The Security Token Service is not available error on dedicated Distributed Cache server

I have an error on a dedicated Distributed Cache server stating that the Security Token Service is not available. I was under the impression that when Distributed Cache was running on a dedicated server that the only service that should be enabled
is Distributed Cache.
The token service is working as expected on all other servers but this one. Does this service need to be started or should I just ignore this error message?
Jennifer Knight (MCITP, MCPD)

as per my little experience with 2013, if STS is working fine on Web server then I am sure that sharepoint will be fine...Distributed cache stores the ST issued by STS. NO need to worry about this error.
Login
Token Cache
DistributedLogonTokenCache
This
cache stores the security token issued by a Secure Token Service for use by any web server in the server farm. Any web server that receives a request for resources can access the security token from the cache, authenticate the user, and provide access to the
resources requested.
I would say check the ULS logs and get more details about the error why its not working on that server.
Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog

Similar Messages

The Security Token Service is not available -- SP Server on Windows 7

I just installed SharePoint Server 2010 on a Windows 7 workstation with the aim of setting up a development environment.
Installed all the prerequisites, then SP, everything seemed to go smoothly.
However, the Health Analyzer is warning my that "the Security Token Service is not available". It says that the "Administrator should try to restart the Security Token Service"
I looked under Services for my computer and also looked in IIS, did not see any thing that referenced security tokens. Where would I find the security token service?
Thanks.

No.
In Central Admin>Application Management>Manage Service Applications I see the
Security Token Service Application is running. But the health analyzer is still saying that
The Security Token Service is not available.
Any advice on resolving this would be greatly appreciated.

The Security Token Service is not available.

hi,
1. service check failed--
http://localhost:port/SecurityTokenServiceApplication/securitytoken.svc
Gettng Error message
2. while provision it again..
Get-SPServiceApplication | ?{$_ -match "Security"}
$sts.Status (result got -online)
$sts.Provision()
----Successful...
3.Event at Event viewer,..
WebHost failed to process a request.
Sender Information: System.ServiceModel.Activation.HostedHttpRequestAsyncResult/31626309
Exception: System.Web.HttpException: The service '/SecurityTokenServiceApplication/securitytoken.svc' does not exist. ---> System.ServiceModel.EndpointNotFoundException: The service '/SecurityTokenServiceApplication/securitytoken.svc' does not exist.
at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath)
at System.ServiceModel.ServiceHostingEnvironment.EnsureServiceAvailableFast(String relativeVirtualPath)
at System.ServiceModel.Activation.HostedHttpRequestAsyncResult.HandleRequest()
at System.ServiceModel.Activation.HostedHttpRequestAsyncResult.BeginRequest()
--- End of inner exception stack trace ---
at System.ServiceModel.AsyncResult.End[TAsyncResult](IAsyncResult result)
at System.ServiceModel.Activation.HostedHttpRequestAsyncResult.End(IAsyncResult result)
Process Name: w3wp
Process ID: 5752
---------------------And-----------------------------
Event 8306
An exception occurred when trying to issue security token: The requested service, 'http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc'
could not be activated. See the server's diagnostic trace logs for more information..
Please help----------------
Prasad kambar

Check this article
http://blogs.technet.com/b/sykhad-msft/archive/2012/02/25/sharepoint-2010-nailing-the-error-quot-the-security-token-service-is-unavailable-quot.aspx
and similar thread
https://social.technet.microsoft.com/Forums/office/en-US/78cd4366-b11b-4300-93a4-4135d55f561f/error-8306-an-exception-occurred-when-trying-to-issue-security-token-please-help?forum=sharepointgeneralprevious
though it is SharePoint 2010 but will work similar in sps 2013 also

Security Token Service application not working

Trying to use secure store service to access userprofileservice.asmx methods within Infopath 2010 form(doesn't contain any managed code). Created tareget application and using udcx file within the data connection library according to Microsoft tech articles.
I see errors related to accessing securitytokenservice application.It keeps on erroring out within the ULS logs, something like below
http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc/actas.
TCP error code 10061: No connection could be made because the target machine actively refused it ::1:32843
Used below links but no luck.
Method 2 of http://support.microsoft.com/kb/981684
http://support.microsoft.com/kb/2493524
http://www.avanadeblog.com/sharepointasg/iis/
My http://localhost works but i don't see
http://localhost:32843 working.
When i run netstat -a within command prompt i see port 32843 is working since the state of it is shown as "listening".
When i browse to
http://localhost:32843/SecurityTokenServiceApplication i see HTTP 404 error.
It is same with other services under SharePoint Web Services Site within IIS.
I see the same HTTP 404 error. The Security Token Service application pool is running.
I'm trying to make this work within my development envirnoment and i don't see the security token service application
working in my Production or test environment either. I have a standalone installation on my personal laptop and i don't see these things working there as well. If i had web.config file of a working Security token service application then i could have compared
that with the web.config on my developement box. This is the only thing i missed out on.
I'm kind of stuck with this since last one week and any help is appreciated.
Thanks, DC SharePointer

