The Security Token Service is not available -- SP Server on Windows 7

Similar Messages

• The Security Token Service is not available error on dedicated Distributed Cache server

  I have an error on a dedicated Distributed Cache server stating that the Security Token Service is not available.  I was under the impression that when Distributed Cache was running on a dedicated server that the only service that should be enabled
  is Distributed Cache. 
  The token service is working as expected on all other servers but this one.  Does this service need to be started or should I just ignore this error message?
  Jennifer Knight (MCITP, MCPD)

  as per my little experience with 2013, if STS is working fine on Web server then I am sure that sharepoint will be fine...Distributed cache stores the ST issued by STS. NO need to worry about this error.
  Login
  Token Cache
  DistributedLogonTokenCache
  This
  cache stores the security token issued by a Secure Token Service for use by any web server in the server farm. Any web server that receives a request for resources can access the security token from the cache, authenticate the user, and provide access to the
  resources requested.
  I would say check the ULS logs and get more details about the error why its not working on that server.
  Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog

• The Security Token Service is not available.

  hi,
  1. service check failed--
   http://localhost:port/SecurityTokenServiceApplication/securitytoken.svc 
  Gettng Error message
  2. while provision it again..
   Get-SPServiceApplication | ?{$_ -match "Security"}
   $sts.Status (result got -online)
   $sts.Provision()
  ----Successful...
  3.Event at Event viewer,..
  WebHost failed to process a request.
   Sender Information: System.ServiceModel.Activation.HostedHttpRequestAsyncResult/31626309
   Exception: System.Web.HttpException: The service '/SecurityTokenServiceApplication/securitytoken.svc' does not exist. ---> System.ServiceModel.EndpointNotFoundException: The service '/SecurityTokenServiceApplication/securitytoken.svc' does not exist.
     at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath)
     at System.ServiceModel.ServiceHostingEnvironment.EnsureServiceAvailableFast(String relativeVirtualPath)
     at System.ServiceModel.Activation.HostedHttpRequestAsyncResult.HandleRequest()
     at System.ServiceModel.Activation.HostedHttpRequestAsyncResult.BeginRequest()
     --- End of inner exception stack trace ---
     at System.ServiceModel.AsyncResult.End[TAsyncResult](IAsyncResult result)
     at System.ServiceModel.Activation.HostedHttpRequestAsyncResult.End(IAsyncResult result)
   Process Name: w3wp
   Process ID: 5752
  ---------------------And-----------------------------
  Event 8306
  An exception occurred when trying to issue security token: The requested service, 'http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc' 
  could not be activated. See the server's diagnostic trace logs for more information..
  Please help----------------
  Prasad kambar

  Check this article
  http://blogs.technet.com/b/sykhad-msft/archive/2012/02/25/sharepoint-2010-nailing-the-error-quot-the-security-token-service-is-unavailable-quot.aspx
  and similar thread
  https://social.technet.microsoft.com/Forums/office/en-US/78cd4366-b11b-4300-93a4-4135d55f561f/error-8306-an-exception-occurred-when-trying-to-issue-security-token-please-help?forum=sharepointgeneralprevious
  though it is SharePoint 2010 but will work similar in sps 2013 also

• Security Token Service application not working

  Trying to use secure store service to access userprofileservice.asmx methods within Infopath 2010 form(doesn't contain any managed code). Created tareget application and using udcx file within the data connection library according to Microsoft tech articles.
  I see errors related to accessing securitytokenservice application.It keeps on erroring out within the ULS logs, something like below
  http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc/actas.
  TCP error code 10061: No  connection could be made because the target machine actively refused it ::1:32843
  Used below links but no luck.
  Method 2 of http://support.microsoft.com/kb/981684
  http://support.microsoft.com/kb/2493524
  http://www.avanadeblog.com/sharepointasg/iis/
  My http://localhost works but i don't see
  http://localhost:32843 working.
  When i run netstat -a within command prompt i see port 32843 is working since the state of it is shown as "listening".
  When i browse to
  http://localhost:32843/SecurityTokenServiceApplication i see HTTP 404 error.
  It is same with other services  under SharePoint Web Services Site within IIS.
  I see the same HTTP 404 error. The Security Token Service application pool is running.
  I'm trying to make this work within my development envirnoment and  i don't see the security token service application
  working in my Production or test environment either. I have a standalone installation on my personal laptop and i don't see these things working there as well. If i had web.config file of a working Security token service application then i could have compared
  that with the web.config on my developement box. This is the only thing i missed out on.
  I'm kind of stuck with this since last one week and any help is appreciated.
  Thanks, DC SharePointer

