The Security Token Service is not available
-
16-10-2019 - |
문제
After a fresh install of SharePoint Server 2010 (Standalone) on Server 2008 R2 I get this warning from the Health Analyzer: "The Security Token Service is not available."
The Windows Application event log is also full of these errors:
Source: Microsoft-SharePoint Products-SharePoint Foundation
Event ID: 8306
Task Category: Claims Authentication
Level: Error
Description: An exception occurred when trying to issue security token: The server did not provide a meaningful reply; this might be caused by a contract mismatch, a premature session shutdown or an internal server error..
I've got the KB976462 hotfix installed, and have tried every remedy I could find with Google but the problem remains.
Has anyone got any ideas?
Update: an example of this error from the SharePoint trace log:
07/22/2010 15:15:44.08 OWSTIMER.EXE (0x05F8) 0x0340 SharePoint Foundation Monitoring nasq Medium Entering monitored scope (Timer Job MetadataHubTimerJob) cab840d1-04ed-435a-bdec-56489baf89e7
07/22/2010 15:15:44.08 OWSTIMER.EXE (0x05F8) 0x0340 SharePoint Server Taxonomy 8yq5 Medium Metadata Hub timer job starts. cab840d1-04ed-435a-bdec-56489baf89e7
07/22/2010 15:15:44.09 OWSTIMER.EXE (0x05F8) 0x0340 SharePoint Foundation Claims Authentication fsq7 High Request for security token failed with exception: System.ServiceModel.CommunicationException: The server did not provide a meaningful reply; this might be caused by a contract mismatch, a premature session shutdown or an internal server error. Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Ru... cab840d1-04ed-435a-bdec-56489baf89e7
07/22/2010 15:15:44.09* OWSTIMER.EXE (0x05F8) 0x0340 SharePoint Foundation Claims Authentication fsq7 High ...ntime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at Microsoft.IdentityModel.Protocols.WSTrust.IWSTrustContract.Issue(Message message) at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr) at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo) cab840d1-04ed-435a-bdec-56489baf89e7
07/22/2010 15:15:44.09 OWSTIMER.EXE (0x05F8) 0x0340 SharePoint Foundation Claims Authentication 8306 Critical An exception occurred when trying to issue security token: The server did not provide a meaningful reply; this might be caused by a contract mismatch, a premature session shutdown or an internal server error.. cab840d1-04ed-435a-bdec-56489baf89e7
07/22/2010 15:15:44.10 OWSTIMER.EXE (0x05F8) 0x0340 SharePoint Server Taxonomy ch5x Monitorable Proxy Managed Metadata Service throws an exception: System.ServiceModel.CommunicationException: The server did not provide a meaningful reply; this might be caused by a contract mismatch, a premature session shutdown or an internal server error. Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.... cab840d1-04ed-435a-bdec-56489baf89e7
07/22/2010 15:15:44.10* OWSTIMER.EXE (0x05F8) 0x0340 SharePoint Server Taxonomy ch5x Monitorable ...Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at Microsoft.IdentityModel.Protocols.WSTrust.IWSTrustContract.Issue(Message message) at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr) at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo) at Microsoft.SharePoint.SPSecurityContext.<>c__DisplayClass7.<GetProcessSecurityTokenForServiceContext>b__6() at Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated secureCode) at Micro... cab840d1-04ed-435a-bdec-56489baf89e7
07/22/2010 15:15:44.10* OWSTIMER.EXE (0x05F8) 0x0340 SharePoint Server Taxonomy ch5x Monitorable ...soft.SharePoint.SPSecurityContext.GetProcessSecurityTokenForServiceContext() at Microsoft.SharePoint.SPChannelFactoryOperations.CreateChannelAsProcess[TChannel](ChannelFactory`1 factory, EndpointAddress address, Uri via) at Microsoft.SharePoint.SPChannelFactoryOperations.CreateChannelAsProcess[TChannel](ChannelFactory`1 factory, EndpointAddress address) at Microsoft.SharePoint.Taxonomy.MetadataWebServiceApplicationProxy.GetChannel(Uri address, Boolean& cachedChannel) at Microsoft.SharePoint.Taxonomy.MetadataWebServiceApplicationProxy.<>c__DisplayClass2c.<RunOnChannel>b__2b() at Microsoft.Office.Server.Security.SecurityContext.RunAsProcess(CodeToRunElevated secureCode) at Microsoft.SharePoint.Taxonomy.MetadataWebServiceApplicationProxy.<>c__DisplayClass2c.<RunOnChann... cab840d1-04ed-435a-bdec-56489baf89e7
07/22/2010 15:15:44.10* OWSTIMER.EXE (0x05F8) 0x0340 SharePoint Server Taxonomy ch5x Monitorable ...el>b__2a() at Microsoft.Office.Server.Utilities.MonitoredScopeWrapper.RunWithMonitoredScope(Action code) at Microsoft.SharePoint.Taxonomy.MetadataWebServiceApplicationProxy.RunOnChannel(CodeToRun codeToRun, Double operationTimeoutFactor) at Microsoft.SharePoint.Taxonomy.MetadataWebServiceApplicationProxy.GetIsServiceApplicationPartitioned() at Microsoft.SharePoint.Taxonomy.ContentTypeSync.Internal.HubTimerJobDefinition.Execute(SPJobState jobState) cab840d1-04ed-435a-bdec-56489baf89e7
07/22/2010 15:15:44.10 OWSTIMER.EXE (0x05F8) 0x0340 SharePoint Server Taxonomy 8yq6 Medium Metadata Hub timer job ends. cab840d1-04ed-435a-bdec-56489baf89e7
07/22/2010 15:15:44.10 OWSTIMER.EXE (0x05F8) 0x0340 SharePoint Foundation Monitoring b4ly Medium Leaving Monitored Scope (Timer Job MetadataHubTimerJob). Execution Time=11.509195408448 cab840d1-04ed-435a-bdec-56489baf89e7
해결책
I ran into this problem. It turns out that our corporate standard IIS installation made changes to the .NET configuration that conflicted with SharePoint. Basically, SharePoint's web.config files include a "windowsAuthentication" configuration. That was locked by the applicationHost.config file that disallows that.
- Edit C:\Windows\System32\inetsrv\config\applicationHost.config
- Change: <windowsAuthentication enabled="true" lockAttributes="enabled">
To: <windowsAuthentication enabled="true"> - IISRESET
Other potential reasons I've read about for this are:
- The site is set to run in 32 bit mode
- The site does not have full trust
- The application pool is not running
Basically, it's an IIS/.NET problem.
다른 팁
I also ran into this problem, but in my case it was very simple to resolve:
The SharePoint Web Services site was stopped; once it was started the problem disappeared.
Did you check the WMSvc Certificate expiry date?
Had this issue when the password for the domain account used for one of the services was changed. Had to update the password in Central Admin -> Security -> Configure managed accounts
We had the same issue and hopefully this will help you too.
Try this to reprovision the security token sevice! http://blogs.msdn.com/b/sowmyancs/archive/2010/07/16/sharepoint-2010-service-applications-bcs-metadata-access-service-are-not-working.aspx?CommentPosted=true
PS C:\Users\sowmyans> Get-SPServiceApplication
DisplayName TypeName Id
----------- -------- --
Access Services Access Services W... 77562ca9-5c80-45f4-9a21-6d86c013eb75
Secure Store Service Secure Store Serv... 5eceb8dd-ef3d-4c7d-b900-59436e4743a1
State Service State Service 54dfbd6d-dc83-48e9-9b79-a52853aad23d
PerformancePoint ... PerformancePoint ... 7556e63a-4c50-400c-8788-de6724b64ab7
Visio Graphics Se... Visio Graphics Se... ac3ab2e0-3952-473d-9901-001b050ef945
Managed Metadata ... Managed Metadata ... 32eeb3d8-b710-4635-81d5-771701072593
Web Analytics Ser... Web Analytics Ser... 9cb8fdbb-c87c-4c11-9c91-d89e04aec703
Excel Services Ap... Excel Services Ap... 8918fc32-b6f2-49ad-9d60-f0d7a866d85d
Security Token Se... Security Token Se... 033b6266-261d-4318-9a9a-36f0e390d346
Application Disco... Application Disco... 80a9e9de-88d0-4ce1-8108-380117fc1c11
Usage and Health ... Usage and Health ... 746c7339-1e8c-47ae-8583-ea80faae5fac
Search Administra... Search Administra... 944cfcd9-155e-41c0-82b7-95386d737fcb
Word Automation S... Word Automation S... c2a414b6-dfb7-4974-8eb4-6c2c6da65af0
Application Regis... Application Regis... e1131c58-0242-4aab-9156-1de22c2be8a4
User Profile Serv... User Profile Serv... 24f623c3-d368-4901-aee0-aed2f8e3f129
Business Data Con... Business Data Con... 2d21dffe-a188-42d7-b46e-04850805bcde
Lotus Notes Conne... Lotus Notes Conne... 115431c5-80e7-40d4-bdd8-7a7254951714
Search Service Ap... Search Service Ap... 1f69450e-c835-4219-9b46-7f444c204059
PS C:\Users\sowmyans> $sts = Get-SPServiceApplication | ?{$_ -match "Security"}
PS C:\Users\sowmyans> $sts
DisplayName TypeName Id
----------- -------- --
Security Token Se... Security Token Se... 033b6266-261d-4318-9a9a-36f0e390d346
PS C:\Users\sowmyans> $sts.StatusOnlinePS C:\Users\sowmyans> $sts.Provision()