none
Security Token Service

    Question

  • Looked high and low for answer and coming up blank. SP 2010 std on 2008 SP2 x64

     

    Error: The SharePoint Health Analyzer detected a condition requiring your attention.  The Security Token Service is not available.
    The Security Token Service is not issuing tokens. The service could be malfunctioning or in a bad state.
    Administrator should try to restart the Security Token Service on the boxes where it is not issuing tokens. If problem persists, further troubleshooting may be available in the KB article. For more information about this rule, see "http://go.microsoft.com/fwlink/?LinkID=160531".

    and

    An exception occurred when trying to issue security token: There was no endpoint listening at http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc/actas that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details..

     

    Edited the web.config and got the token decryption working,re-re-re verified settings for the SPTrustedIdentityTokenIssuer, Checked IIS ensured application pool is running for SharePoint Web Services, checked the security token service application was started in Sharepoint, (as a guest installed FS agents on the machine, looking at the directory I can sec securitytoken ( not entirely sure what "\actas" is).Thrown every hotfix I can find at it, all of them say they don't apply to your system. No errors on the client or ADFS 2.0.

     

    test client sees: 404

    There was no endpoint listening at http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.]
       System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) +10259418

     

    At this point most of my hair is gone, anyone seen this before?

     

    Pete

    Friday, July 09, 2010 12:43 AM

Answers

  • I had the opportunity to talk to someone on the share point team at Microsoft. When I asked how to get it working they said "the only people who are using Federated services in the industry is the internal federated service team." He said to keep it simple:

    1. Stand up a new forest/domain  

    2. Enable a one way trust between the internal forest and the new forest. 

    3. All accounts that would have been serviced by FS will live in the external domain.

     

    Downside, is having to redo any complex GPOs that exist in the internal domain to the external domain. Added administration of new forest.

    Upside not having to call MS on how to get this fixed, dealing with bugs/patches since the end user is QA. Two factor Auth can be implemented easily since using a standard config, ____ all sorts of plugins will work since this is a standard install.

    Thursday, August 12, 2010 5:15 PM

All replies

  • Friday, July 09, 2010 8:03 AM
  • When I access http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc I recieve 404.

     

    I tried hotfixes Windows6.0-KB971831-x64 and Windows6.1-KB976462-v2-x64 (the one listed in the post) both say "This update does not apply to your system".

    Friday, July 09, 2010 3:56 PM
  • Hi!

    I have almost the same problem, atleast it behaves the same way.

    Although I don't get the error message "There was no endpoint ..." but instead I get

    "An exception occurred when trying to issue security token: The requested service, 'http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc' could not be activated. See the server's diagnostic trace logs for more information.."

    Did you fins a solution to your problem? I have installed all the hotfixes I can find by now!

    Regards,

    Tara

    Thursday, August 05, 2010 12:24 PM
  • Hi,

     

    I also am expirencing the same issues as above. ("An exception occurred when trying to issue security token: The requested service, 'http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc' could not be activated. See the server's diagnostic trace logs for more information.." )

    On navigating to http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc

    from the server I get the below error. 

    I have tried to install the hotfis as described above but I get 'This update is not appliable to you computer'

    which I expected as I'm running SVR08 - R2 x64 | Sharepoint 2010 std

    This Article may be of intrest : http://blogs.msdn.com/b/sowmyancs/archive/2010/07/16/sharepoint-2010-service-applications-bcs-metadata-access-service-are-not-working.aspx

    I have followed the above links procedure as it related to the Token service issue with no resolution!

    ============================

    The farm is unavailable. body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;} p {font-family:"Verdana";font-weight:normal;color:black;margin-top: -5px} b {font-family:"Verdana";font-weight:bold;color:black;margin-top: -5px} H1 { font-family:"Verdana";font-weight:normal;font-size:18pt;color:red } H2 { font-family:"Verdana";font-weight:normal;font-size:14pt;color:maroon } pre {font-family:"Lucida Console";font-size: .9em} .marker {font-weight: bold; color: black;text-decoration: none;} .version {color: gray;} .error {margin-bottom: 10px;} .expandable { text-decoration:underline; font-weight:bold; color:navy; cursor:hand; }

    Server Error in '/SecurityTokenServiceApplication' Application.

    The farm is unavailable.

    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

    Exception Details: System.InvalidOperationException: The farm is unavailable.

    Source Error:

    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

    Stack Trace:

    [InvalidOperationException: The farm is unavailable.]
     Microsoft.SharePoint.Administration.Claims.SPSecurityTokenServiceManager.get_Local() +302
     Microsoft.SharePoint.IdentityModel.SPSecurityTokenServiceConfiguration..ctor() +27
    
    [TargetInvocationException: Exception has been thrown by the target of an invocation.]
     System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck) +0
     System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache) +86
     System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) +230
     System.Activator.CreateInstance(Type type, Boolean nonPublic) +67
     System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) +1051
     System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) +111
     Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceHostFactory.CreateSecurityTokenServiceConfiguration(String constructorString) +98
     Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceHostFactory.CreateServiceHost(String constructorString, Uri[] baseAddresses) +43
     Microsoft.SharePoint.IdentityModel.SPSecurityTokenServiceHostFactory.CreateServiceHost(String constructorString, Uri[] baseAddresses) +37
     System.ServiceModel.HostingManager.CreateService(String normalizedVirtualPath) +11732204
     System.ServiceModel.HostingManager.ActivateService(String normalizedVirtualPath) +42
     System.ServiceModel.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath) +479
    
    [ServiceActivationException: The service '/SecurityTokenServiceApplication/securitytoken.svc' cannot be activated due to an exception during compilation. The exception message is: Exception has been thrown by the target of an invocation..]
     System.ServiceModel.AsyncResult.End(IAsyncResult result) +11601706
     System.ServiceModel.Activation.HostedHttpRequestAsyncResult.End(IAsyncResult result) +194
     System.ServiceModel.Activation.ServiceHttpModule.EndProcessRequest(IAsyncResult ar) +42
     System.Web.AsyncEventExecutionStep.OnAsyncEventCompletion(IAsyncResult ar) +8679379
    

     

    ============================

     

    Regards

    Jon

    • Edited by jon.skoyles Monday, August 09, 2010 4:29 PM Missed something
    Monday, August 09, 2010 4:23 PM
  • I had the opportunity to talk to someone on the share point team at Microsoft. When I asked how to get it working they said "the only people who are using Federated services in the industry is the internal federated service team." He said to keep it simple:

    1. Stand up a new forest/domain  

    2. Enable a one way trust between the internal forest and the new forest. 

    3. All accounts that would have been serviced by FS will live in the external domain.

     

    Downside, is having to redo any complex GPOs that exist in the internal domain to the external domain. Added administration of new forest.

    Upside not having to call MS on how to get this fixed, dealing with bugs/patches since the end user is QA. Two factor Auth can be implemented easily since using a standard config, ____ all sorts of plugins will work since this is a standard install.

    Thursday, August 12, 2010 5:15 PM