We have one SharePoint 2013 list that has an out of box SharePoint 2010 approval workflow running. The workflow has an AD group as approval. The AD group has 66 users across five different AD domains. The workflow was running fine for years until recently. Now it did not create all tasks for 66 everyone. Instead it only created 62 tasks and four tasks were missing. In addition, here are some other interesting findings.
- If we add all 66 users individually to the workflow approval field, all tasks created for everyone
- If we separate the large AD group to three AD groups evenly, and add the three AD groups to the workflow approval field, all tasks created for everyone
- We have different larger AD group with 300 people and it create all 300 tasks for everyone
- Many workflows with different large AD group as approval have similar issues
- Some users do not have proper display names but have userID as display name
- We have another group with 105 users and it only create 102 tasks as in the following screenshot
There three different exceptions in ULS logs for workflows.
1. The first one is transaction timeout.
“Error in persisting workflow: System.Transactions.TransactionAbortedException: The transaction has aborted. ---> System.TimeoutException: Transaction Timeout -
-- End of inner exception stack trace ---
at System.Transactions.TransactionStateAborted.CreateAbortingClone(InternalTransaction tx)
at System.Transactions.DependentTransaction..ctor(IsolationLevel isoLevel, InternalTransaction internalTransaction, Boolean blocking)
at System.Transactions.Transaction.DependentClone(DependentCloneOption cloneOption)
at System.Transactions.TransactionScope.SetCurrent(Transaction newCurrent)
at System.Transactions.TransactionScope..ctor(TransactionScopeOption scopeOption)
at Microsoft.SharePoint.Workflow.SPWinOePersistenceService.Commit(Transaction transaction, ICollection items)”
2. The second is group cannot be found.
SharePoint Foundation General 8vid Verbose Could not initialize group data from https://sharepointdev.mycompany.com/mydepart/Finance/SalesCert: Microsoft.SharePoint.SPException: Group cannot be found. c7a11c9d-0430-e0c9-8fa7-25092a0dc879
3. The third one is some users is treated as window account not claims.
SharePoint Foundation Security ahluw Verbose Entering: GetByLoginNoThrow(firstname.lastname@example.org) c7a11c9d-0430-e0c9-8fa7-25092a0dc879
SharePoint Foundation Security ahluz Verbose Exiting: GetByLoginNoThrow(email@example.com) c7a11c9d-0430-e0c9-8fa7-25092a0dc879
Based on the three exceptions, we tried to increase the workflow time out and the SharePoint timeout, however, the issue was not resolved. We also tried to create same workflow in different SharePoint farm, different web application, different site, with different AD groups, different number of users in the AD group, and different Domain controller. The workflow failed inconsistently.
Finally we suspect there might be a issue to get ALL the users from the group during the workflow execution. We had seen SharePoint people picker performance issue before on SharePoint 2007. As a result, we set the SharePoint people picker AD search property to help the AD query. The syntax is as below.
stsadm -o setproperty -pn peoplepicker-searchadforests -pv "forest:corp.mycompany.com;domain:na. mycompany.com;domain:ap. mycompany.com;domain:sa. mycompany.com;domain:mea. mycompany.com;domain:eu. mycompany.com" -url https://webapp.mycompany.com
You could verify the configuration using the following command.
stsadm -o getproperty -pn peoplepicker-searchadforests –url https://webapp.mycompany.com
After this configuration, all the workflows are able to create all tasks for every approval!