.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Register
 
Win Surprise Gifts!!!
Congratulations!!!


Post New Web Links

Security Token Service is not available

Posted By:      Posted Date: October 12, 2010    Points: 0   Category :SharePoint
 

After converting a Web Application from Classic mode to Claims Based using Powershell I can no longer access my Web Applications.

When turnign off custom errors and setting Call Stack to true. I see the below error message:

The server did not provide a meaningful reply; this might be caused by a contract mismatch, a premature session shutdown or an internal server error.

Looking into Central Admin I see an error for the Security Token Service. The Security Token Service is not available. Explanation:

The Security Token Service is not issuing tokens. The service could be malfunctioning or in a bad state.

If I look in the App Event Logs I see:

An exception occurred when trying to issue security token: The server did not provide a meaningful reply; this might be caused by a contract mismatch, a premature session shutdown or an internal server error..

I have applied the WCF Hotfix and restrated the server. What is causing this issue?

I am using SharePoint Foundation 2010

Any assistance is greatly needed!




View Complete Post


More Related Resource Links

Geneva Framework: Building A Custom Security Token Service

  

A Security Token Service, or STS, acts as a security gateway to authenticate callers and issue security tokens carrying claims that describe the caller. See how you can build a custom STS with the "Geneva" Framework.

Michele Leroux Bustamante

MSDN Magazine January 2009


Windows Identity Foundation Security Token Service can't stay logged in

  
I'm using the Windows Identity Foundation **(WIF)** Security Token Service **(STS)** to handle authentication for my application which is working all well and good. However I can't seem to get any long running login with the STS. From my understanding I shouldn't care about the client tokens at the application level since they can expire all they want to and it should redirect me to the STS and as long as they're still logged in on the STS it should refresh their application token. Yet it doesn't seem to want to keep them signed in. Here's what occurs in my login.aspx on the STS var cookie = FormsAuthentication.GetAuthCookie(userName, persistTicket); if (persistTicket) cookie.Expires = DateTime.Now.AddDays(14); Response.Cookies.Add(cookie); var returnUrl = Request.QueryString["ReturnUrl"]; Response.Redirect(returnUrl ?? "default.aspx"); Which was taken almost directly from existing application using normal Forms Auth. From my web.config <authentication mode="Forms"> <forms loginUrl="Login.aspx" protection="All" timeout="2880" name=".STS" path="/" requireSSL="false" slidingExpiration="true" defaultUrl="default.aspx" cookieless="UseDeviceProfile" enableCrossAppRedirects="false" /> </auth

The Security Token Service is not available

  
I set up SharePoint 2010 Beta on a Windows 2008 R2 server and am going through the Central Administration - Review problems and solutions: All Reports - The Security Token Service is not available and the failing service is SPSecurityTokenService.Should not this service if available been installed during installation time?  It says "The Security Token Service is not issuing tokens.  The service could be malfunctioning or in a bad state.I don't want to go any further with setting up this until I can get an answer on how to fix this?Thanks

Just installed SP2010 RTM. Now receiving "The Security Token Service is not available" error.

  

I have spent the better part of today researching this error and have not been able to resolve it. I made sure the "SharePoint Web Services" application pool was started. I have also rebooted the server. There was a lot of mention about a HotFix, but it was already installed. Anyone have any other ideas?

Here is the error:

The SharePoint Health Analyzer detected a condition requiring your attention. The Security Token Service is not available.

The Security Token Service is not issuing tokens. The service could be malfunctioning or in a bad state.

Administrator should try to restart the Security Token Service on the boxes where it is not issuing tokens. If problem persists, further troubleshooting may be available in the KB article. For more information about this rule, see "http://go.microsoft.com/fwlink/?LinkID=160531".
 

WCF: Establishing Trust Between WCF Web Services and SharePoint 2010 Security Token Service, Part 3

  
Enable federated HTTP binding for a web service and establish trust between the Windows Communication Foundation (WCF) web service and the SharePoint 2010 security token service.

Security Token Service is not available

  

I have a problem similar to others posted, but with a different error detail and I have tried most of the fixes listed in the other posts with no success.