  thanks Henrik.
  Farm Servers already have WCF Hotfix (976462) and I also checked the STS authentication settings in IIS. Only windows and Anonymous access is enabled. I did make the change(Authentication mode of spStsActAsBinding to IssuedToken, it was SspiNegotiatedOverTransport) that
  is suggested in the link you provided. But no luck. My STS web.config has below membership and role providers
   <system.web>
      <membership>
        <providers>
          <add connectionStringName="DevSQLConn"
   applicationName="/"
   name="DevAspNetSqlMembershipProvider"
   requiresQuestionAndAnswer="false"
   type="System.Web.Security.SqlMembershipProvider,System.Web,Version=2.0.3600.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" />
        </providers>
      </membership>
      <roleManager enabled="true">
        <providers>
          <add connectionStringName="DevSQLConn"
   applicationName="/"
   name="DevAspNetSqlRoleManager"
   type="System.Web.Security.SqlRoleProvider,System.Web,Version=2.0.3600.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" />
        </providers>
      </roleManager>
    </system.web>
  Does this have to do anything with my issue. I think at some point they might have configured to use form based authentication.
  Thanks, DC SharePointer

• Wsit: Modify the URL of the security token service at runtime

  I've managed to modify the url of my webservice endpoint at runtime used by a client application with the BindingProvider.ENDPOINT_ADDRESS_PROPERTY. Is it also possible to modify the url of the security token service?

  Check this article
  http://blogs.technet.com/b/sykhad-msft/archive/2012/02/25/sharepoint-2010-nailing-the-error-quot-the-security-token-service-is-unavailable-quot.aspx
  and similar thread
  https://social.technet.microsoft.com/Forums/office/en-US/78cd4366-b11b-4300-93a4-4135d55f561f/error-8306-an-exception-occurred-when-trying-to-issue-security-token-please-help?forum=sharepointgeneralprevious
  though it is SharePoint 2010 but will work similar in sps 2013 also

• DNS The Zone cannot be deleted - the active directory service is not available

  Hello TechNet Members,
  As you can see from the Summery, I got this message when I'm trying to delete DNS Zone.
  It's not matter if the DNS Zone newly created or its an Old One.
  After this message the computer is telling you "The Computer is about to make Restart".
  It's so strange and i really don't know what to check first.
  More Information:
  5 Servers that Replicate together.
  The Operation System is Windows Server 2012R2 for all the entire DC's
  1 Domain In the Forest.
  Thanks,

  Hi Jesper,
   DCdiag /fix and no errors in there everything marked as PASSED.
   I did Demotion for one of the DC to troubleshoot, but with no luck i'm back to the same point i started
   I tried to delete the brand new Zone from the commandline using DNScmd it's still not working and the  computer is reboot himslef.
  I've checked the permissions from the ADSIEdit.msc:
  Inherit from MicrosoftDNS section to the ROOT
  DNSAdmins > Full Control
  Domain Admins > Full Control
  From "DNS Server" section at the EventViewer
  The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS
  data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet
  Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.
  "The DNS server was unable to complete directory service enumeration of zone TestZone1.  This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it.  Check that the Active
  Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error. "
  The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
  Thanks,

• MEDIA SERVICES ARE NOT AVAILABLE - CURVE 9300 3G / WINDOWS 7 ULT

  I have installed the Blackberry desktop software and my new Curve 9300 connects and preforms the feature of syncing with my Outlook 2010 and does the backup and does the software upgrades for my phone.  The one thing i cannot seem go get to happen is the media sync.  The card is installed and under the option the card is enabled and sees the 2GIG therefore i assume the mass storage mode is turned on since both check boxes are enabled at the top of STORAGE in OPTIONS.
  What can I do about this?  I have just about spent my entire day reading thru the net trying to get differnt takes on the problem but at this point before i have installed and uninstalled to the point of creating havoc on my laptop i would just like to know a direction to take.  Also if this matter or not when the phone is plug in thru the USB cable and in "My Computer" I do not see the 2Gig Card listed as a drive or anything like that. 
  Current version of OS software on the phone is 6.0.0.461
  Current Blackberry Software is  Dec 6.2010 Bundle 21

  Thats good advice.
  Blackberry Best Advice - Back-up weekly
  If I have helped you please check the "Kudos" star on the right >>>>

• Could Not Connect to Security Token Service Application

  Receiving the following:
  Get-SPSite : Could not connect to http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc. TCP error code 10061: No connection could be made
  I have validated the site and app pool exist and are running... however, browsing to the url returns a 404 page. This is happening on 2/4 servers in my farm. 
  I have removed SharePoint and Web Server/Application Server Role from each server and re-installed SP to no avail... next step is re-image but thought I would check the blog-o-sphere first...
  - Rick

  any anti virus on the servers?
  is there any details about the error after connection could be made?
  also have a look: http://blogs.technet.com/b/sykhad-msft/archive/2012/02/25/sharepoint-2010-nailing-the-error-quot-the-security-token-service-is-unavailable-quot.aspx
  Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog

• XML-RPC Service is not available

  I'm experiencing a problem where CF 8.01 will not start. the log shows the message "The XML-RPC service is not available. This exception is usually caused by service startup failure. Check your server configuration."
  I traced this to a corrupted /lib/neo-xmlrpc.xml file; the structures being generated when I consume a local web service are malformed. If I reinitialize this file to its form as created when CF is installed, CF will start.
  Below is an example of the corrupted structure:
  <wddxPacket version='1.0'><header/><data><array length='3'><struct type='coldfusion.server.ConfigMap'><var name='http:// 123.123.123.2<char code='0d'/><char code='0d'/><char code='0a'/>        /common/verifyUser.cfc?wsdl'><string>http:// 123.123.123.2<char code='0d'/><char code='0d'/><char code='0a'/>        /common/verifyUser.cfc?wsdl</string></var></struct><struct type='coldfusion.server.ConfigMap'><var name='http:// 123.123.123.2<char code='0d'/><char code='0d'/><char code='0a'/>        /common/verifyUser.cfc?wsdl'><string></string></var></struct><struct type='coldfusion.server.ConfigMap'><var name='http:// 123.123.123.2<char code='0d'/><char code='0d'/><char code='0a'/>        /common/verifyUser.cfc?wsdl'><string></string></var></struct></array></data></wddxPacket>
  The corruption is occurring on my developer installation on a windows xp machine. If I execute the same code on my standard server edition running on Windows Server, the structure for the same verifyUser web service looks like this:
  <var name='http://123.123.123.1/common/verifyUser.cfc?wsdl'><string></string></var>
  On both machines I'm running CF version 8,0,1,195765 with updates chf8010003.jar and hf801-1875.jar.
  Has anyone else seen this or have any ideas on how to correct?

  You're right. Here's what was happening:
  My cfinvoke included webservice="http://#APPLICATION.server_ip_address#/common/verifyUser.cfc?wsdl".  I was using the same code to extract the IP address, but different operating systems. So when I populated APPLICATION.server_ip_address without trimming, I was getting extraneous trailing garbage on the XP server version.
  Thanks.

