The Security Token Service is unavailable
An exception occurred when trying to issue security token: The server did not provide a meaningful reply; this might be caused by a contract mismatch, a premature session shutdown or an internal server error
Request for security token failed with exception: System.ServiceModel.ServiceActivationException: The requested service
An exception occurred when trying to issue security token: The requested service
All above errors are related to STS service.
Root Cause:
-SecurityTokenServiceApplication might be stopped.
Solution:
Go to IIS -->Sites--> SharePoint WebServices --> SecurityTokenServiceApplication
Click on 'Content View' down at the bottom
Right click on Securitytoken.svc
Click Browse
If you don't see any error then, you are good.
If you see any error like... Internet Explorer cannot display the web page, then you need to start STS service.
Right click on the SecurityTokenServiceApplication and click Explore, copy the web.config and compare the file with the below code.
If your file is matches with above one, then just reset IIS.
If you find a lot of changes in the web.config file on your Farm with above one, replace the file on SecurityTokenServiceApplication(please also have the copy of the original web.config), perform an IIS reset and check if the STS page comes as expected.
If your problem is not solved, try below...
Open SharePoint Powershell
Run the following commands one by one on SharePoint PowerShell:
$h = Get-SPServiceHostconfig
$h.Provision()
$services = Get-SPServiceApplication
foreach ($service in $services) { $service.provision();
write-host $service.name}
Now perform an IIS Reset and give another shot to browse the STS, and I'm sure you will see positive results!
An exception occurred when trying to issue security token: The server did not provide a meaningful reply; this might be caused by a contract mismatch, a premature session shutdown or an internal server error
Request for security token failed with exception: System.ServiceModel.ServiceActivationException: The requested service
An exception occurred when trying to issue security token: The requested service
All above errors are related to STS service.
Root Cause:
-SecurityTokenServiceApplication might be stopped.
Solution:
Go to IIS -->Sites--> SharePoint WebServices --> SecurityTokenServiceApplication
Click on 'Content View' down at the bottom
Right click on Securitytoken.svc
Click Browse
If you don't see any error then, you are good.
If you see any error like... Internet Explorer cannot display the web page, then you need to start STS service.
Right click on the SecurityTokenServiceApplication and click Explore, copy the web.config and compare the file with the below code.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-8" ?> | |
| <configuration> | |
| <system.serviceModel> | |
| <!-- Behavior List: --> | |
| <behaviors> | |
| <serviceBehaviors> | |
| <behavior name="SecurityTokenServiceBehavior" > | |
| <!-- The serviceMetadata behavior allows one to enable metadata (endpoints, bindings, services) publishing. | |
| This configuration enables publishing of such data over HTTP GET. | |
| This does not include metadata about the STS itself such as Claim Types, Keys and other elements to establish a trust. | |
| --> | |
| <serviceMetadata httpGetEnabled="true" /> | |
| <!-- Default WCF throttling limits are too low --> | |
| <serviceThrottling maxConcurrentCalls="65536" maxConcurrentSessions="65536" maxConcurrentInstances="65536" /> | |
| </behavior> | |
| </serviceBehaviors> | |
| </behaviors> | |
| <!-- Service List: --> | |
| <services> | |
| <service name="Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract" | |
| behaviorConfiguration="SecurityTokenServiceBehavior" > | |
| <!-- This is the HTTP endpoint that supports clients requesing tokens. This endpoint uses the default | |