We just performed an in-place upgrade from SP2007 to SP2010 standard.  We are using Kerberos authentication in a two server farm, both servers are Windows 2008 SP2.  Immediately after the upgrade, the subject error message appeared in Central Admin.  When I try to navigate to http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc, I get the following Error and Stack Trace...any help will be GREATLY appreciated.

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

[MethodAccessException: Microsoft.SharePoint.IdentityModel.SPSecurityTokenServiceHostFactory..ctor()]
   System.Reflection.MethodBase.PerformSecurityCheck(Object obj, RuntimeMethodHandle method, IntPtr parent, UInt32 invocationFlags) +0
   System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo

Security Briefs: Regular Expression Denial of Service Attacks and Defenses

  

Microsoft security expert Bryan Sullivan believes denial-of-service blackmail attacks will become more common as privilege escalation attacks become more difficult to execute. He demonstrates how to protect your apps against regular expression DoS threats.

Bryan Sullivan

MSDN Magazine May 2010


Security Briefs: XML Denial of Service Attacks and Defenses

  

This article reviews what makes XML vulnerable to denial of service attacks and how to mitigate these attacks.

Bryan Sullivan

MSDN Magazine November 2009


Claims to windows token service wont start in Central administration

  
Not sure if this is a bug or some setting I just dont understand but I cannot get the claims to windows token service from manage services to show as started. When I click start I get this error in the event viewer: An attempt to start/stop instance of service Claims to Windows Token Service on server <SERVERNAME> did not succeed. Re-run the action via UI or command line on the specified server. Additional information is below. c2wts (DOMAIN\sp_farm) I have searched and searched for an answer. This thread http://social.technet.microsoft.com/Forums/en-US/sharepoint2010setup/thread/6b865ead-970b-4460-9dcf-1cc6d6d8530b talks about needing a connection to the internet, but my server is connected to the internet so i think i can rule that out. Also I have read that c2wts depends on the crypto service. I have run this command with no success: sc config c2wts depend= cryptsvc I can start the c2wts service through services.msc and it is succesful. But central administration still shows it is stopped. I have also re-run the installer in repair mode, and re-run the initial configuration wizard, maintaining all of the same settings as the previous installation. That didn't help. Basically, I'm out of ideas and I cant find much about this on the web. Any ideas?

Security settings for this service require Windows Authentication but it is not enabled for the IIS

  
Hosting service in IIS 5.1   Config is set to transport layer security. SSL is installed and configured on the virtual folder and BasicHTTP bidings are being used for connection. Authentication in web.config is set to Windows Authorization in web.config is set to Deny Users="?" and Allow Users="*"   When trying to connect to the service using IE, it throws exception that "Security settings for this service require Windows Authentication but it is not enabled for the IIS application that hosts this service. "   Can some one tell me what is missing?   Do I have to set anything in Web.Config?   I need to achieve following using Basic HTTP binding   Transport Layer security (SSL), Windows Domain Authentication, Use  user's Domain identity to impersonate the user in service   Please suggest the settings if any   Thanks

Silverlight enabled web service security error

  
I tried to create a SL enabled Web Service by following the example from the Microsoft link: http://msdn.microsoft.com/en-us/library/cc197940(VS.95).aspx When I got to step 6 to test the web service that I created (View in Browser), I got the following error:  Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service. My IIS is located on my local machine with Windows Integrated Authentication and Anonymous access unchecked. After checking the Anonoymous access checkbo, I still got the above error. I have read other post on the Internet that Silverlight uses BasicHttpbinding but the settings in the web.config file was created by Visual Studio 2010 (running .NET 4.0), so I didn't think I need to mess with it. The following is the section from the web.config: <system.serviceModel>   <behaviors>    <serviceBehaviors>     <behavior name="">      <serviceMetadata httpGetEnabled="true" />      <serviceDebug includeExceptionDetailInFaults="false" />     </behavior>    </serviceBehaviors>   </behaviors>   <bindings>    <customBinding>     <binding name=

Security Context Token verification failed. (The security protocol cannot verify the incoming messag

