SharePoint 2010: Nailing the error "The Security Token Service is unavailable"
First of all let’s talk about STS (Security Token Service)
- An STS is a specialized Web service that is designed to respond to requests for security tokens and provide identity management. The core functionality of every STS is the same, but the nature of the tasks that each STS performs depends on the role the STS plays in relation to the other STS Web services in your design. (refer-http://technet.microsoft.com/en-us/library/ee806864.aspx)
- STS is neither a SharePoint service, nor a window service, but actually a WCF web service
- Many SharePoint Services like User Profile Sync Service, SharePoint Search Service are Claims aware and such SharePoint Services will need STS to be up and running in a stable condition
- Let's take Search as an example: Let's take a case where Query Component is hosted on the App Server and a User hits the WFE and performs a Search. In this case the WFE will communicate with the Query Component on the App Server by making use of its STS to get the Claim, and the same is sent to the App Server. Without STS working, this communication will not be possible.
- Also User Profile Synchronization Service (UPSS) cannot start if the STS is not in a healthy condition
- Not only SharePoint Services, even Web Applications will require STS to be working for the Intra/Inter Farm Authentication.
- The below figure shows that within a SharePoint Farm the Intra/Inter Farm Authentication happens using Claims Authentication, and since it uses Claims Authentication, it is more than required for the STS to be working
I have seen numerous cases where the UPSS fails to start because of the unavailability of the STS. In such cases you can also see following errors logged:
In SharePoint Health Analyzer: "The Security Token Service is unavailable"
In SharePoint ULS logs while starting UPSS, errors like:
- An exception occurred when trying to issue security token: The server did not provide a meaningful reply; this might be caused by a contract mismatch, a premature session shutdown or an internal server error (OR)
- Request for security token failed with exception: System.ServiceModel.ServiceActivationException: The requested service,'http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc/actas' could not be activated (OR)
- An exception occurred when trying to issue security token: The requested service,'http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc/actas' could not be activated
You may not see all the errors as shown above, I'm just trying to collate the common errors seen while starting UPSS when STS is broken.
To troubleshoot such issues, it will be good to check if we can browse to the STS Web Service page.
To browse you have to go to IIS Manager --> Sites --> SharePoint WebServices --> SecurityTokenServiceApplication, click on 'Content View' down at the bottom, right click on Securitytoken.svc and click Browse (as shown below)
The expected page to see if STS is working will be as shown below:
As long as you get the above message while browsing, be sure that the STS is working just fine. In cases where STS is broken, you will not be able to browse to the above web service. You will get errors like Server Error in '\' Application, or Internet Explorer cannot display the web page etc.
How to fix STS?
Step One:
Right click on the SecurityTokenServiceApplication and click Explore, copy the web.config and compare the file with the file attached, which is completely out of the box with no modifications. If you find a lot of changes in the web.config file on your Farm with that of mine, replace the file on SecurityTokenServiceApplication(please also have the copy of the original web.config), perform an IIS reset and check if the STS page comes as expected
Step Two:
A BIG Thank You! To Abhishek Saigal (one of the finest resource in SharePoint Admin world) who came up with this fix, which has a success rate of 99.99%
I have tried this fix on numerous User Profile cases where UPSS could never start due to broken STS, and after STS was fixed UPSS started like a charm!
The below PowerShell commands re-provisions all the SharePoint Web Services, and this is one of the safest way to get the STS working.
There is no need to be afraid of losing any data/applications on SharePoint while/after running the below commands
Run the following commands one by one on SharePoint PowerShell:
$h = Get-SPServiceHostconfig
$h.Provision()
$services = Get-SPServiceApplication
foreach ($service in $services) { $service.provision();
write-host $service.name}
The output will look something like shown below:
Perform an IIS Reset and give another shot to browse the STS, and I'm sure you will see positive results!
Once the STS page is accessible successfully, try and start the UPSS one more time and very likely the UPSS will start successfully.
I'll be surprised to see if this fix fails and be more than happy to help you fix it!
SharePoint 2010: Nailing the error "The Security Token Service is unavailable"的更多相关文章
- sharepoint 2010 创建自定义的ASP.NET Web Service (上)
项目背景 根据客户需求在SharePoint 2010 中创建自定义的ASP.NET Web Service可以分为3种方式(我所知道的).废话少说,下面一一列举: 创建方式 MSDN 官方博客自己的 ...
