SharePoint Subscription Edition/BDC - The Business Data Connectivity Metadata Store unavailable

Copper Contributor

Hey Community,

 

today I encountered a problem with a customers SharePoint Server (running Subscription Edition).

The customer uses five WebApplications with one of them for MySite, and the other four as collaboration applications for projects, service management and such.

 

The customers wants to use the Business Data Connectivity Service Application to link a SQL datatabase to one of his sharepoints list via external content types.

 

If the customer uses SharePoint Designer 2013 and navigates to External Content Types the error "Business Data Connectivity Metadata Store is currently unavailable". If the customer then tries to add a new External Content Type the error "This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server." pops up.

 

So i began checking if the BDC service is associated with the webapplication that he's trying to add a new connection to - service application associations are correct.

Next thing is i checked on permissions with the BDC, everything seems to be set up correct.

After that I tried accessing the _vti_bin/BDC.svc - with no problems I comes up in browser right away, no errors with the certificate.

 

So I dug out a couple of registry entries to see if SchUseStrongCrypto is set, so it uses TLS1.2 and 1.3 instead of the unsecure old stuff, and everything seems to be set up correctly aswell.

 

From there I went to Managed Metadata Service and Secure Store Service, checking on permission, BDC-Service-Account has the permissions to access that services aswell, and they're working properly.

 

Finally I set up a new web application listening on non-ssl (http://bdc.companyname.com/) and with NTLM auth instead of Kerberos. Then created a fresh site collection for testing BDC without HTTPS, Kerberos and certificates.

Launched the SharePoint Designer 2013 and could access the External Content Types tab without any problem. So I then put the wildcard-certificate for all the other webapps in place for my new webapplication bdc.companyname.com and set the listening port to 443.

After that the External Content Types stopped working with the same error as mentioned above, no connection to the bdc-service whatsoever.

 

The certificate is from a companywide certificate authority and is trusted on all clients and servers accessing sharepoint and its services.

 

Is there something wrong with the setup of that certificate?

 

ULS-Logs throws a 401 on https://a.companyname.com/sites/{site}/_vti_bin/BDC.svc when I try to launch the External Content Types in SharePoint Designer 2013.

 

If anyone has encountered this phenomenon before, please hit me up ;)

 

Facts again:

Autentication: Negotiate (Kerberos)

Product: Microsoft SharePoint Subscription Edition

Farm-Type: Single Server (Custom)

Service not working properly: Business Data Connectivity Service

Webapplication: SSL-secured with a wildcard-certificate (*.companyname.com) RSA 4096 SHA-256

 

0 Replies