  
Hello, I would like implement Message Lever security with username/password authentication on HTTP. My environment looks something like this.  Server Side - Message lever security is configured on service.           <security mode="Message">             <message clientCredentialType="UserName" negotiateServiceCredential="True"/>           </security> - CA and self signed certificates are created on server and configured. ServiceCredentials are looks like this <serviceCredentials> <serviceCertificate findValue="CertForIdm" storeLocation="LocalMachine" storeName="My" x509FindType="FindByIssuerName" /> <userNameAuthentication userNamePasswordValidationMode="MembershipProvider" membershipProviderName="IfMembershipProvider" /> </serviceCredentials> Client Side (References are generated by VS) - Binding configuration                 <binding name="WSHttpBinding_IWaypoint2" closeTimeout="00:11:00"                     openTimeout="00:11:00" receiveTimeout="00:10:00" sendTimeout="00:11:00"  &nb

PDF Rendering from RS2005 web service affected by recent security patching.

  
p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0cm;margin-bottom:.0001pt;font-size:11.0pt;font-family:'Calibri','sans-serif';} span.EmailStyle15 {font-family:'Calibri','sans-serif';color:windowtext;} .MsoChpDefault {;} @page Section1 {size:612.0pt 792.0pt;margin:72.0pt 72.0pt 72.0pt 72.0pt;} div.Section1 {page:Section1;} p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0cm;margin-bottom:.0001pt;font-size:11.0pt;font-family:'Calibri','sans-serif';} span.EmailStyle15 {font-family:'Calibri','sans-serif';color:windowtext;} .MsoChpDefault {;} @page Section1 {size:612.0pt 792.0pt;margin:72.0pt 72.0pt 72.0pt 72.0pt;} div.Section1 {page:Section1;} One of our web services makes a call to the RS2005 ReportingServiceSoapClient Render method in order to generate reports as PDFs. This PDF is then copied to a fileshare where it is picked up by a third party document delivery product and distributed to our clients. The third party process uses ghostscript in order to convert the PDF to TIFF format to allow further processing. This has been working successfully for months (and in a legacy project using an older version of SQL RS2003 for a few years now).Recently one of our report servers was patched with the SP2 / Hotfix for the ActiveX printing issue. Since this has happened we have a problem where the PDFs being generated (while still readable in Adobe reader) now cont

Creating service application w/ Requirement for MySite security profile to be maintained

  
Good Day; In Sharepoint 2010 Microsoft has given the developer the ability to create a service application that can have its own database and scale independantly from the rest of the Sharepoint farm.   I wish to create a Service Application that will store data much like a list, but I need to have the ability to use the same security trimming that the profiles offer via MySites.  We need to have the granularity at a user level that we can get in MySites but I do not wish to store this data in the Mysite collections.  Can the security granularity found in Mysites and Profiles be extended into a Service Application?  Any examples of others doing this or case studies around security that I can be pointed to would be most helpful. Cheers C

Creating service application w/ Requirement for MySite security profile to be maintained

  
Good Day; In Sharepoint 2010 Microsoft has given the developer the ability to create a service application that can have its own database and scale independantly from the rest of the Sharepoint farm.   I wish to create a Service Application that will store data much like a list, but I need to have the ability to use the same security trimming that the profiles offer via MySites.  We need to have the granularity at a user level that we can get in MySites but I do not wish to store this data in the Mysite collections.  Can the security granularity found in Mysites and Profiles be extended into a Service Application?  Any examples of others doing this or case studies around security that I can be pointed to would be most helpful. Cheers C

WCF Security Interoperability with Java web service

  
Hi everybody, I'm implementing a WCF client which talks to a Java web service secured with x509 certificates and username token. The service requires both signing and encryption as message protection. Thanks to Yaron Naveh and some other guys on this forum I've managed to solve the signing stuff, but the encryption seems to be much more difficult. The problem I'm facing now is the server cannot decrypt my messages - I'm getting HTTP 500 errors. I've got a request example from the service vendor and compared with the messages my client generates, there is only one difference: in the example provided by service vendor I can see an extra tag KeyInfo under the EncryptedData, which seems to me reasonable to be there, but I don't know why WCF doesn't put that item. These are the two SOAP request sections I'm talking about: My WCF client: <s:Body u:Id="_1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <e:EncryptedData Id="_2" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#"> <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> <e:CipherData> <e:CipherValue> <!-- Removed--> </e:CipherValue> </e:Cipher
Categories: 
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend