Comments (63)

  1. Anonymous says:

    Thank you so much !

  2. Anonymous says:

    This worked very well for me.  I had been chasing this issue for months related to MMS and UPS, although it did not surface in exactly the same way.  All I could see in the ULS log was "access denied".  I then tried to apply the WCF hot fix KB76462, but it would not install on Windows Server 2008 R2 and I gave up and went down a few more rabbit holes.  Finally, after creating a fresh environment, I was still unable to access the MMS and UPS.  Checking the ULS log again, I saw the STS error and found this article.  Uninstalling KB2756920 fixed it immediately.  Many thanks.

  3. Anonymous says:

    I tried the solution presented in this original post with no luck. Is the offer to help fix a search failure still active?

    I’m running SBS 2008 which had SP Foundation on it. I installed a full copy of SP 2010 Standard probably four years ago and am just now wanting to actually use it. I have no need for features of later SP versions.

    I’m very much an amateur admin when it comes to SP…VERY amateur.

    Here is what I believe are two representative entries from the log file.

    10/02/2014 10:14:20.52 w3wp.exe (0x07F0) 0x1E14 SharePoint Server Search Query g1j9 Exception Internal server error exception: System.NullReferenceException: Object reference not set to an instance of an object.

    at Microsoft.Office.Server.Search.WebControls.CoreResultsWebPart.SetPropertiesOnQueryReader()

    at Microsoft.Office.Server.Search.WebControls.CoreResultsWebPart.OnInit(EventArgs e) System.NullReferenceException: Object reference not set to an instance of an object.

    at Microsoft.Office.Server.Search.WebControls.CoreResultsWebPart.SetPropertiesOnQueryReader()

    at Microsoft.Office.Server.Search.WebControls.CoreResultsWebPart.OnInit(EventArgs e) e55e182d-1b6a-44d5-93f0-fca4492b7046

    10/02/2014 10:14:20.52 w3wp.exe (0x07F0) 0x1E14 SharePoint Server Search Query fm9a Unexpected CoreResultsWebPart::OnInit: Exception initializing: System.NullReferenceException: Object reference not set to an instance of an object.

    at Microsoft.Office.Server.Search.WebControls.CoreResultsWebPart.SetPropertiesOnQueryReader()

    at Microsoft.Office.Server.Search.WebControls.CoreResultsWebPart.OnInit(EventArgs e) e55e182d-1b6a-44d5-93f0-fca4492b7046

    Any further guidance would be greatly appreciated.

    Ken

  4. Anonymous says:

    Syed,

    Are you still checking this blog entry? I've encountered an issue with the script provided above and wouldn't mind some assistance.

    Many thanks

  5. Anonymous says:

    In addition to the above in SharePoint 2013 to the end of this process, sites generate an access denied message [although we are the site managers], ie the claims-based authentication is lost for sites, for this is necessary to perform the next action for each web application:

    1. Opened For SharePoint PowerShell with administrator privileges
    2.
    $WebAppName = “YouWebApplication”
    $wa = get-SPWebApplication $WebAppName
    $wa.UseClaimsAuthentication = $true
    $wa.Update()
    $wa.MigrateUsers($true)
    $wa.ProvisionGlobally()

    This procedure may take a while, be patient, remember to run this procedure for the other web application

  6. Anonymous says:

    Thanks Syed… This worked for me, saved my Day!!!

  7. Anonymous says:

    Didnt help me. I accidently extended a web app over the Sharepoint Web Services web app. Now everything has gone kaboom! The error that is being thrown is An exception occurred when trying to issue security token: The server did not provide a meaningful reply; this might be caused by a contract mismatch, a premature session shutdown or an internal server error. I followed all your steps but no joy! :(

  8. Anonymous says:

    Thanks a Ton..!

    This article helped me to resolve Search and UPA both.  

  9. David Hamilton says:

    No joy.

    Made no difference. STS is unavailable.

    I just scaled the farm from two tier (1 SP2010 and 1 SQL Server) to 3 tier (2 WFE and 2 app servers).

  10. Matthew says:

    If the Powershell commands in step two come back with "The Term (whatever) is not recognized as the name of a…bla bla bla." then type “Get-PSSnapin -Registered” (in powershell) first…and it should work…at least it did for me.

  11. Matthew says:

    It is also of note that this solution worked for me and I have access to all my share point sites again. I owe you a beer Syed. Many thanks.

  12. Razmus says:

    Update for folks who see something like this today… could be related to KB275629 — http://www.tylercranston.com/…/kb2756920-causes-problems-with.html

  13. Anna says:

    Thanks Razmus, that is the error we get after the windows patching!!

