Skip to main content

OWA not working after security update


Office web apps for SharePoint 2013 not working after security updates / server patching.

After installation of the following security patches, OWA stopped working there by causing issues with SharePoint 2013.

Details of ULS logs are provided below.

FarmStateReplicator.exe (0x0CD8)
Office Web Apps
Farm State

Error when trying to connect to Farm State Manager service: System.ServiceModel.EndpointNotFoundException: There was no endpoint listening at http:///farmstatemanager/FarmStateManager.svc that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details. ---> System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress) at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception) --- End of inner exception stack trace --- at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context) at System.Net.HttpWebRequest.GetRequestStream() at System.ServiceModel.Channels.HttpOutput.WebRequestHttpOutput.GetOutputStream() --- End of inner exception stack trace --- Server stack trace: at System.ServiceModel.Channels.HttpOutput.WebRequestHttpOutput.GetOutputStream() at System.ServiceModel.Channels.HttpOutput.Send(TimeSpan timeout) at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.SendRequest(Message message, TimeSpan timeout) at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at Microsoft.Office.Web.Apps.Environment.WacServer.IFarmStateManagerService.GetAllSettings(DateTime lastGetTime, Guid correlationId) at Microsoft.Office.Web.Apps.Environment.WacServer.RemoteFarmSettings.Refresh() at Microsoft.Office.Web.Apps.Environment.WacServer.ACacheableFarmStateObject.Sync(Boolean force) at Microsoft.Office.Web.Apps.Environment.WacServer.AFarmSettings.get_MasterMachineName() at Microsoft.Office.Web.Apps.Environment.WacServer.RemoteFarmState.get_IsMaster() at Microsoft.Office.Web.WacServer.FarmStateReplicator.Replicate()

Understood that the following security updates were installed in the server

LinkDescriptionHotFixID
http://support.microsoft.com/?kbid=2843630UpdateKB2843630
http://support.microsoft.com/?kbid=2851234UpdateKB2851234
http://support.microsoft.com/?kbid=2898865Security UpdateKB2898865
http://support.microsoft.com/?kbid=2898866Security UpdateKB2898866
http://support.microsoft.com/?kbid=2901119Security UpdateKB2901119
http://support.microsoft.com/?kbid=2901120Security UpdateKB2901120
http://support.microsoft.com/?kbid=2903938UpdateKB2903938
http://support.microsoft.com/?kbid=2904659Security UpdateKB2904659
http://support.microsoft.com/?kbid=2909210Security UpdateKB2909210
http://support.microsoft.com/?kbid=2911101UpdateKB2911101
http://support.microsoft.com/?kbid=2912390Security UpdateKB2912390
http://support.microsoft.com/?kbid=2916036Security UpdateKB2916036
http://support.microsoft.com/?kbid=2917499UpdateKB2917499
http://support.microsoft.com/?kbid=2919393UpdateKB2919393
http://support.microsoft.com/?kbid=2925418Security UpdateKB2925418
http://support.microsoft.com/?kbid=2929755UpdateKB2929755
http://support.microsoft.com/?kbid=2930275Security UpdateKB2930275

The OWA server event logs have the following errors.


Service cannot be started. System.InvalidOperationException: The certificate has not been specified.
   at Microsoft.Web.Administration.SiteCollection.Add(String name, String bindingInformation, String physicalPath, Byte[] certificateHash)
   at Microsoft.Office.Web.Environment.WacServer.IisProvisioningUtil.ProvisionNewSite(ServerManager serverManager, String name, String physicalPath, String applicationPoolName, List`1 bindings)
   at Microsoft.Office.Web.Environment.WacServer.AgentManager.AgentController.ProvisionTopLevelSites(IEnumerable`1 webAgentsToRun)
   at Microsoft.Office.Web.Environment.WacServer.AgentManager.AgentController.StartAgents()
   at Microsoft.Office.Web.Environment.WacServer.AgentManager.AgentManagerApplication.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


trying to query the webapps machine returns the below error.

Get-OfficeWebAppsMachine

Get-OfficeWebAppsMachine : It does not appear that this machine is part of an Office Web Apps Server farm.
At line:1 char:1
+ Get-OfficeWebAppsMachine
+ ~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [Get-OfficeWebAppsMachine], InvalidOperationException
    + FullyQualifiedErrorId : NotJoinedToFarm.AgentManagerNotRunning,Microsoft.Office.Web.Apps.Administration.GetMachineCommand

Get-OfficeWebAppsFarm


Get-OfficeWebAppsFarm : It does not appear that this machine is part of an Office Web Apps Server farm.
At line:1 char:1
+ Get-OfficeWebAppsFarm
+ ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [Get-OfficeWebAppsFarm], InvalidOperationException
    + FullyQualifiedErrorId : NotJoinedToFarm.AgentManagerNotRunning,Microsoft.Office.Web.Apps.Administration.GetFarmCommand