• Security Token Service Application Pool high CPU

  The SecurityTokenServiceApplicationPool seems to be using really high CPU at times and it seems to slow down the servercausing spike to almost 100% CPU, recycling takes care of it temporarily, it will also go down on its own but to a lesser extent.
  I cant seem to see any cause of this in the logs.
  The Security Token Service Application Pool isnt on a recycle schedule by default.
  Does anyone recommend putting it on a recycle schedule?
  What are some common causes of it
  thanks
  themush

  Hi,
  As I understand, the SecurityTokenServiceApplicationPool caused high CPU usage in your envrionment.
  Would recycling the application pool be help?
  To check if there is performance issue, please provide more information about your application server which host this service application.
  http://technet.microsoft.com/en-us/library/cc262485(v=office.15).aspx#hwforwebserver
  Here are some references for application pool high usage in SharePoint:
  http://weblogs.asp.net/erobillard/thoughts-on-sharepoint-application-pools-recycling-and-quot-jit-lag-quot
  http://blogs.technet.com/b/stefan_gossner/archive/2007/11/26/dealing-with-memory-pressure-problems-in-moss-wss.aspx
  Regards,
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected] .
  Rebecca Tu
  TechNet Community Support

• Web Service on JCS13.2: InvalidSecurityToken : The security token is not valid.

  Hi,
  I deployed a web service with the security policy @SecurityPolicy(uri = "oracle/wss_username_token_over_ssl_service_policy").  The WSDL file looks fine
  But when I test it with SOAPUI and JDeveloper HTTP Analyzer,  It always throws, InvalidSecurityToken : The security token is not valid.
  The Web Service code is as below,
  import javax.jws.WebMethod;
  import javax.jws.WebService;
  import weblogic.wsee.jws.jaxws.owsm.SecurityPolicies;
  import weblogic.wsee.jws.jaxws.owsm.SecurityPolicy;
  @WebService
  @SecurityPolicy(uri = "oracle/wss_username_token_over_ssl_service_policy")
  public class HelloWorld {
      public HelloWorld() {
          super();
      @WebMethod
      public String sayHi( String name ){
          return "Hello, " + name ;
  What's the valid username and password for the web service deployed on JCS?  Any suggestion and help is highly appreciated.

  The SOAP request payload from SOAP UI is:
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ws="http://ws/">
     <soapenv:Header>
        <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
           <wsse:UsernameToken wsu:Id="UsernameToken-3">
              <wsse:Username>[email protected]</wsse:Username>
              <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">XXXX</wsse:Password>
           </wsse:UsernameToken>
        </wsse:Security>
     </soapenv:Header>
     <soapenv:Body>
        <ws:sayHi>
           <arg0>Paula</arg0>
        </ws:sayHi>
     </soapenv:Body>
  </soapenv:Envelope>
  but the response is,
  <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
     <S:Body>
        <ns2:Fault xmlns:ns2="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns3="http://www.w3.org/2003/05/soap-envelope">
           <faultcode xmlns:ns0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ns0:InvalidSecurityToken</faultcode>
           <faultstring>InvalidSecurityToken : The security token is not valid.</faultstring>
        </ns2:Fault>
     </S:Body>
  </S:Envelope>

• The Secure Store Service application Secure Store Service Proxy is not accessible

