http://blogs.technet.com/b/sykhad-msft/archive/2012/02/25/sharepoint-2010-nailing-the-error-quot-the-security-token-service-is-unavailable-quot.aspx

First of all let’s talk about STS (Security Token Service)

  • An STS is a specialized Web service that is designed to respond to requests for security tokens and provide identity management. The core functionality of every STS is the same, but the nature of the tasks that each STS performs depends on the role the STS plays in relation to the other STS Web services in your design. (refer-http://technet.microsoft.com/en-us/library/ee806864.aspx)
  • STS is neither a SharePoint service, nor a window service, but actually a WCF web service
  • Many SharePoint Services like User Profile Sync Service, SharePoint Search Service are Claims aware and such SharePoint Services will need STS to be up and running in a stable condition
  • Let's take Search as an example: Let's take a case where Query Component is hosted on the App Server and a User hits the WFE and performs a Search. In this case the WFE will communicate with the Query Component on the App Server by making use of its STS to get the Claim, and the same is sent to the App Server. Without STS working, this communication will not be possible.
  • Also User Profile Synchronization Service (UPSS) cannot start if the STS is not in a healthy condition
  • Not only SharePoint Services, even Web Applications will require STS to be working for the Intra/Inter Farm Authentication.
  • The below figure shows that within a SharePoint Farm the Intra/Inter Farm Authentication happens using Claims Authentication, and since it uses Claims Authentication, it is more than required for the STS to be working

I have seen numerous cases where the UPSS fails to start because of the unavailability of the STS. In such cases you can also see following errors logged:

In SharePoint Health Analyzer: "The Security Token Service is unavailable"

In SharePoint ULS logs while starting UPSS, errors like:

  • An exception occurred when trying to issue security token: The server did not provide a meaningful reply; this might be caused by a contract mismatch, a premature session shutdown or an internal server error (OR)

You may not see all the errors as shown above, I'm just trying to collate the common errors seen while starting UPSS when STS is broken.

To troubleshoot such issues, it will be good to check if we can browse to the STS Web Service page.

To browse you have to go to IIS Manager --> Sites --> SharePoint WebServices --> SecurityTokenServiceApplication, click on 'Content View' down at the bottom, right click on Securitytoken.svc and click Browse (as shown below)

The expected page to see if STS is working will be as shown below:

As long as you get the above message while browsing, be sure that the STS is working just fine. In cases where STS is broken, you will not be able to browse to the above web service. You will get errors like Server Error in '\' Application, or Internet Explorer cannot display the web page etc.

How to fix STS?

Step One:

Right click on the SecurityTokenServiceApplication and click Explore, copy the web.config and compare the file with the file attached, which is completely out of the box with no modifications. If you find a lot of changes in the web.config file on your Farm with that of mine, replace the file on SecurityTokenServiceApplication(please also have the copy of the original web.config), perform an IIS reset and check if the STS page comes as expected

Step Two:

A BIG Thank You! To Abhishek Saigal (one of the finest resource in SharePoint Admin world) who came up with this fix, which has a success rate of 99.99%

I have tried this fix on numerous User Profile cases where UPSS could never start due to broken STS, and after STS was fixed UPSS started like a charm!

The below PowerShell commands re-provisions all the SharePoint Web Services, and this is one of the safest way to get the STS working.

There is no need to be afraid of losing any data/applications on SharePoint while/after running the below commands

Run the following commands one by one on SharePoint PowerShell:

$h = Get-SPServiceHostconfig

$h.Provision()

$services = Get-SPServiceApplication

foreach ($service in $services) { $service.provision();
write-host $service.name}

The output will look something like shown below:

Perform an IIS Reset and give another shot to browse the STS, and I'm sure you will see positive results!

Once the STS page is accessible successfully, try and start the UPSS one more time and very likely the UPSS will start successfully.

I'll be surprised to see if this fix fails and be more than happy to help you fix it!

SharePoint 2010: Nailing the error "The Security Token Service is unavailable"的更多相关文章

  1. sharepoint 2010 创建自定义的ASP.NET Web Service (上)

    项目背景 根据客户需求在SharePoint 2010 中创建自定义的ASP.NET Web Service可以分为3种方式(我所知道的).废话少说,下面一一列举: 创建方式 MSDN 官方博客自己的 ...

