SharePoint 2010 : The Security Token Service is not available

Review problems and solutions

Review problems and solutions

This is the problem reported by SharePoint 2010 Beta after successful installation. This problem occurs due to missing WCF Hotfix KB 976462. SharePoint 2010 RTM installation has included this hotfix as it’s one of the prerequisites, the same you can check in Windows updates from control panel.

Before doing Hotfix installation you can confirm whether or not the service is working by browsing to http://localhost:<port>/SecurityTokenServiceApplication/securitytoken.svc The Security Token Service is a Web service that issues security tokens. If this gives you and specific error then you can troubleshoot the same, or else you can follow this.

And if it is there then don’t re-install it. But if not then please install this and reboot your system (update needs reboot) and confirm from the windows updates and it is successfully installed.

Windows Update

Windows Update

The sharepoint Health Analyzer report it only as warnings, but it is actually a fatal error as it results in failure of all claim aware services such as search service, for example: When a user start searching, WFE needs to talk to Search query componet, and if the Search query is hosted in a different server, WFE needs its local Security Token Service (STS) to collect claim, and then sends the claim to Search query component Server. Obviously unavailability of STS on WFE will break things totally.

What is the fix then?

STS is neither a SharePoint service, nor a window service, but actually a WCF web service, so first to check IIS if this web service or its application pool is running, and if they are, try to restart and if that still does not solve the problem. You need to re-provision STS service application. The STS service application is provisioned during sharepont configuration, and is not click-able from UI:

Security Token Service Application View

Security Token Service Application View

In order to re-provision the STS from Powershell:

$sts = get-spserviceapplication -identity {id of sts}
$sts.status
online
$sts.provision()

Additionally, disconnecting servers from farm and rejoining them can also fix this STS problem.

After doing all this we can check in the health analyzer whether our problem got solved or not. After looking at the screen shot it does seems that the problem is solved.

Review problems and solutions without STS

Review problems and solutions without STS

Okay, the screen shots shows lot of other issues, no worries, I will solve them one by one some time later.

Posted in Operating System, Sharepoint, Windows 7 Tagged with: ,
  • Nice site, nice and easy on the eyes and great content too.

  • Well written, thank you for the post.

  • I have many question about your post. I think u should write lot of more details. But Thanks anymore

  • hi.. i tried the steps but stil im stil getting the same error. when i tried to open the servicetokenservice.svc
    An ExceptionDetail, likely created by IncludeExceptionDetailInFaults=true, whose value is:
    System.InvalidOperationException: An exception was thrown in a call to a policy export extension.
    Extension: System.ServiceModel.Channels.TransportSecurityBindingElement
    Error: Security policy export failed. The binding contains a TransportSecurityBindingElement but no transport binding element that implements ITransportTokenAssertionProvider. Policy export for such a binding is not supported. Make sure the transport binding element in the binding implements the ITransportTokenAssertionProvider interface. —-> System.InvalidOperationException: Security policy export failed. The binding contains a TransportSecurityBindingElement but no transport binding element that implements ITransportTokenAssertionProvider. Policy export for such a binding is not supported. Make sure the transport binding element in the binding implements the ITransportTokenAssertionProvider interface.
    at System.ServiceModel.Channels.TransportSecurityBindingElement.System.ServiceModel.Description.IPolicyExportExtension.ExportPolicy(MetadataExporter exporter, PolicyConversionContext policyContext)
    at System.ServiceModel.Description.MetadataExporter.ExportPolicy(ServiceEndpoint endpoint)
    — End of inner ExceptionDetail stack trace —
    at System.ServiceModel.Description.ServiceMetadataBehavior.MetadataExtensionInitializer.GenerateMetadata()
    at System.ServiceModel.Description.ServiceMetadataExtension.EnsureInitialized()
    at System.ServiceModel.Description.ServiceMetadataExtension.HttpGetImpl.InitializationData.InitializeFrom(ServiceMetadataExtension extension)
    at System.ServiceModel.Description.ServiceMetadataExtension.HttpGetImpl.GetInitData()
    at System.ServiceModel.Description.ServiceMetadataExtension.HttpGetImpl.TryHandleDocumentationRequest(Message httpGetRequest, String[] queries, Message& replyMessage)
    at System.ServiceModel.Description.ServiceMetadataExtension.HttpGetImpl.ProcessHttpRequest(Message httpGetRequest)
    at SyncInvokeGet(Object , Object[] , Object[] )
    at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)
    at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc)
    at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc)
    at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage4(MessageRpc& rpc)
    at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)

    help me in this.

    Thanks in advanced