Restart-Service WACSM

WARNING: Waiting for service 'Office Web Apps (WACSM)' to start...
WARNING: Waiting for service 'Office Web Apps (WACSM)' to start...
Restart-Service : Failed to start service 'Office Web Apps (WACSM)'.
At line:1 char:1
+ Restart-Service WACSM
+ ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OpenError: (System.ServiceProcess.ServiceController:ServiceController) [Restart-Service], ServiceCommandException
    + FullyQualifiedErrorId : StartServiceFailed,Microsoft.PowerShell.Commands.RestartServiceCommand

tried  the below with no result.

dism /online /enable-feature /featurename:IIS-ASPNET45
#reference : http://technet.microsoft.com/en-us/library/jj219455(v=office.15).aspx

Tried

Repair-OfficeWebAppsFarm

Did not work

Finally for the solution

On OWA server:

Remove-OfficeWebAppsMachine
New-OfficeWebAppsFarm -InternalUrl "https://server.contoso.com" -ExternalUrl "https://wacweb01.contoso.com" -CertificateName "OfficeWebApps Certificate" -EditingEnabled

To verify that the farm was created successfully, navigate to:

https://server.contoso.com/hosting/discovery

On SharePoint 2013
# Point PROD to PROD OWA server
Remove-SPWOPIBinding -All:$true
New-SPWOPIBinding -ServerName _owaservername_
#Set-SPWOPIZone -zone "external-https"
Get-SPWOPIZone
Get-SPWOPIZone | Get-SPWOPIBinding

Thankfully did not have to reinstall as mentioned in the article
http://technet.microsoft.com/en-us/library/jj966220.aspx

Quoted below:
WarningWarning:
Applying Office Web Apps Server updates by using the automatic updates process isn’t supported with Office Web Apps Server. This is because updates to an Office Web Apps Server must be applied in a specific way, as described in this article. If Office Web Apps Server updates are applied automatically, users may be unable to view or edit documents in Office Web Apps. If this happens, you have to rebuild your Office Web Apps Server farm. To rebuild a farm, you must remove the Office Web Apps Server from the farm by using Remove-OfficeWebAppsMachine, uninstall Office Web Apps Server by using Add or remove programs, and then reinstall Office Web Apps Server by following the steps that are described in Deploy Office Web Apps Server. After you have reinstalled, apply the update by following the steps that are described in this article.
It is important that you review the guidelines in Planning updates for Office Web Apps Server and establish an update process for the Office Web Apps Server farm.

Comments

lehuspohus said…
Hello! I've experienced same bug recently after installing win2012 security updates. And it seems to be fixed after i'm delete orphaned certificates from computer cert store. Though WAC were needed to be patched anyway, so i've recreated the farm and this definitely fixed bug )
lehuspohus said…
Hello! I've experienced same bug recently after installing win2012 security updates. And it seems to be fixed after i'm delete orphaned certificates from computer cert store. Though WAC were needed to be patched anyway, so i've recreated the farm and this definitely fixed bug )
lehuspohus said…
This comment has been removed by the author.
Thanks lehuspohus, for posting your comment. Did you have to recreate the farm even after removing the orphaned certificates?
lehuspohus said…
No, it was not neccessary to recreate. When i delete certs and restart WAC service, my machine become appears in Get-OfficeWebAppsFarm respond. But I didn't test that thoroughly and start to install updates (with Remove-OfficeWebAppsMachine as first step of course). So i can't confirm with certainty that removing orphaned certs helps in 100% cases.
Unknown said…
Thanks! This just saved me!!!
Thanks Kris. Happy that I could help.
Nick said…
thanks this post saved my day - I really appreciate it!!
doNascimento said…
Had a similar problem with OWA 2016 and SP 2016. All IIS Sites on the OWA server disappeared, most likely after som Windows Updates.
The recreation of the farm did the trick for us.
Sasquat said…
I had a similar problem too with OWA 2013. The steps of recreation the farm did the trick.
Re-bind in sharepoint server was not necessary for me, because I've configured the farm in the same way as before.
Herschel said…
Thank you! after installing Security Patch and having similar errors, this post reminded me that I had to do this same fix 4-5 years ago and it fixed it now, so thank you for posting!

Popular posts from this blog

SharePoint 2013 workflow : The server was unable to process the request

Here, I received another SharePoint 2013 workflow error. This time the workflow was not able to send emails and the following error was being shown Retrying last request. Next attempt scheduled in less than one minute. Details of last request: HTTP Unauthorized to http://sitename/_vti_bin/client.svc/web/lists/getbyid(guid'guid') Correlation Id: id Instance Id: id Fortunately I came across this post which gave me the answer http://sharepoint.stackexchange.com/questions/89101/failed-to-retrieve-the-com-class-factory-for-component-with-clsid-sp-sprequest Solution 1: In InetMgr, go to advanced settings for Security Token Service Application Pool and change "Load User Profile" to true. Recycle application pool. Reason 2 and Solution 2 : There could be another reason for this error. The workflow authentication can fail if the user executing the workflow (this will be the user initiating the workflow) is given permission through active directory group and the co