  2. Developing a Custom Membership Provider from the scratch, and using it in the FBA (Form Based Authentication) in SharePoint 2010

    //http://blog.sharedove.com/adisjugo/index.php/2011/01/05/writing-a-custom-membership-provider-and-u ...

  3. {sharepoint} More on SharePoint 2010 Application Pools

    More on SharePoint 2010 Application Pools Print | posted on Friday, December 04, 2009 3:26 PM Blimey ...

  4. Upgrade from SharePoint 2010 to SharePoint 2016

    [转]http://nikcharlebois.com/upgrade-from-sharepoint-2010-to-sharepoint-2016/ In this blog, I will go ...

  5. SharePoint 2010 出错! HTTP Error 503. The service is unavailable

    转:http://544729.blog.51cto.com/534729/464087 昨天,公司的sharepoint 2010 无法打开,提示HTTP Error 503. The servic ...

  6. Searching External Data in SharePoint 2010 Using Business Connectivity Services

    from:http://blogs.msdn.com/b/ericwhite/archive/2010/04/28/searching-external-data-in-sharepoint-2010 ...

  7. SharePoint 2010 配置基于MemberShip的身份验证

    场景:通常需要为sharepoint打通其他的系统整合到sharepoint认证,ad通常是为内部域用户,外网访问的可以使用membership来登录,那么这个既可以内部用户访问,外部用户也可以访问 ...

  8. 安装InfoPath 2013后 SharePoint 2010 出现 “找不到 Microsoft.Office.InfoPath, Version=14.0.0....” 的错误的解决方案

    1. 症状 您的SharePoint 2010的服务器是不是最近一直出现这个错误呢? Could not load file or assembly 'Microsoft.Office.InfoPat ...

  9. Sharepoint 2010 工作流启动时处理表单出错

    问题: Shareoint 2010 列表工作流启动时,显示“处理表单时出现严重错误”. Error Message-1: Object doesn't support property or met ...

随机推荐

  1. js数组冒泡排序,快速排序的原理以及实现

    冒泡排序: 随便从数组中拿一位数和后一位比较,如果是想从小到大排序,那么就把小的那一位放到前面,大的放在后面,简单来说就是交换它们的位置,如此反复的交换位置就可以得到排序的效果. var arr = ...

  2. 用live writer写博客

    一.软件准备: 最新版的是Windows Live Writer 2012,但是不提供单独的安装包,它是和微软其它软件一起的(包括MSN.Window Move Maker等),软件大小为131M,官 ...

  3. 浅谈C++的this指针

    之所以写这篇文章,主要是为了回答网友 zhancaihua123同学的下面几个问题: father* p=new son;p->disp(...);father是父类,son是子类.disp是一 ...

  4. intellij 调试方法

    intellij 调试方法 转自 http://www.th7.cn/Program/net/201410/296492.shtml

  5. Direct2D开发:绘制网格

    转载请注明出处:http://www.cnblogs.com/Ray1024 一.引言 最近在使用Direct2D进行绘制工作中,需要实现使用Direct2D绘制网格的功能.在网上查了很多资料,终于实 ...

  6. mysql如何更改数据库名(一键实现mysql改数据库名)

    由于某种原因,有时我们有可能需要数据库的名称,但是不像官方有rename可以去更改表名,并没有一个命令可以去更新数据库的名字. 思路:借助rename这个命令 基本操作:rename olddb.ta ...

  7. [Solution] Microsoft Windows 服务(1) C#创建Windows服务

    Microsoft Windows 服务(即,以前的 NT 服务)使您能够创建在它们自己的 Windows 会话中可长时间运行的可执行应用程序.这些服务可以在计算机启动时自动启动,可以暂停和重新启动而 ...

  8. Entity FrameWork 增删查改的本质

    之前的文章里面已经说了,EF的增删查改.那时候的修改,删除,只能是先查询出来要修改的数据,再修改,删除...现在来一个改进版的,增删查改. 1.Add static void Add() { //1. ...

  9. SQLServer获取临时表所有列名或是否存在指定列名的方法

    获取临时表中所有列名 select name from tempdb.dbo.syscolumns where id=object_id( '#TempTB') 判断临时表中是否存在指定列名 if c ...

  10. 2016年5月11日摘自知乎的一些Redis大概了解

    1. 知乎日报的基础数据和统计信息是用 Redis 存储的,这使得请求的平均响应时间能在 10ms 以下.其他数据仍然需要存放在另外的地方,其实完全用 Redis 也是可行的,主要的考量是内存占用.就 ...