Security Token Service

Question

Looked high and low for answer and coming up blank. SP 2010 std on 2008 SP2 x64

 

Error: The SharePoint Health Analyzer detected a condition requiring your attention.  The Security Token Service is not available.
The Security Token Service is not issuing tokens. The service could be malfunctioning or in a bad state.
Administrator should try to restart the Security Token Service on the boxes where it is not issuing tokens. If problem persists, further troubleshooting may be available in the KB article. For more information about this rule, see "http://go.microsoft.com/fwlink/?LinkID=160531".

and

An exception occurred when trying to issue security token: There was no endpoint listening at http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc/actas that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details..

 

Edited the web.config and got the token decryption working,re-re-re verified settings for the SPTrustedIdentityTokenIssuer, Checked IIS ensured application pool is running for SharePoint Web Services, checked the security token service application was started in Sharepoint, (as a guest installed FS agents on the machine, looking at the directory I can sec securitytoken ( not entirely sure what "\actas" is).Thrown every hotfix I can find at it, all of them say they don't apply to your system. No errors on the client or ADFS 2.0.

 

test client sees: 404

There was no endpoint listening at http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.]
   System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) +10259418

 

At this point most of my hair is gone, anyone seen this before?

 

Pete

Answer 1

Hi,

when you access the http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc do you get any errors?

Did you also install the hotfix for WCF: https://connect.microsoft.com/VisualStudio/Downloads/DownloadDetails.aspx?DownloadID=23806&wa=wsignin1.0

Regards

Answer 2

When I access http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc I recieve 404.

 

I tried hotfixes Windows6.0-KB971831-x64 and Windows6.1-KB976462-v2-x64 (the one listed in the post) both say "This update does not apply to your system".

Answer 3

Hi!

I have almost the same problem, atleast it behaves the same way.

Although I don't get the error message "There was no endpoint ..." but instead I get

"An exception occurred when trying to issue security token: The requested service, 'http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc' could not be activated. See the server's diagnostic trace logs for more information.."

Did you fins a solution to your problem? I have installed all the hotfixes I can find by now!

Regards,

Tara

Answer 4

Hi,

 

I also am expirencing the same issues as above. ("An exception occurred when trying to issue security token: The requested service, 'http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc' could not be activated. See the server's diagnostic trace logs for more information.." )

On navigating to http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc

from the server I get the below error. 

I have tried to install the hotfis as described above but I get 'This update is not appliable to you computer'

which I expected as I'm running SVR08 - R2 x64 | Sharepoint 2010 std

This Article may be of intrest : http://blogs.msdn.com/b/sowmyancs/archive/2010/07/16/sharepoint-2010-service-applications-bcs-metadata-access-service-are-not-working.aspx

I have followed the above links procedure as it related to the Token service issue with no resolution!

============================

The farm is unavailable. body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;} p {font-family:"Verdana";font-weight:normal;color:black;margin-top: -5px} b {font-family:"Verdana";font-weight:bold;color:black;margin-top: -5px} H1 { font-family:"Verdana";font-weight:normal;font-size:18pt;color:red } H2 { font-family:"Verdana";font-weight:normal;font-size:14pt;color:maroon } pre {font-family:"Lucida Console";font-size: .9em} .marker {font-weight: bold; color: black;text-decoration: none;} .version {color: gray;} .error {margin-bottom: 10px;} .expandable { text-decoration:underline; font-weight:bold; color:navy; cursor:hand; }

Server Error in '/SecurityTokenServiceApplication' Application.

---

The farm is unavailable.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.InvalidOperationException: The farm is unavailable.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[InvalidOperationException: The farm is unavailable.] Microsoft.SharePoint.Administration.Claims.SPSecurityTokenServiceManager.get_Local() +302 Microsoft.SharePoint.IdentityModel.SPSecurityTokenServiceConfiguration..ctor() +27 [TargetInvocationException: Exception has been thrown by the target of an invocation.] System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck) +0 System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache) +86 System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) +230 System.Activator.CreateInstance(Type type, Boolean nonPublic) +67 System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) +1051 System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) +111 Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceHostFactory.CreateSecurityTokenServiceConfiguration(String constructorString) +98 Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceHostFactory.CreateServiceHost(String constructorString, Uri[] baseAddresses) +43 Microsoft.SharePoint.IdentityModel.SPSecurityTokenServiceHostFactory.CreateServiceHost(String constructorString, Uri[] baseAddresses) +37 System.ServiceModel.HostingManager.CreateService(String normalizedVirtualPath) +11732204 System.ServiceModel.HostingManager.ActivateService(String normalizedVirtualPath) +42 System.ServiceModel.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath) +479 [ServiceActivationException: The service '/SecurityTokenServiceApplication/securitytoken.svc' cannot be activated due to an exception during compilation. The exception message is: Exception has been thrown by the target of an invocation..] System.ServiceModel.AsyncResult.End(IAsyncResult result) +11601706 System.ServiceModel.Activation.HostedHttpRequestAsyncResult.End(IAsyncResult result) +194 System.ServiceModel.Activation.ServiceHttpModule.EndProcessRequest(IAsyncResult ar) +42 System.Web.AsyncEventExecutionStep.OnAsyncEventCompletion(IAsyncResult ar) +8679379

 

============================

 

Regards

Jon

Answer 5

I had the opportunity to talk to someone on the share point team at Microsoft. When I asked how to get it working they said "the only people who are using Federated services in the industry is the internal federated service team." He said to keep it simple:

1. Stand up a new forest/domain  

2. Enable a one way trust between the internal forest and the new forest. 

3. All accounts that would have been serviced by FS will live in the external domain.

 

Downside, is having to redo any complex GPOs that exist in the internal domain to the external domain. Added administration of new forest.

Upside not having to call MS on how to get this fixed, dealing with bugs/patches since the end user is QA. Two factor Auth can be implemented easily since using a standard config, ____ all sorts of plugins will work since this is a standard install.