  14. Ernesto says:

    This did not work for me in my windows 7 dev environment, but I found the issue uninstalling a windows update like this… social.technet.microsoft.com/…/b5f18b40-348d-4a27-908f-1822dba67c73

  15. Karthik Ramadurai says:

    Thanks. The given solution is worked for me,

  16. Jean Uytebroeck says:

    The reprovisioning of the Security Token Service did not solve my problem. Great article though.

  17. rex says:

    i had the same probleme in SP2013 => resolved , you saved my life Thank you

  18. TM says:

    Great article, thank you! I've tried  all the above with no luck. Also tried installing the hotfix and it says its not applicable to my computer. Anyone have any other ideas as to why I still get "Security Token Service is unavailable" and can't start the Security Token Service? Thank you!

  19. Yuvaraj says:

    I think you are running on RTM version of the SP 2010. I have seen this issue getting fixed if you upgrade to SP1…

  20. Eric J says:

    I got a completely different problem with security token service, but I tried the powershell trick, and guess what?  it worked!   Thank you very much.

    This should be on Microsoft website!

  21. Michael says:

    The presented solutions did not work for me. The services still give a "HTTP Error 503. The service is unavailable." error.

  22. Andreas Warberg says:

    Security Token Service stopped working as described after a iisreset (one of many, nothing special about this particular one). I tried step 2 but it didn't fix it. Didn't try step 1 at it seems like a long shot (no offense) I sure didn't change the STS web.config, so it was sharepoint itself that corrupted it?

  23. MS says:

    Manual AAM and IIS binding whereby having multiple hostnames using same protocol can interfer with STS. IE – You have a webapp that has two different hostname whereby you created AAM and IIS binding manually without extending the webapp via SP.

  24. Harsha says:

    Thank you very much !!!

  25. Jeandaf says:

    I am having this issue, and this fix has not helped. Any suggestions?

  26. Casey says:

    I’m one of the .01% I guess :(

  27. Siva says:

    I faced this issue on SP 2013 after I did an in-place upgrade from WS2012 to WS2012R2. Re-provisioning did the trick. Thanks!

  28. Erik says:

    Man, you made me look smart!

  29. TS Evans says:

    Thank you SO much for the script at the end. It fixed my problems with Managed Metadata, UPS, and Token Security Services. You just saved my weekend!

  30. Andres Felipe Franco says:

    In addition to the above in SharePoint 2013 to the end of this process, sites generate an access denied message [although we are the site managers], ie the claims-based authentication is lost for sites, for this is necessary to perform the next action for each web application:

    1. Opened For SharePoint PowerShell with administrator privileges
    2.
    $WebAppName = “YouWebApplication”
    $wa = get-SPWebApplication $WebAppName
    $wa.UseClaimsAuthentication = $true
    $wa.Update()
    $wa.MigrateUsers($true)
    $wa.ProvisionGlobally()

    This takes a while, do not worry is normal, remember that you must perform this procedure for each of your web application.

  31. Ferrell says:

    I am running a SBS2011 Standard server, when I get to the "$h.Provision()" command my server just locks up, how long does it usually take to run that command?

  32. Sajid Ali says:

    Really very nice Blog and very helpful :) :)

  33. Mark W says:

    Thank you very much for this fix. Worked perfectly!

  34. Paisagem says:

    one reason of this error can be that session answer came after that message or user token is expired. Why? Messing with the internal clock and changing date beacause you want to extend sharepoint trial period (most probably)

  35. James says:

    Thanks – that solved my problem

  36. Tarun Vats says:

    Nice and very helpful post

  37. Jan Egil Kristiansen says:

    Did not work for me.

    However – simply clicking ‘Start’ on a few Application Pools (in IIS Manager) did the trick.

    (I guess they were stopped in a botched Windows Update, and I was a little too surprised that they were still stopped after a re-boot.)

  38. Jackson says:

    Yes, this works, wow, thank you so much!!

  39. Suz says:

    I was told to do this by another SP admin. Neither works because I get stuck at provision an it just hangs but should only take a few minutes.

    $services = Get-SPServiceApplication
    $services = Get-SPServiceApplication | ?{$_ -match "Security"}
    $services.Status
    $services.Provision()

  40. Rohit says:

    Hi ,

    I am getting 500 error for all web app expect central admin and my security token service is working fine.