thanks Henrik.
Farm Servers already have WCF Hotfix (976462) and I also checked the STS authentication settings in IIS. Only windows and Anonymous access is enabled. I did make the change(Authentication mode of spStsActAsBinding to IssuedToken, it was SspiNegotiatedOverTransport) that
is suggested in the link you provided. But no luck. My STS web.config has below membership and role providers
<system.web>
    <membership>
      <providers>
        <add connectionStringName="DevSQLConn"
applicationName="/"
name="DevAspNetSqlMembershipProvider"
requiresQuestionAndAnswer="false"
type="System.Web.Security.SqlMembershipProvider,System.Web,Version=2.0.3600.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" />
      </providers>
    </membership>
    <roleManager enabled="true">
      <providers>
        <add connectionStringName="DevSQLConn"
applicationName="/"
name="DevAspNetSqlRoleManager"
type="System.Web.Security.SqlRoleProvider,System.Web,Version=2.0.3600.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" />
      </providers>
    </roleManager>
</system.web>
Does this have to do anything with my issue. I think at some point they might have configured to use form based authentication.
Thanks, DC SharePointer

Wsit: Modify the URL of the security token service at runtime

I've managed to modify the url of my webservice endpoint at runtime used by a client application with the BindingProvider.ENDPOINT_ADDRESS_PROPERTY. Is it also possible to modify the url of the security token service?

Check this article
http://blogs.technet.com/b/sykhad-msft/archive/2012/02/25/sharepoint-2010-nailing-the-error-quot-the-security-token-service-is-unavailable-quot.aspx
and similar thread
https://social.technet.microsoft.com/Forums/office/en-US/78cd4366-b11b-4300-93a4-4135d55f561f/error-8306-an-exception-occurred-when-trying-to-issue-security-token-please-help?forum=sharepointgeneralprevious
though it is SharePoint 2010 but will work similar in sps 2013 also

"The requested resource (/hello) is not available" Error of Servlet

Hello all,
I get HTTP STATUS 404 Error which states "The requested resource (/hello) is not available" even thought according to me I am doing everything perfectly.
Here is more information. If you can find out where the proble might be please
let me know because I am working on this for more than 9 hours.
I AM USING-<br>
TOMCAT 5.5.26 <br>
JRE 6 <br>
J2SDK 1.4.0 <br>
</B>
<BR><BR>
SYSTEM VARIABLES :<br>
<B>
CLASSPATH
</B>
C:\apache-tomcat-5.5.26\common\lib\servlet-api.jar <BR>
<B> JAVA_HOME</B> D:\j2sdk1.4.0
<BR>
<B>JRE_HOME</B> C:\Program Files\Java\jre6
<BR>
<B>TOMCAT_HOME </B>C:\apache-tomcat-5.5.26
<BR>
<P>
I have placed my hello.class file inside
<b>C:\apache-tomcat-5.5.26\webapps\ROOT\WEB-INF\classes</b>
also, i have modified web.xml file as<br>
<b>
<servlet>
<servlet-name>hello</servlet-name>
<servlet-class>hello</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>hello</servlet-name>
<url-pattern>hello</url-pattern>
</servlet-mapping>
</b><br><br>
But still I am not able to access my servlet when i type
http://localhost:8080/hello
I get the error I mentioned above.