- Developing a Custom Membership Provider from the scratch, and using it in the FBA (Form Based Authentication) in SharePoint 2010
//http://blog.sharedove.com/adisjugo/index.php/2011/01/05/writing-a-custom-membership-provider-and-u ...
- {sharepoint} More on SharePoint 2010 Application Pools
More on SharePoint 2010 Application Pools Print | posted on Friday, December 04, 2009 3:26 PM Blimey ...
- Upgrade from SharePoint 2010 to SharePoint 2016
[转]http://nikcharlebois.com/upgrade-from-sharepoint-2010-to-sharepoint-2016/ In this blog, I will go ...
- SharePoint 2010 出错! HTTP Error 503. The service is unavailable
转:http://544729.blog.51cto.com/534729/464087 昨天,公司的sharepoint 2010 无法打开,提示HTTP Error 503. The servic ...
- Searching External Data in SharePoint 2010 Using Business Connectivity Services
from:http://blogs.msdn.com/b/ericwhite/archive/2010/04/28/searching-external-data-in-sharepoint-2010 ...
- SharePoint 2010 配置基于MemberShip的身份验证
场景:通常需要为sharepoint打通其他的系统整合到sharepoint认证,ad通常是为内部域用户,外网访问的可以使用membership来登录,那么这个既可以内部用户访问,外部用户也可以访问 ...
- 安装InfoPath 2013后 SharePoint 2010 出现 “找不到 Microsoft.Office.InfoPath, Version=14.0.0....” 的错误的解决方案
1. 症状 您的SharePoint 2010的服务器是不是最近一直出现这个错误呢? Could not load file or assembly 'Microsoft.Office.InfoPat ...
- Sharepoint 2010 工作流启动时处理表单出错
问题: Shareoint 2010 列表工作流启动时,显示“处理表单时出现严重错误”. Error Message-1: Object doesn't support property or met ...
随机推荐
- Visual Studio 2013开启JavaScript的智能提示功能
在前一次的发布的时候,我们共享了Visual Studio 2013中Windows Azure移动服务的集成和功能.其中包含了移动服务表脚本的编辑能力的介绍.这一次的发布,我们将描述在Visual ...
- IBM powerVM VIOS
引言 随着信息化技术不断发展,各个企业 IT 基础架构也在不断朝向虚拟化,大数据,云计算等精简,整合的趋势发展.虚拟化技术就显得尤为重要.今天要给大家介绍的是 Power 服务器虚拟化技术中的一小部分 ...
- spark 编译
http://blog.csdn.net/zyj8170/article/details/44678405
- Android之startActivityForResult的使用
在Android中startActivityForResult主要作用就是: A-Activity需要在B-Activtiy中执行一些数据操作,而B-Activity又要将,执行操作数据的结果返回给A ...
- 爬虫技术 -- 基础学习(一)HTML规范化(附特殊字符编码表)
最近在做网页信息提取这方面的,由于没接触过这系列的知识点,所以逛博客,看文档~~看着finallyly大神的博文和文档,边看边学习边总结~~ 对网站页面进行信息提取,需要进行页面解析,解析的方法有以下 ...
- [转]提高 Linux 上 socket 性能,加速网络应用程序的 4 种方法
原文链接:http://www.ibm.com/developerworks/cn/linux/l-hisock.html 使用 Sockets API,我们可以开发客户机和服务器应用程序,它们可以在 ...
- [阅读]个人阅读作业week7
People-oriented in Agile People-oriented in Agile One Leader Prepare Good ideas from users People-or ...
- Ajax异步刷新分页功能-MySQL
1.Servlet中代码 /** 条件Map */ Map<String, Object> map=new HashMap<String, Object>(); /** 分页配 ...
- RCU-数据库初始化参数
C:\Windows\System32>sqlplus sys/As123456 as sysdba SQL> show parameter processes; SQL> shut ...
- .Net一般处理程序来实现用户名的验证
一般处理程序 在说一般处理程序之前,先来看看什么是aspx.在vs中,使用的大多是aspx页面.aspx页面就是在接收到一个请求之后,将返回的结果生成一个html页面返回给服务器.当我们有时候需要自己 ...