11 March, 2012

Security token service is not available

After installing SharePoint Foundation 2010 I noticed a warning in the Central Admin > Review problems and solutions report that the Security Token Service is not available.

The Security Token Service is not available.
The Security Token Service is not issuing tokens. The service could be malfunctioning or in a bad state.
SP Security Token Service (Security Token Service)

This issue happends becuase of the following symptons:

-The following error appears in the SharePoint server’s event log every hour:
“An error occurred while receiving the HTTP response to http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc. This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details.”
-Users are unable to log in to SharePoint sites protected by claims authentication.

Probable causes:
1.A required WCF hotfix has not been installed on the SharePoint server
2.Authentication for the SecureTokenServiceApplication is not configured properly in IIS.
3.The web.config file of the SecureTokenServiceApplication contains invalid data
4.The SecureTokenServiceApplication is not provisioned properly.

Resolution:
We have followed the microsoft suggested guidelines and the issue has been resolved:
1.Missing WCF Hotfix: If the server is running Windows Server 2008 SP2, please ensure that the hotfix mentioned at http://support.microsoft.com/kb/971831 is installed. If the server is running Windows Server 2008 R2, the hotfix mentioned at http://support.microsoft.com/kb/976462 must be installed.

2.Incorrect Authentication Settings: Please ensure that the authentication settings for the SecureTokenServiceApplication are correctly configured by completing the following steps:
a) Open IIS Manager
b) Expand “Sites”
c) Expand “SharePoint Web Services”
d) Select “SecurityTokenServiceApplication”
e) From the “Features” pane, double click on “Authentication” under “IIS”
f) Right click “Forms Authentication” and select “Disable”
g) The authentication settings page should only have Windows and Anonymous access enable for the security token service to issue tokens properly (and for claims authentication to work properly)

3.Incorrect data in the configuration file: Please review the web.config file of the secure token service application and compare it to a web.config file from a "working" secure token service application.

4.SecureTokenServiceApplication not provisioned: Use the following power shell commands to provision the secure token service application
$sts = Get-SPServiceApplication | ?{$_ -match "Security"}
$sts.Status
$sts.Provision()

If you have any queries/questions regarding the above mentioned information then please let me know. I would be more than happy to help you as well as resolves your issues, Thank you.

3 comments:

  1. Hi for our sharepoint web application is integrated wth site minder(CA) fedartion.but the problem we are facing when we are using our credential in some cases it's getting success to enter in to the site and in some cases we are getiing time out error like as below "SecurityTokenServiceApplication/securitytoken.svc' has exceeded the allotted timeout of 00:00:59.9980000. The time allotted to this operation may have been a portion of a longer timeout" so please help us why it's taking so much time .If we increase the time out value then we know that time out issue will be resolved but in our case we want fast responce for the site

    ReplyDelete
  2. really nice blog it solved my problem for event id 8306......
    thank you..........

    ReplyDelete
  3. None of the those fix actions worked. I also ran an repair install on sharepoint 2010. I hope you can help me fix this problem. Ran thru all the fix actions listed on the web.

    ReplyDelete

Your feedback is always appreciated. I will try to reply to your queries as soon as possible- Amol Ghuge

Note: Only a member of this blog may post a comment.