Wednesday, January 5, 2011

The HTTP request was forbidden with client authentication scheme 'Anonymous'?

When trying to enable "Show workflow visualization on status page" for workflow, I got the error below:


The detailed message is:
System.OperationCanceledException: The server failed to process the request. ---> System.ServiceModel.Security.MessageSecurityException: The HTTP request was forbidden with client authentication scheme 'Anonymous'. ---> System.Net.WebException: The remote server returned an error: (403) Forbidden.
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelAsyncRequest.CompleteGetResponse(IAsyncResult result)
   --- End of inner exception stack trace ---

Server stack trace: 
   at System.ServiceModel.AsyncResult.End[TAsyncResult](IAsyncResult result)
   at System.ServiceModel.Channels.ServiceChannel.SendAsyncResult.End(SendAsyncResult result)
   at System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeEndService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]: 
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at Microsoft.Office.Visio.Server.GraphicsServer.IVisioGraphicsService.EndGetVectorDiagram(IAsyncResult asyncResult)
   at Microsoft.Office.Visio.Server.Administration.VisioGraphicsServiceApplicationProxy.GetVectorDiagram(VectorDiagramRequestContract vectorDiagramRequest)
   at Microsoft.Office.Visio.Server.ServiceWrapper.GetVectorDiagram(String visioFileUrl, Int32 pageNumber, Boolean disableRefresh, AddonDataSource[] dataSources)
   --- End of inner exception stack trace ---
   at Microsoft.Office.Visio.Server.ServiceWrapper.GetVectorDiagram(String visioFileUrl, Int32 pageNumber, Boolean disableRefresh, AddonDataSource[] dataSources)
   at Microsoft.Office.Visio.Server.GetDiagramAsyncTask.GetVectorDiagram()

Obviously the current user is not "anonymous", so it must be some local windows user which doesn't have the rights to access something which triggered this exception.  From the error message, we can tell it is from "Visio Graphics Service", so I checked the service account through Central Administration:

This means, by default, the service account is the one of "SharePoint Web Service Default" application pool.
Then I checked it through IIS manager (inetmgr.exe) from the SharePoint server:


It's local windows user "LocalService"!  Everything is clear now.

To fix it is quite easy. Create a application pool for "Visio Graphics Service":

Then reboot the service:

Done.

PS:  5 steps to enable workflow visualization:
1. Install and configure Visio Graphics Service from Central Administration site. Make sure the service account is a domain account which has enough rights; please click here for permission details.
2. Activate the Visio Web Access farm feature;
3. Activate the SharePoint Server Enterprise Site Collection features;
4. Install Silverlight on IE;
5. Tick the "Show workflow visualization on status page" checkbox from SharePoint designer -> workflow settings;

No comments:

Post a Comment