  I am working on setting up a new SharePoint 2013 Farm for our external web site which is currently running on 2010 SharePoint. Because this is an External Website for our organization we have an internally available Publishing Site and there is an Web App
  Extension to provide Anon Access to users using the www address. Currently I am doing everything on a single server for testing with HOSTS entries to loop back so I can test with real host headers and not impact the 2010 prod environment. We will be setting
  up 2 more WFEs with a NLB before moving this into prod but it isn't there yet. We brought the Site Collection Databases over but are still running in 2010 mode for now.
  I migrated a copy of the Secure Store Database over from 2010 and had it put on the 2013 Farm's Database Server. Set up Secure Store and the Secure Store Proxy. I went into the Secure Store Proxy in CA and refreshed the Key with the proper Pass Phrase. After
  doing that I could see the Target Application IDs listed. Everything was looking good so I went off to test. If I am on the publishing site I can go to a page that has the solution on it and it operates as expected. It does a query to a non SharePoint database
  and returns information filtered based on the search parameters. The only odd thing I see is if I click on the "Site Actions" I get a message "An error has occurred with the data fetch. Please refresh page and retry." Need to look into
  that more but it only happens on pages that have these solutions. Maybe a clue. If I go to the Anonymous Access page (www......) and try and use the solution, it immediately (way too quick to appear like it is doing anything) comes back with "The security
  token request cannot be completed."
  If I dig through the usage logs I am finding the following.
  The Secure Store Service application Secure Store Service Proxy is not accessible. The full exception text is: The security token request cannot be completed.
  Unexpected exception from endpoint address : https://[Servername]:32844/4e87fd3aabb640fb8cc3ed52188cf5c0/SecureStoreService.svc/https
  Logging unknown/unexpected client side exception: InvalidOperationException. This will cause this application server to be removed from the load balancer queue. Exception: System.InvalidOperationException: The security token request cannot be completed.
      at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForServiceContext(Uri contextUri)     at Microsoft.SharePoint.SPChannelFactoryOperations.InternalCreateChannelActingAsLoggedOnUser[TChannel](ChannelFactory`1 factory, EndpointAddress
  address, Uri via)     at Microsoft.Office.SecureStoreService.Server.SecureStoreServiceApplicationProxy.GetChannel(Uri address)     at Microsoft.Office.SecureStoreService.Server.SecureStoreServiceApplicationProxy.Execute[T](String operationName,
  Boolean validateCanary, ExecuteDelegate`1 operation).
  Initially I was fighting a firewall issue because it wasn't working (different errors) on both sides. Had Network Engineers open firewall ports needed and now it works on the publishing side. Still the same error on the Anon side. I suspect I have missed
  something when it comes to configuring the Secure Store to allow access to anonymous connections.
  Let me know if you need any more information but that should paint a pretty good picture as to how things are set up.
  Thanks for any help on this one. Searches haven't found much that has helped so far.

  Hi Sennister,
  I recommend to verify the things below:
  Did this issue occur with all the pages in the anonymous side?
  Check if the Claims to Windows Token Service is started.
  Change the <identity impersonate="true" /> in the web.config to see if the issue still occurs.
  Thanks,
  Victoria
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Victoria Xia
  TechNet Community Support

• Errors with SharePoint Security Token Service: "The revocation function was unable to check revocation for the certificate"

  I'm getting these errors in the eventlog and ULS, "An operation failed because the following certificate has validation errors:\n\nSubject Name: CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft, C=US\nIssuer Name: CN=SharePoint Root
  Authority, OU=SharePoint, O=Microsoft, C=US\nThumbprint: <STS CERTIFICATE THUMBPRINT>\n\nErrors:\n\n RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate."
  The errors point to the SharePoint Security Token Service as the issue ("The revocation function was unable to check revocation for the certificate") reported back by the Topology service.  This is apparent when executing a search, accessing
  the managed metadata service, issuing SPSite commands in Powershell, or anything that needs to run through the "SharePoint Web Services" site.  I've looked at the certificate assigned to that site and everything appears to be in order. 
  It would seem to me to be either an incorrect endpoint configuration (internally cached perhaps?) or related to security access for the configuration database (in order to validate the certificate root).
  What I’ve tried so far:
  I’ve been all over the certificate settings, both in the server store, and within SharePoint Token Service config.  Both appear to be configured correctly such that the root CAs can be validated.
  Re-entered the passwords for the application pool domain accounts to eliminate these as a potential cause.  I’ve also verified the service accounts reporting the error, do have access to the configuration database.
  Re-provisioned the STS service to see if that might clear out any cached issues and validated everything else according to this
  MS Tech note.
  So far nothing has worked.  Is there anything else I could be looking at that I've missed? (Full eventlog detail below)
  Log Name:      Application
  Source:        Microsoft-SharePoint Products-SharePoint Foundation
  Date:          2/20/2015 11:19:41 AM
  Event ID:      8311
  Task Category: Topology
  Level:         Error
  Keywords:      
  User:          <SP SERVICE ACCOUNT>
  Computer:      <SHAREPOINTSERVER>
  Description:
  An operation failed because the following certificate has validation errors:\n\nSubject Name: CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft, C=US\nIssuer Name: CN=SharePoint Root Authority, OU=SharePoint, O=Microsoft, C=US\nThumbprint: <STS
  CERT THUMBPRINT>\n\nErrors:\n\n RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-SharePoint Products-SharePoint Foundation" Guid="{6FB7E0CD-52E7-47DD-997A-241563931FC2}" />
      <EventID>8311</EventID>
      <Version>14</Version>
      <Level>2</Level>
      <Task>13</Task>
      <Opcode>0</Opcode>
      <Keywords>0x4000000000000000</Keywords>
      <TimeCreated SystemTime="2015-02-20T17:19:41.213852500Z" />
      <EventRecordID>1611121</EventRecordID>
      <Correlation />
      <Execution ProcessID="10212" ThreadID="10328" />
      <Channel>Application</Channel>
      <Computer><SHAREPOINTSERVER></Computer>
      <Security UserID="<SP SERVICE ACCOUNT>" />
    </System>
    <EventData>
      <Data Name="string0">CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft, C=US</Data>
      <Data Name="string1">CN=SharePoint Root Authority, OU=SharePoint, O=Microsoft, C=US</Data>
      <Data Name="string2"><STS CERT THUMBPRINT></Data>
      <Data Name="string3">RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate.
  </Data>
    </EventData>
  </Event>

  Hi Darren,
  This problem seems to occur when an administrator deletes the local trust relationship of the farm from the Security section of the Central Administration website
  In order to resolve this problem, the local trust relationship has to be created. This can be done by running the following PowerShell commands
  $rootCert = (Get-SPCertificateAuthority).RootCertificate
  New-SPTrustedRootAuthority -Name "localNew" -Certificate $rootCert
  After running the above commands, perform an IISReset on all servers in the farm.
  More information:
  http://support.microsoft.com/kb/2545744
  Best Regards,
  Wendy
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Wendy Li
  TechNet Community Support

• Export/Import Error: The security token could not be authenticated

  We currently are working in PLM 6.1.1 and users are experiencing Export/Import Issues, the error appears frequently with several users.
  Steps:
  1. A new token is generated from our QA environment
  2. The user logs into Dev and transfers the token
  3. In the export ADMIN area the user selects a section
  4. In the QA environment the user schedules the import
  5. The import is scheduled however the error is received after a few mins
  Error Message:
  The security token could not be authenticated or authorized ---> The directory service is unavailable.
  at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
  at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
  at Xeno.Prodika.XenoDoc.Handlers.DRL.DrlService.GetAttachment(tIdentifier Identifier)
  at Xeno.Prodika.XenoDoc.Handlers.DRL.DrlWebServiceLifecycleHandler.Load(IXDocument xdoc, String pkid)
  at Xeno.Prodika.XenoDoc.BaseLibraryManager.LoadDocumentPhaseII(IXLibraryConfiguration libConfig, IXDocument xdoc, String pkid)
  at Xeno.Prodika.XenoDoc.BaseLibraryManager.LoadDocument(String pkid)
  at Xeno.Prodika.ExportImport.DataExchange.ImportRequestProcessor.ProcessRequest(IApplicationManager applicationManager, IImportRequestQueue request)
  This error can be difficult to reproduce but occurs periodically.

  This is likely a DRL issue. verify DRL is configured correctly and a valid PLM4P user is setup in the setup assistant. in addition, make sure you added the new app in IIS for DRLService (this is a doc bug we are correcting that we failed to include in the 611 guide). verify you can attach and then open an attachment on a material spec.

• Claims Based Authentication SPSecurityTokenService.Issue() failed: The security token username and password could not be validated.