    Thanks.
    Rohidas

  41. Rohit says:

    Hi,

    While browsing the site I am getting 500 error and in ULS the error is System.Data.SqlClient.SqlException (0x80131904): A transport-level error has occurred when sending the request to the server. (provider: Shared Memory Provider, error: 0 – Either a required
    impersonation level was not provided, or the provided impersonation level is invalid.) —> System.ComponentModel.Win32Exception (0x80004005): Either a required impersonation level was not provided, or the provided impersonation level is invalid

    at System.Data.SqlClient.TdsParser.TdsExecuteRPC(_SqlRPC[] rpcArray, Int32 timeout, Boolean inSchema, SqlNotificationRequest notificationRequest, TdsParserStateObject stateObj, Boolean isCommandProc, Boolean sync, TaskCompletionSource`1 completion, Int32 startRpc,
    Int32 startParam)

    Please help.

    Thanks,
    Rohidas

  42. Uguntubyr Damin says:

    I made these changes and I started getting this error
    Server error in securitytoeknserviceapplicatoin
    Invalid URI: The URI is empty
    Stack Trace:
    [UriForamtexception: Invalid URI: The URI is empty]
    System.Uri.CreateThis(String uri, Boolean dontEscape, UriKind uriKind) +8923098
    Microsoft.SharePoint.Administration.SPAutoSerializingObject.DeserializeBasicObject(XmlElement xmlValue, Boolean isMerge, Boolean bResolveMissingTypes) +1816 etc…..

  43. kaherudin says:

    Mine is SP2013 on Windows 2012. Tried re-provision, doesn’t work, turns out the http binding for netsh is the one that causing the problem.
    Try issue this command start>run>cmd>netsh http show iplisten
    See if there’s any result. In my case, there’s an ip which is 10.xx.xx.xxx. So i add localhost (127.0.0.1) using command>netsh http add iplisten 127.0.0.1
    Now I can browse my STS! Thank GOD! Hope this helps

  44. Alshymaa says:

    thanksssss

  45. Santosh says:

    Thanks a ton to syed. This blog helped me to resolve the issue

  46. Pratik says:

    What is UPPS? How to start.? I m not getting it… Please guide…

  47. Keni says:

    In my case, the application pool was just down. I updated the password of the application pool account and that fixed it.
    Thanks for the pointer to the webservice though.

  48. Paul says:

    This fixed a similar condition on our SP 2013 farm. Thanks for posting.

  49. Raveesh says:

    Below are the output for command-
    ——————————————–
    Access Services 2010
    Secure Store Service
    PowerPoint Conversion Service Application
    State Service
    PerformancePoint Service Application
    Visio Graphics Service
    Managed Metadata Service
    Workflow Service Application
    App Management Service
    Excel Services Application
    SecurityTokenServiceApplication
    Machine Translation Service
    Topology
    WSS_UsageApplication
    b694fcba-179b-4645-b531-ab5ff197b338
    Word Automation Services
    MySite
    Business Data Connectivity Service
    Work Management Service Application
    Access Services
    Search Service Application
    ———————————————-
    After running above command its still showing "User Profile Sync is not currently provisioned" and following services not started- I checked STS and i am able to browse that and in my case MySite is User Profile
    1. User Profile Synchronization Service is in stopped mode
    2. Forefront Identity Manager Service is in disable mode
    3. Forefront Identity Manager Synchronization Service is in disable mode

  50. Thanks! after running to ps command I was able to start the STS and resolve the issue

  51. espe says:

    after running the commands, powershell hangs and does not produce a list of services. Where is the enclosed web.config file you mention in step 1?

  52. Ceez says:

    It worked! You’re the greatest! Thanks for posting this repair instructions!

  53. vinod says:

    Thank you Syed. Very informative and it fixed our issue also

  54. I am facing the same issue and i have included the IncludeExceptionDetailInFaults after that i am getting the error Security policy export failed. The binding contains a TransportSecurityBindingElement but no transport binding element that implements ITransportTokenAssertionProvider.I
    am having Windows Server 2008 R2 SP1 and all the resolutions provided are to uninstall certain KB’ s which is not applicable for me.

    Please help.

  55. gautam says:

    faadu..

  56. David says:

    No luck. After an outage, the STS is broken on both app servers in 2 different farms (same AD).

  57. Sandeep says:

    Thanks man. This solution saved my life.