| standard ws2007HttpBinding which requires that clients authenticate using their Windows credentials. --> | |
| <endpoint | |
| address="" | |
| binding="customBinding" | |
| bindingConfiguration="spStsBinding" | |
| contract="Microsoft.IdentityModel.Protocols.WSTrust.IWSTrust13SyncContract" /> | |
| <!-- This is the HTTP endpoint that supports clients requesting service tokens. --> | |
| <endpoint | |
| name ="ActAs" | |
| address="actas" | |
| binding="customBinding" | |
| bindingConfiguration="spStsActAsBinding" | |
| contract="Microsoft.IdentityModel.Protocols.WSTrust.IWSTrust13SyncContract" /> | |
| <!-- This is the HTTP endpoint that supports IMetadataExchange. --> | |
| <endpoint address="mex" | |
| binding="mexHttpBinding" | |
| contract="IMetadataExchange" /> | |
| </service> | |
| <service name="Microsoft.SharePoint.Administration.Claims.SPWindowsTokenCacheService"> | |
| <endpoint address="" | |
| binding="customBinding" | |
| bindingConfiguration="SPWindowsTokenCacheServiceHttpsBinding" | |
| contract="Microsoft.SharePoint.Administration.Claims.ISPWindowsTokenCacheServiceContract" /> | |
| </service> | |
| </services> | |
| <!-- Binding List: --> | |
| <bindings> | |
| <customBinding> | |
| <binding | |
| name="spStsBinding"> | |
| <binaryMessageEncoding> | |
| <readerQuotas | |
| maxStringContentLength="1048576" | |
| maxArrayLength="2097152"/> | |
| </binaryMessageEncoding> | |
| <httpTransport | |
| maxReceivedMessageSize="2162688" | |
| authenticationScheme="Negotiate" | |
| useDefaultWebProxy="false" /> | |
| </binding> | |
| <binding | |
| name="spStsActAsBinding"> | |
| <security | |
| authenticationMode="SspiNegotiatedOverTransport" | |
| allowInsecureTransport="true" | |
| defaultAlgorithmSuite="Basic256Sha256" | |
| messageSecurityVersion="WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12" /> | |
| <binaryMessageEncoding> | |
| <readerQuotas | |
| maxStringContentLength="1048576" | |
| maxArrayLength="2097152"/> | |
| </binaryMessageEncoding> | |
| <httpTransport | |
| maxReceivedMessageSize="2162688" | |
| authenticationScheme="Negotiate" | |
| useDefaultWebProxy="false"/> | |
| </binding> | |
| <binding name="SPWindowsTokenCacheServiceHttpsBinding"> | |
| <security authenticationMode="IssuedTokenOverTransport" /> | |
| <textMessageEncoding> | |
| <readerQuotas maxStringContentLength="1048576" maxArrayLength="2097152"/> | |
| </textMessageEncoding> | |
| <httpsTransport maxReceivedMessageSize="2162688" authenticationScheme="Anonymous" useDefaultWebProxy="false" /> | |
| </binding> | |
| </customBinding> | |
| </bindings> | |
| </system.serviceModel> | |
| <system.webServer> | |
| <security> | |
| <authentication> | |
| <anonymousAuthentication enabled="true" /> | |
| <windowsAuthentication enabled="true"> | |
| <providers> | |
| <clear /> | |
| <add value="Negotiate" /> | |
| <add value="NTLM" /> | |
| </providers> | |
| </windowsAuthentication> | |
| </authentication> | |
| </security> | |
| <modules> | |
| <add name="WindowsAuthenticationModule" /> | |
| </modules> | |
| </system.webServer> | |
| <system.net> | |
| <connectionManagement> | |
| <add address="*" maxconnection="10000" /> | |
| </connectionManagement> | |
| </system.net> | |
| </configuration> |
If you find a lot of changes in the web.config file on your Farm with above one, replace the file on SecurityTokenServiceApplication(please also have the copy of the original web.config), perform an IIS reset and check if the STS page comes as expected.
If your problem is not solved, try below...
Open SharePoint Powershell
Run the following commands one by one on SharePoint PowerShell:
$h = Get-SPServiceHostconfig
$h.Provision()
$services = Get-SPServiceApplication
foreach ($service in $services) { $service.provision();
write-host $service.name}
Now perform an IIS Reset and give another shot to browse the STS, and I'm sure you will see positive results!