  Please excuse the lousy table...Its late :-)
  I have a multi-server SP2010 farm.  Patched up to
  Configuration database version: 14.0.6106.5002
  My goal is to have a claims based web application that authenticated to ADAM for Extranet.  I have configured the servers exactly to MSDN and technet specs (following this spec to the
  letter (
  http://technet.microsoft.com/en-us/library/ee806882.aspx) to allow the forms side of the web app to authenticate to ADAM.
  IT WORKS IN DEV!!! , which is a single server farm.  However, it does not work in production.  I get the following:
  Claims Auth log entries:
  1:06:25 AM
  w3wp.exe (0x0EDC)                      
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  f2ut
  Verbose
  Authenticated with login provider. Validating request security token.
  1:06:25 AM
  w3wp.exe (0x0EDC)                      
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  0
  Verbose
  Using membership provider 'ADAMProvider'.
  1:06:25 AM
  w3wp.exe (0x0EDC)                      
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  0
  Verbose
  Doing password check on '[email protected]'.
  1:06:46 AM
  w3wp.exe (0x0EDC)                      
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  0
  Verbose
  Failed password check on '[email protected]'.
  1:06:46 AM
  w3wp.exe (0x0EDC)               
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  0
  Unexpected
  Password check on '[email protected]' generated exception: 'System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security
  token username and password could not be validated. (Fault Detail is equal to Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The security token username and password could not be validated.).'.
  1:06:46 AM
  w3wp.exe (0x0EDC)                      
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  fo1t
  Monitorable
  SPSecurityTokenService.Issue() failed: System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password
  could not be validated. (Fault Detail is equal to Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The security token username and password could not be validated.).
  1:06:46 AM
  w3wp.exe (0x1B34)                      
  0x08A0
  SharePoint Foundation        
  Claims Authentication        
  fsq7
  High   
  Request for security token failed with exception: System.ServiceModel.FaultException: The security token username and password could not be validated.    
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response)    
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)  
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst)    
  at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo)
  1:06:46 AM
  w3wp.exe (0x1B34)                      
  0x08A0
  SharePoint Foundation        
  Claims Authentication        
  8306
  Critical
  An exception occurred when trying to issue security token: The security token username and password could not be validated..
  1:06:46 AM
  w3wp.exe (0x1B34)                      
  0x08A0
  SharePoint Foundation        
  Claims Authentication        
  f2un
  Verbose
  Form authentication failed.
  I have tried EVERYTHING (well, nt everything, I don’t have the fix I suppose). 
   I found plenty out there and nothing directly correlates with this issue. 
  I searched on all parts of the errors I got.
  This contains an interesting blurb about setting up access for the apppool id correctly. 
  That’s not the case for me.  It works in dev and the same id are used there. 
  http://sharepoint-2010-world.blogspot.com/2011/03/adam-forms-based-authentication-in.html
  This was good but it doesn’t give specs on what the environment looks like:
  http://social.msdn.microsoft.com/Forums/en/sharepoint2010general/thread/557143a6-4b36-4939-bb7f-d62a9335fd18
  The was interesting…but I am patched up beyond the June 2011 CU so it’s a moot point:
  http://social.technet.microsoft.com/Forums/en-US/sharepoint2010setup/thread/9b8368ef-c5e5-4ead-b348-7b2b5587cfc8
  Any and all help would be greatly appreciated!

  Hi.
  You say its a multiserver farm, do you have more than one web server then?
  If thats the case, have you tried accessing the site on each server directly?
  Found this for you, maybe that can help?
  Troubleshooting Exceptions: System.ServiceModel.FaultException`1
  http://msdn.microsoft.com/en-us/library/bb907220.aspx
  and this:
  SharePoint 2010 Claims Authentication - The security token username and password could not be validated reoccurring every morning
  http://social.technet.microsoft.com/Forums/pl-PL/sharepoint2010setup/thread/383f1f9b-5c4a-4e19-b770-2a54b7ab1ca1
  and
  This seems to be a good guide:
  http://donalconlon.wordpress.com/2010/02/23/configuring-forms-base-authentication-for-sharepoint-2010-using-iis7/
  Good luck
  Thomas Balkeståhl - Technical Specialist - SharePoint - http://blksthl.wordpress.com