Hi..Thanks for all those who have replied earlier. I feel I should add some more information.
I dont know what PACKAGE NAME you are talking about
I am pasting contents of my XML file located in :
**apache-tomcat-5.5.26\webapps\ROOT\WEB-INF\web.xml**
-->
- <web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4">
<display-name>Welcome to Tomcat</display-name>
<description>Welcome to Tomcat</description>
- 
- <servlet>
<servlet-name>org.apache.jsp.index_jsp</servlet-name>
<servlet-class>org.apache.jsp.index_jsp</servlet-class>
</servlet>
- <servlet-mapping>
<servlet-name>org.apache.jsp.index_jsp</servlet-name>
<url-pattern>/index.jsp</url-pattern>
</servlet-mapping>
- 
</web-app>
web.xml file located in
apache-tomcat-5.5.26\webapps\servlets-examples\WEB-INF
is given below:
<?xml version="1.0" encoding="ISO-8859-1"?>

<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">
<display-name>Servlet 2.4 Examples</display-name>
<description>
Servlet 2.4 Examples.
</description>

<filter>
<filter-name>Servlet Mapped Filter</filter-name>
<filter-class>filters.ExampleFilter</filter-class>
     <init-param>
     <param-name>attribute</param-name>
<param-value>filters.ExampleFilter.SERVLET_MAPPED</param-value>
     </init-param>
</filter>
<filter>
<filter-name>Path Mapped Filter</filter-name>
<filter-class>filters.ExampleFilter</filter-class>
     <init-param>
     <param-name>attribute</param-name>
<param-value>filters.ExampleFilter.PATH_MAPPED</param-value>
     </init-param>
</filter>
<filter>
<filter-name>Request Dumper Filter</filter-name>
<filter-class>filters.RequestDumperFilter</filter-class>
</filter>

<filter>
<filter-name>Set Character Encoding</filter-name>
<filter-class>filters.SetCharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>EUC_JP</param-value>
</init-param>
</filter>
<filter>
<filter-name>Compression Filter</filter-name>
<filter-class>compressionFilters.CompressionFilter</filter-class>
<init-param>
<param-name>compressionThreshold</param-name>
<param-value>10</param-value>
</init-param>
<init-param>
<param-name>debug</param-name>
<param-value>0</param-value>
</init-param>
</filter>

<filter-mapping>
<filter-name>Servlet Mapped Filter</filter-name>
     <servlet-name>invoker</servlet-name>
</filter-mapping>
<filter-mapping>
<filter-name>Path Mapped Filter</filter-name>
     <url-pattern>/servlet/*</url-pattern>
</filter-mapping>





<listener>
<listener-class>listeners.ContextListener</listener-class>
</listener>
<listener>
<listener-class>listeners.SessionListener</listener-class>
</listener>

<servlet>
<servlet-name>CompressionFilterTestServlet</servlet-name>
<servlet-class>compressionFilters.CompressionFilterTestServlet</servlet
-class>
</servlet>
<servlet>
<servlet-name>hello</servlet-name>
<servlet-class>hello</servlet-class>
</servlet>
</servlet>
<servlet>
<servlet-name>HelloWorldExample</servlet-name>
<servlet-class>HelloWorldExample</servlet-class>
</servlet>
<servlet>
<servlet-name>RequestInfoExample</servlet-name>
<servlet-class>RequestInfoExample</servlet-class>
</servlet>
<servlet>
<servlet-name>RequestHeaderExample</servlet-name>
<servlet-class>RequestHeaderExample</servlet-class>
</servlet>
<servlet>
<servlet-name>RequestParamExample</servlet-name>
<servlet-class>RequestParamExample</servlet-class>
</servlet>
<servlet>
<servlet-name>CookieExample</servlet-name>
<servlet-class>CookieExample</servlet-class>
</servlet>
<servlet>
<servlet-name>SessionExample</servlet-name>
<servlet-class>SessionExample</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>CompressionFilterTestServlet</servlet-name>
<url-pattern>/CompressionTest</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>HelloWorldExample</servlet-name>
<url-pattern>/servlet/HelloWorldExample</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>RequestInfoExample</servlet-name>
<url-pattern>/servlet/RequestInfoExample/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>RequestHeaderExample</servlet-name>
<url-pattern>/servlet/RequestHeaderExample</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>RequestParamExample</servlet-name>
<url-pattern>/servlet/RequestParamExample</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>CookieExample</servlet-name>
<url-pattern>/servlet/CookieExample</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>SessionExample</servlet-name>
<url-pattern>/servlet/SessionExample</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>hello</servlet-name>
<url-pattern>/servlet/hello</url-pattern>
</servlet-mapping>
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
     
<url-pattern>/jsp/security/protected/*</url-pattern>
     
     <http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
     <http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>

<role-name>tomcat</role-name>
     <role-name>role1</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/jsp/security/protected/login.jsp</form-login-page>
<form-error-page>/jsp/security/protected/error.jsp</form-error-page>
</form-login-config>
</login-config>

<security-role>
<role-name>role1</role-name>
</security-role>
<security-role>
<role-name>tomcat</role-name>
</security-role>


<env-entry>
<env-entry-name>minExemptions</env-entry-name>
<env-entry-type>java.lang.Integer</env-entry-type>
<env-entry-value>1</env-entry-value>
</env-entry>
<env-entry>
<env-entry-name>foo/name1</env-entry-name>
<env-entry-type>java.lang.String</env-entry-type>
<env-entry-value>value1</env-entry-value>
</env-entry>
<env-entry>
<env-entry-name>foo/bar/name2</env-entry-name>
<env-entry-type>java.lang.Boolean</env-entry-type>
<env-entry-value>true</env-entry-value>
</env-entry>
<env-entry>
<env-entry-name>name3</env-entry-name>
<env-entry-type>java.lang.Integer</env-entry-type>
<env-entry-value>1</env-entry-value>
</env-entry>
<env-entry>
<env-entry-name>foo/name4</env-entry-name>
<env-entry-type>java.lang.Integer</env-entry-type>
<env-entry-value>10</env-entry-value>
</env-entry>
</web-app>
My program hello.java is given below
import java.io.*;
import javax.servlet.http.*;
import javax.servlet.*;
public class hello extends HttpServlet {
public void doGet (HttpServletRequest req,
HttpServletResponse res)
throws ServletException, IOException
PrintWriter out = res.getWriter();
out.println("Hello, world!");
out.close();
}

DNS The Zone cannot be deleted - the active directory service is not available

Hello TechNet Members,
As you can see from the Summery, I got this message when I'm trying to delete DNS Zone.
It's not matter if the DNS Zone newly created or its an Old One.
After this message the computer is telling you "The Computer is about to make Restart".
It's so strange and i really don't know what to check first.
More Information:
5 Servers that Replicate together.
The Operation System is Windows Server 2012R2 for all the entire DC's
1 Domain In the Forest.
Thanks,

Hi Jesper,
DCdiag /fix and no errors in there everything marked as PASSED.
I did Demotion for one of the DC to troubleshoot, but with no luck i'm back to the same point i started
I tried to delete the brand new Zone from the commandline using DNScmd it's still not working and the computer is reboot himslef.
I've checked the permissions from the ADSIEdit.msc:
Inherit from MicrosoftDNS section to the ROOT
DNSAdmins > Full Control
Domain Admins > Full Control
From "DNS Server" section at the EventViewer
The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS
data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet
Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.
"The DNS server was unable to complete directory service enumeration of zone TestZone1. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active
Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error. "
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
Thanks,

Could Not Connect to Security Token Service Application

Receiving the following:
Get-SPSite : Could not connect to http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc. TCP error code 10061: No connection could be made
I have validated the site and app pool exist and are running... however, browsing to the url returns a 404 page. This is happening on 2/4 servers in my farm.
I have removed SharePoint and Web Server/Application Server Role from each server and re-installed SP to no avail... next step is re-image but thought I would check the blog-o-sphere first...
- Rick

any anti virus on the servers?
is there any details about the error after connection could be made?
also have a look: http://blogs.technet.com/b/sykhad-msft/archive/2012/02/25/sharepoint-2010-nailing-the-error-quot-the-security-token-service-is-unavailable-quot.aspx
Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog

Laptop (Running Windows 8.1) no longer able to print and now see message Active Directory Domain Services is not available

Have a very recent Lenovo Ideapad Laptop running Windows 8.1. Connected via USB port to HP LaserJet Pro CM1415 frw Color MFP Printer. Was able to print fine nearly 2 weeks ago, but something recently happened - either a new windows or office 2013 update
or perhaps I blew away a certain file by mistake. I can see the printer installed but cannot print to it from anything (Word, Notepad, IE, Firefox etc.). The one thing to note is that usually when I plug or unplug a USB related device, Windows 8.1 recognizes
this and makes a certain chime noise, but with the printer USB cable it never makes that noise - making me think that it never fully recognizes the printer. Also when I select the printer (from within the control panel) and right click for properties (via
admin rights) It never lets me fully connect to it.
I have tried all the usual remedies - remove, install all drivers, reinstall printer, Windows update, start/stop print spooler and all other printer related services, etc. Its really annoying because this printer was working fine nearly 2
weeks ago. Looking for any advice now. Thanks.
-Chris

Hi Chris,
à
I have tried all the usual remedies - remove, install all drivers, reinstall printer, Windows update, start/stop print spooler and all other printer related services, etc.
I noticed that you had reinstalled the printer. Just a confirmation, when un-install this printer, please check
if this printer still exist in registry. For more details, please refer to following KB.
Registry entries for printing
If printer entry still exist in registry, please delete that printer entry and re-install this printer again,
then check if this issue still exists. (Please backup registry entries before operating registry. It will help us to avoid unexpected issue.)
àand now see
message Active Directory Domain Services is not available
By the way, would you please let me know where/when get this
Active Directory Domain Services is not available error message? Or provide a screenshot of it?
(Please hide all protected or private information) Please check if all services are running correctly on the computer. Meanwhile, please refer to following article and check if can help you.
Printer
Problem: Active Directory Domain Services is currently unavailable – Why does windows say no printers are installed?
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft
does not guarantee the accuracy of this information.
If any update, please feel free to let me know.
Hope this helps.
Best regards,
Justin Gu

I am getting the message "The windows installer Service could not be accessed when trying to install Itunes on my new computer, any help would be appreciated.

I am getting the message "The windows installer Service could not be accessed when trying to install Itunes on my new computer, any help would be appreciated.

Hey there Frank0619,
If you have not been able to install iTunes because the Windows Installer service is not available, I would recommend the troubleshooting in the following troubleshooting to help.
Issues installing iTunes for Windows
These in particular:
Make sure you have an administrator account.
To install iTunes, you'll need to log in to your computer with an administrator password. If you're not sure if you have an administrator account, read Windows 7: How do I log on as an administrator? You could also refer to your computer's help system, contact your IT department, or visit support.microsoft.com for assistance.
Install the latest Microsoft Windows updates.
To download the latest updates, visit the Microsoft Windows Update website. iTunes for Windows requires Windows XP, Windows Vista, Windows 7, or Windows 8 with the latest Service Pack installed. If you can’t install the updates, refer to your computer's help system, contact your IT department, or visit support.microsoft.com for assistance.
Download the latest version of iTunes.
The latest version of iTunes can be downloaded at http://www.apple.com/itunes/download/.
Disable conflicting software.
Some Windows background processes can cause issues for other programs and processes. These conflicts can prevent applications, such as iTunes, from installing. Disable conflicting processes by starting your computer using MSConfig:
Using Msconfig to troubleshoot conflicts in Windows XP
Using Msconfig to troubleshoot conflicts in Windows Vista, Windows 7, and Windows 8
Some security software made by other companies can't be disabled using MSConfig. If you've installed security software and you're having issues installing iTunes or QuickTime for Windows, you might need to disable or uninstall security software to resolve installation issues.
Restart your computer.
Install iTunes.
Thank you for using Apple Support Communities.
All the best,
Sterling

XML-RPC Service is not available

I'm experiencing a problem where CF 8.01 will not start. the log shows the message "The XML-RPC service is not available. This exception is usually caused by service startup failure. Check your server configuration."
I traced this to a corrupted /lib/neo-xmlrpc.xml file; the structures being generated when I consume a local web service are malformed. If I reinitialize this file to its form as created when CF is installed, CF will start.
Below is an example of the corrupted structure:
<wddxPacket version='1.0'><header/><data><array length='3'><struct type='coldfusion.server.ConfigMap'><var name='http:// 123.123.123.2<char code='0d'/><char code='0d'/><char code='0a'/> /common/verifyUser.cfc?wsdl'><string>http:// 123.123.123.2<char code='0d'/><char code='0d'/><char code='0a'/> /common/verifyUser.cfc?wsdl</string></var></struct><struct type='coldfusion.server.ConfigMap'><var name='http:// 123.123.123.2<char code='0d'/><char code='0d'/><char code='0a'/> /common/verifyUser.cfc?wsdl'><string></string></var></struct><struct type='coldfusion.server.ConfigMap'><var name='http:// 123.123.123.2<char code='0d'/><char code='0d'/><char code='0a'/> /common/verifyUser.cfc?wsdl'><string></string></var></struct></array></data></wddxPacket>
The corruption is occurring on my developer installation on a windows xp machine. If I execute the same code on my standard server edition running on Windows Server, the structure for the same verifyUser web service looks like this:
<var name='http://123.123.123.1/common/verifyUser.cfc?wsdl'><string></string></var>
On both machines I'm running CF version 8,0,1,195765 with updates chf8010003.jar and hf801-1875.jar.
Has anyone else seen this or have any ideas on how to correct?

