Tuesday, February 18, 2014

SharePoint 2010: Health Analyzer: The Security Token Service is not available

Problem

You find the following entry in the SharePoint 2010 Central Administration Review problems and solutions All Reports listing:

TitleThe Security Token Service is not available
Severity2 - Warning
CategoryAvailability
ExplanationThe Security Token Service is not issuing tokens. The service could be malfunctioning or in a bad state.
RemedyAdministrator should try to restart the Security Token Service on the boxes where it is not issuing tokens. If problem persists, further troubleshooting may be available in the KB article. For more information about this rule, see "http://go.microsoft.com/fwlink/?LinkID=160531".
Failing Servers[NameOfFailingServer]
Failing ServicesSPSecurityTokenService (SecurityTokenService)
Rule SettingsView
 
And looking in the Windows Server Application log, you see the following error event occuring once every 15 minutes:
Log Name:      Application
Source:        Microsoft-SharePoint Products-SharePoint Foundation
Date:          [date/time]
Event ID:      8306
Task Category: Claims Authentication
Level:         Error
Keywords:     
User:          [domain\FarmServiceAccount]
Computer:      [NameOfFailingServer]
Description:
An exception occurred when trying to issue security token: Could not 
connect to 
http://localhost:[port]/SecurityTokenServiceApplication/securitytoken.svc/actas. 
TCP error code 10061: No connection could be made because the target 
machine actively refused it 127.0.0.1:[port]. .
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-SharePoint Products-SharePoint Foundation" 
Guid="{6FB7E0CD-52E7-47DD-997A-241563931FC2}" />
    <EventID>8306</EventID>
    <Version>14</Version>
    <Level>2</Level>
    <Task>47</Task>
    <Opcode>0</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime="[date/time]" />
    <EventRecordID>29898</EventRecordID>
    <Correlation ActivityID="{4F0A4944-93C2-44D8-9C81-68162604774B}" />
    <Execution ProcessID="7128" ThreadID="3156" />
    <Channel>Application</Channel>
    <Computer>[NameOfFailingServer]</Computer>
    <Security UserID="S-1-5-21-3026233045-20759957-1393672501-82644" />
  </System>
  <EventData>
    <Data Name="string0">Could not connect to 
http://localhost:[port]/SecurityTokenServiceApplication/securitytoken.svc/actas. 
TCP error code 10061: No connection could be made because the target machine 
actively refused it 127.0.0.1:[port]. </Data>
  </EventData>
</Event>
Solution
  1. Solution A: Restart the Security Token Service application pool:
    1. As Administrator, launch IIS Manager.
    2. In the Connections pane (at left), expand the tree to view Application Pools.
    3. Select Application Pools.  This updates the results pane (center pane).
    4. Right-click on SecurityTokenServiceApplicationPool, and then click Stop.
    5. Right-click on SecurityTokenServiceApplicationPool, and then click Start.
    6. Go back to Central Administration, Review problems and solutions :All Reports view.
    7. Click on the issue, The Security Token Service is not available.
    8. Click Re-analyze Now.
    9. Click Close.
    10. Refresh after several minutes.
  2. Solution B: Re-provision the service
    1. Launch the SharePoint Management Shell as Administrator.
    2. Run the following script:
      $sts = Get-SPServiceApplication | ?{$_ -match "Security"}
      $sts.Status
      $sts.Provision()​
      
    3. Go back to Central Administration, Review problems and solutions :All Reports view.
    4. Click on the issue, The Security Token Service is not available.
    5. Click Re-analyze Now.
    6. Click Close.
    7. Refresh after several minutes.
References

No comments: