locked
I think I may have deleted my SPSecurityTokenServiceConfig. Help! RRS feed

  • Question

  • So in the process of trying to delete a SPTrustedIdentityTokenIssuer, I think I may have fat-fingered and actually deleted my SPSecurityTokenServiceConfig.  Here is the error I get when trying to browse to 

    http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc

    Server Error in '/SecurityTokenServiceApplication' Application.

    The security token service manager is not available in the farm.

    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

    Exception Details: System.InvalidOperationException: The security token service manager is not available in the farm.

    Source Error:
    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

    Stack Trace:
    [InvalidOperationException: The security token service manager is not available in the farm.]
       Microsoft.SharePoint.Administration.Claims.SPSecurityTokenServiceManager.get_Local() +38788184
       Microsoft.SharePoint.IdentityModel.SPSecurityTokenServiceConfiguration..ctor() +76
    
    [TargetInvocationException: Exception has been thrown by the target of an invocation.]
       System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandleInternal& ctor, Boolean& bNeedSecurityCheck) +0
       System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache, StackCrawlMark& stackMark) +159
       System.RuntimeType.CreateInstanceDefaultCtor(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache, StackCrawlMark& stackMark) +256
       System.Activator.CreateInstance(Type type, Boolean nonPublic) +127
       System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, StackCrawlMark& stackMark) +14430237
       System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) +200
       System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture) +28
       Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceHostFactory.CreateSecurityTokenServiceConfiguration(String constructorString) +124
       Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceHostFactory.CreateServiceHost(String constructorString, Uri[] baseAddresses) +63
       Microsoft.SharePoint.IdentityModel.SPSecurityTokenServiceHostFactory.CreateServiceHost(String constructorString, Uri[] baseAddresses) +85
       System.ServiceModel.HostingManager.CreateService(String normalizedVirtualPath, EventTraceActivity eventTraceActivity) +1451
       System.ServiceModel.HostingManager.ActivateService(ServiceActivationInfo serviceActivationInfo, EventTraceActivity eventTraceActivity) +76
       System.ServiceModel.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath, EventTraceActivity eventTraceActivity) +901
    
    [ServiceActivationException: The service '/SecurityTokenServiceApplication/securitytoken.svc' cannot be activated due to an exception during compilation.  The exception message is: Exception has been thrown by the target of an invocation..]
       System.Runtime.AsyncResult.End(IAsyncResult result) +645492
       System.ServiceModel.Activation.HostedHttpRequestAsyncResult.End(IAsyncResult result) +210765
       System.Web.AsyncEventExecutionStep.OnAsyncEventCompletion(IAsyncResult ar) +166

    Get-SPSecurityTokenServiceConfig gives this:

    Get-SPSecurityTokenServiceConfig : The security token service manager is not
    available in the farm.
    At line:1 char:1
    + Get-SPSecurityTokenServiceConfig
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidData: (Microsoft.Share...nServiceManager:
       SPCmdletGetSecurityTokenServiceManager) [Get-SPSecurityTokenServiceConfig]
      , InvalidOperationException
        + FullyQualifiedErrorId : Microsoft.SharePoint.PowerShell.SPCmdletGetSecur
       ityTokenServiceManager

    Google seems to know nothing about this.

    Does anybody know how I can recreate my spsecuritytokenserviceconfig object?  Google is surprisingly not finding anyone who was as dumb as me.


    Friday, May 8, 2015 7:45 PM

Answers

  • If I recall last time I looked at this, it required you to rebuild the farm. While the Delete() method is public, the methods to create the STS were all marked internal/private.

    Trevor Seward

    Follow or contact me at...

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Friday, May 8, 2015 7:53 PM
  • One thing you'll want to at least try after a db restore (you'll need to restore the Config db, which is unsupported) is to clear the timer job cache. Probably what I would do, or try at least:

    Stop SharePoint services, especially the Administration and Timer service

    Restore Config db

    Clear the configuration cache on the SharePoint server

    Start the SharePoint services

    Run:

    $sts = Get-SPServiceApplication | where {$_.Name -like "*security*"}

    $sts.Provision()


    Trevor Seward

    Follow or contact me at...

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.


    Friday, May 8, 2015 7:58 PM

All replies

  • If I recall last time I looked at this, it required you to rebuild the farm. While the Delete() method is public, the methods to create the STS were all marked internal/private.

    Trevor Seward

    Follow or contact me at...

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Friday, May 8, 2015 7:53 PM
  • The good times roll!

    I am going to attempt a database restore and see how that goes.

    Friday, May 8, 2015 7:57 PM
  • One thing you'll want to at least try after a db restore (you'll need to restore the Config db, which is unsupported) is to clear the timer job cache. Probably what I would do, or try at least:

    Stop SharePoint services, especially the Administration and Timer service

    Restore Config db

    Clear the configuration cache on the SharePoint server

    Start the SharePoint services

    Run:

    $sts = Get-SPServiceApplication | where {$_.Name -like "*security*"}

    $sts.Provision()


    Trevor Seward

    Follow or contact me at...

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.


    Friday, May 8, 2015 7:58 PM
  • Our database backups were not available for irrelevant reasons (sigh).

    We went ahead and rebuilt our farm.

    Monday, May 11, 2015 4:53 PM