We have
one SharePoint 2013 list that has an out of box SharePoint 2010 approval workflow running. The workflow has an
AD group as approval. The AD group has 66 users across five different AD domains.
The workflow was running fine for years until recently. Now it did not create
all tasks for 66 everyone. Instead it only created 62 tasks and four tasks were
missing. In addition, here are some other interesting findings.
- If we add all 66 users individually to the workflow approval field, all tasks created for everyone
- If we separate the large AD group to three AD groups evenly, and add the three AD groups to the workflow approval field, all tasks created for everyone
- We have different larger AD group with 300 people and it create all 300 tasks for everyone
- Many workflows with different large AD group as approval have similar issues
- Some users do not have proper display names but have userID as display name
- We have another group with 105 users and it only create 102 tasks as in the following screenshot
There
three different exceptions in ULS logs for workflows.
1. The first one is transaction timeout.
“Error
in persisting workflow: System.Transactions.TransactionAbortedException: The
transaction has aborted. ---> System.TimeoutException: Transaction
Timeout -
--
End of inner exception stack trace ---
at
System.Transactions.TransactionStateAborted.CreateAbortingClone(InternalTransaction
tx)
at
System.Transactions.DependentTransaction..ctor(IsolationLevel isoLevel,
InternalTransaction internalTransaction, Boolean blocking)
at
System.Transactions.Transaction.DependentClone(DependentCloneOption
cloneOption)
at
System.Transactions.TransactionScope.SetCurrent(Transaction
newCurrent)
at
System.Transactions.TransactionScope..ctor(TransactionScopeOption
scopeOption)
at
Microsoft.SharePoint.Workflow.SPWinOePersistenceService.Commit(Transaction
transaction, ICollection items)”
2. The
second is group cannot be found.
SharePoint
Foundation General 8vid Verbose Could not initialize group data from https://sharepointdev.mycompany.com/mydepart/Finance/SalesCert:
Microsoft.SharePoint.SPException: Group cannot be found.
c7a11c9d-0430-e0c9-8fa7-25092a0dc879
3. The
third one is some users is treated as window account not claims.
SharePoint
Foundation Security ahluw Verbose Entering: GetByLoginNoThrow(user1@qca.mycompany.com)
c7a11c9d-0430-e0c9-8fa7-25092a0dc879
SharePoint
Foundation Security ahluz Verbose Exiting: GetByLoginNoThrow(user1@qca.mycompany.com)
c7a11c9d-0430-e0c9-8fa7-25092a0dc879
Based on the three exceptions, we
tried to increase the workflow time out and the SharePoint timeout, however,
the issue was not resolved. We also tried to create same workflow in different SharePoint farm, different web application, different site, with different AD groups, different number of users in the AD group, and different Domain controller. The workflow failed inconsistently.
Finally we suspect there might be a issue to get ALL the users from the group during the workflow execution. We had seen SharePoint people picker performance issue before on SharePoint 2007. As a result, we set the SharePoint people picker AD search property to help the AD query. The syntax is as below.
stsadm
-o setproperty -pn peoplepicker-searchadforests -pv "forest:corp.mycompany.com;domain:na.
mycompany.com;domain:ap. mycompany.com;domain:sa. mycompany.com;domain:mea. mycompany.com;domain:eu.
mycompany.com" -url https://webapp.mycompany.com
stsadm
-o getproperty -pn peoplepicker-searchadforests –url https://webapp.mycompany.com
After this configuration, all the workflows are able to create all tasks for every approval!