You're right. Here's what was happening:
My cfinvoke included webservice="http://#APPLICATION.server_ip_address#/common/verifyUser.cfc?wsdl". I was using the same code to extract the IP address, but different operating systems. So when I populated APPLICATION.server_ip_address without trimming, I was getting extraneous trailing garbage on the XP server version.
Thanks.

Security Token Service Application Pool high CPU

The SecurityTokenServiceApplicationPool seems to be using really high CPU at times and it seems to slow down the servercausing spike to almost 100% CPU, recycling takes care of it temporarily, it will also go down on its own but to a lesser extent.
I cant seem to see any cause of this in the logs.
The Security Token Service Application Pool isnt on a recycle schedule by default.
Does anyone recommend putting it on a recycle schedule?
What are some common causes of it
thanks
themush

Hi,
As I understand, the SecurityTokenServiceApplicationPool caused high CPU usage in your envrionment.
Would recycling the application pool be help?
To check if there is performance issue, please provide more information about your application server which host this service application.
http://technet.microsoft.com/en-us/library/cc262485(v=office.15).aspx#hwforwebserver
Here are some references for application pool high usage in SharePoint:
http://weblogs.asp.net/erobillard/thoughts-on-sharepoint-application-pools-recycling-and-quot-jit-lag-quot
http://blogs.technet.com/b/stefan_gossner/archive/2007/11/26/dealing-with-memory-pressure-problems-in-moss-wss.aspx
Regards,
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected] .
Rebecca Tu
TechNet Community Support

Errors with SharePoint Security Token Service: "The revocation function was unable to check revocation for the certificate"

I'm getting these errors in the eventlog and ULS, "An operation failed because the following certificate has validation errors:\n\nSubject Name: CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft, C=US\nIssuer Name: CN=SharePoint Root
Authority, OU=SharePoint, O=Microsoft, C=US\nThumbprint: <STS CERTIFICATE THUMBPRINT>\n\nErrors:\n\n RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate."
The errors point to the SharePoint Security Token Service as the issue ("The revocation function was unable to check revocation for the certificate") reported back by the Topology service. This is apparent when executing a search, accessing
the managed metadata service, issuing SPSite commands in Powershell, or anything that needs to run through the "SharePoint Web Services" site. I've looked at the certificate assigned to that site and everything appears to be in order.
It would seem to me to be either an incorrect endpoint configuration (internally cached perhaps?) or related to security access for the configuration database (in order to validate the certificate root).
What I’ve tried so far:
I’ve been all over the certificate settings, both in the server store, and within SharePoint Token Service config. Both appear to be configured correctly such that the root CAs can be validated.
Re-entered the passwords for the application pool domain accounts to eliminate these as a potential cause. I’ve also verified the service accounts reporting the error, do have access to the configuration database.
Re-provisioned the STS service to see if that might clear out any cached issues and validated everything else according to this
MS Tech note.
So far nothing has worked. Is there anything else I could be looking at that I've missed? (Full eventlog detail below)
Log Name: Application
Source: Microsoft-SharePoint Products-SharePoint Foundation
Date: 2/20/2015 11:19:41 AM
Event ID: 8311
Task Category: Topology
Level: Error
Keywords:
User: <SP SERVICE ACCOUNT>
Computer: <SHAREPOINTSERVER>
Description:
An operation failed because the following certificate has validation errors:\n\nSubject Name: CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft, C=US\nIssuer Name: CN=SharePoint Root Authority, OU=SharePoint, O=Microsoft, C=US\nThumbprint: <STS
CERT THUMBPRINT>\n\nErrors:\n\n RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-SharePoint Products-SharePoint Foundation" Guid="{6FB7E0CD-52E7-47DD-997A-241563931FC2}" />
<EventID>8311</EventID>
<Version>14</Version>
<Level>2</Level>
<Task>13</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2015-02-20T17:19:41.213852500Z" />
<EventRecordID>1611121</EventRecordID>
<Correlation />
<Execution ProcessID="10212" ThreadID="10328" />
<Channel>Application</Channel>
<Computer><SHAREPOINTSERVER></Computer>
<Security UserID="<SP SERVICE ACCOUNT>" />
</System>
<EventData>
<Data Name="string0">CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft, C=US</Data>
<Data Name="string1">CN=SharePoint Root Authority, OU=SharePoint, O=Microsoft, C=US</Data>
<Data Name="string2"><STS CERT THUMBPRINT></Data>
<Data Name="string3">RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate.
</Data>
</EventData>
</Event>

