I have published my user profile service application and my search service application from one farm which hosts mysites to another farm which is just for collaboration. I would like to be able to follow sites on the collaboration farm and they show up on the list of followed sites on the mysites farm.
I can follow sites on the mysites farm but I get an error when trying to follow a site on the collaboration farm. The ULS logs on the collaboration farm has the following:
FollowedContent.FollowItem:Exception:System.Net.WebException: The remote server returned an error: (401) Unauthorized. at System.Net.HttpWebRequest.GetResponse() at Microsoft.SharePoint.Client.SPWebRequestExecutor.Execute() at Microsoft.SharePoint.Client.ClientRequest.ExecuteQueryToServer(ChunkStringBuilder sb) at Microsoft.Office.Server.UserProfiles.FollowedContentProxy.Execute(String methodName) at Microsoft.Office.Server.UserProfiles.FollowedContent.FollowItem(FollowedItem item, Boolean isInternal)
But I could see in my iis logs on the mysite farm that a query was trying to take place but a was 401 returned:
POST /personal/domain_userid/_vti_bin/client.svc/ProcessQuery - 80 - xxx.xxx.xxx.xxx - 401 2 5 109
POST /personal/domain_userid/_vti_bin/client.svc/ProcessQuery - 80 - xxx.xxx.xxx.xxx - 401 0 0 93
Running a packet sniffer on the mysite farm I was able to dig a little deeper on the actual error:
{"error_description":"Invalid JWT token. Could not resolve issuer token."}
and the response also had a header of:
x-ms-diagnostics: 3000006;reason="Token contains invalid signature.";category="invalid_client"
It seems like my claim is not transferring properly to the other farm. Both farms are using windows claims with NTLM.
Any thoughts on next troubleshooting steps or how to resolve? Thanks!
