.43+00:00

    server bus client startted 12h,auto stop

    0 comments No comments