Hi Darren,
This problem seems to occur when an administrator deletes the local trust relationship of the farm from the Security section of the Central Administration website
In order to resolve this problem, the local trust relationship has to be created. This can be done by running the following PowerShell commands
$rootCert = (Get-SPCertificateAuthority).RootCertificate
New-SPTrustedRootAuthority -Name "localNew" -Certificate $rootCert
After running the above commands, perform an IISReset on all servers in the farm.
More information:
http://support.microsoft.com/kb/2545744
Best Regards,
Wendy
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Wendy Li
TechNet Community Support

Export/Import Error: The security token could not be authenticated

We currently are working in PLM 6.1.1 and users are experiencing Export/Import Issues, the error appears frequently with several users.
Steps:
1. A new token is generated from our QA environment
2. The user logs into Dev and transfers the token
3. In the export ADMIN area the user selects a section
4. In the QA environment the user schedules the import
5. The import is scheduled however the error is received after a few mins
Error Message:
The security token could not be authenticated or authorized ---> The directory service is unavailable.
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Xeno.Prodika.XenoDoc.Handlers.DRL.DrlService.GetAttachment(tIdentifier Identifier)
at Xeno.Prodika.XenoDoc.Handlers.DRL.DrlWebServiceLifecycleHandler.Load(IXDocument xdoc, String pkid)
at Xeno.Prodika.XenoDoc.BaseLibraryManager.LoadDocumentPhaseII(IXLibraryConfiguration libConfig, IXDocument xdoc, String pkid)
at Xeno.Prodika.XenoDoc.BaseLibraryManager.LoadDocument(String pkid)
at Xeno.Prodika.ExportImport.DataExchange.ImportRequestProcessor.ProcessRequest(IApplicationManager applicationManager, IImportRequestQueue request)
This error can be difficult to reproduce but occurs periodically.

This is likely a DRL issue. verify DRL is configured correctly and a valid PLM4P user is setup in the setup assistant. in addition, make sure you added the new app in IIS for DRLService (this is a doc bug we are correcting that we failed to include in the 611 guide). verify you can attach and then open an attachment on a material spec.

Web Service on JCS13.2: InvalidSecurityToken : The security token is not valid.

Hi,
I deployed a web service with the security policy @SecurityPolicy(uri = "oracle/wss_username_token_over_ssl_service_policy"). The WSDL file looks fine
But when I test it with SOAPUI and JDeveloper HTTP Analyzer, It always throws, InvalidSecurityToken : The security token is not valid.
The Web Service code is as below,
import javax.jws.WebMethod;
import javax.jws.WebService;
import weblogic.wsee.jws.jaxws.owsm.SecurityPolicies;
import weblogic.wsee.jws.jaxws.owsm.SecurityPolicy;
@WebService
@SecurityPolicy(uri = "oracle/wss_username_token_over_ssl_service_policy")
public class HelloWorld {
    public HelloWorld() {
        super();
    @WebMethod
    public String sayHi( String name ){
        return "Hello, " + name ;
What's the valid username and password for the web service deployed on JCS? Any suggestion and help is highly appreciated.

The SOAP request payload from SOAP UI is:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ws="http://ws/">
   <soapenv:Header>
      <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
         <wsse:UsernameToken wsu:Id="UsernameToken-3">
            <wsse:Username>[email protected]</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">XXXX</wsse:Password>
         </wsse:UsernameToken>
      </wsse:Security>
   </soapenv:Header>
   <soapenv:Body>
      <ws:sayHi>
         <arg0>Paula</arg0>
      </ws:sayHi>
   </soapenv:Body>
</soapenv:Envelope>
but the response is,
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
   <S:Body>
      <ns2:Fault xmlns:ns2="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns3="http://www.w3.org/2003/05/soap-envelope">
         <faultcode xmlns:ns0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ns0:InvalidSecurityToken</faultcode>
         <faultstring>InvalidSecurityToken : The security token is not valid.</faultstring>
      </ns2:Fault>
   </S:Body>
</S:Envelope>

The Security Token Service is not available error on dedicated Distributed Cache server

Similar Messages

Maybe you are looking for