  58. Carrie says:

    Having had a very similar problem, along with many other associated problems, which put my work at an altogether unacceptable, extended standstill, I decided to post the resolution I found to as many forums relating to this issue that I could.
    The resolution that I found was one of two things that I did at the same time. (duh – not a smart tactic, but I was getting desperate…) I am not willing to spend the time to isolate the effects of each of these motions, so it could be one, or the other, or
    both.
    1. I noticed that SharePoint was moving the Farm Account Security Managed Account (The user account that Farm Account uses for credentials) from the Administrators group, to the WSS_ADMIN_WPG group. In my case Central Admin was being run on the same machine
    as the SharePoint Server. I run a single server developer environment. So the Farm Account needed “Log on Locally” privileges. WSS_ADMIN_WPG group did not appear to have the needed privilege, where the Administrators group did. Strangely enough though, the
    Administrators group is a member of the WSS_ADMIN_WPG group. So I moved the above mentioned user account back into the Administrators group.

    Let me know if I’m not seeing something here….
    2. Upon examining the SecurityTokenServiceApplicationPool (the name I gave for the Security Token Service’s Application Pool), I notice that the Enable 32-bit Applications setting under the Advanced Settings had been set to True. This to me was strange as I
    remembered installing the 64 bit versions of everything, because the Server machine on which I was working was indeed 64 bit. So I set it to False.
    After those two simple motions I did all the familiar and necessary things to be done to make sure that the system and SharePoint was running with all the latest settings and tried what I had been doing once again, and to my amazement and shock (after having
    tried everything on the internet several times each) it worked! I am now happily moving forward in my work! At least until the next roadblock comes along.
    Weird, dumb and stupid, what were the chances? Maybe it will be worth a quick look for you.

  59. Abhi says:

    It is stuck at $h.provision(), no messages. any idea?

  60. Shweta says:

    Hi All,

    I have a question : We had our server reboot and DB Deployment(DB Server) and after that the sharepoint application login wasn’t working. We checked logs and we were getting error around SecurityToken so we recycled the service and it started working again.
    (Though in app pool the service was already at started state

    I want to know whether server reboot /DB Deployment can be the issue. If yes, what issue it got which got fixed after the service restart.

  61. Manmeet kaur says:

    Thank you so much..you save our life!!!!

  62. Surendra says:

    hi Syed,
    I was facing the same issue on SP 2010, but the options which you suggested didn’t work for me.

    After executing all the commands as listed by you, when i try to browse still it says "This page can’t be displayed •Make sure the web address http://localhost:32843 is correct."

    Also checked the log after runnning STS service. It gives 2 exception
    1. An exception occurred when trying to issue security token: Could not connect to http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc/actas. TCP error code 10060: A connection attempt failed because the connected party did not properly
    respond after a period of time, or established connection failed because connected host has failed to respond 10.246.64.169:32843. .
    2.Failure trying to synch web application ce65f8bf-63eb-4df5-83c5-a673f0a3b6c3, ContentDB f7f4c94b-7292-490a-ac97-2564fcbe58a3 Exception message was Microsoft.Office.Server.UserProfiles.UserProfileApplicationNotAvailableException: No User Profile Application
    available to service the request. Contact your farm administrator.
    at Microsoft.Office.Server.Administration.UserProfileApplicationProxy.get_ApplicationProperties()

    at Microsoft.Office.Server.Administration.UserProfileApplicationProxy.get_PerfmonInstanceHandle()

    at Microsoft.Office.Server.UserProfiles.ContentDBSynchronizer..ctor(ELogType logType, SPContentDatabase cdb, SPJobState jobState)

    at Microsoft.Office.Server.UserProfiles.WSSProfileSyncJob.Execute()

    PS. I am new to sharepoint

    Thanks in advance

  63. Surendra says:

    hi Syed,
    I was facing the same issue on SP 2010, but the options which you suggested didn’t work for me.

    After executing all the commands as listed by you, when i try to browse still it says "This page can’t be displayed •Make sure the web address http://localhost:32843 is correct."

    Also checked the log after runnning STS service. It gives 2 exception
    1. An exception occurred when trying to issue security token: Could not connect to http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc/actas. TCP error code 10060: A connection attempt failed because the connected party did not properly
    respond after a period of time, or established connection failed because connected host has failed to respond 10.246.64.169:32843. .
    2.Failure trying to synch web application ce65f8bf-63eb-4df5-83c5-a673f0a3b6c3, ContentDB f7f4c94b-7292-490a-ac97-2564fcbe58a3 Exception message was Microsoft.Office.Server.UserProfiles.UserProfileApplicationNotAvailableException: No User Profile Application
    available to service the request. Contact your farm administrator.
    at Microsoft.Office.Server.Administration.UserProfileApplicationProxy.get_ApplicationProperties()

    at Microsoft.Office.Server.Administration.UserProfileApplicationProxy.get_PerfmonInstanceHandle()

    at Microsoft.Office.Server.UserProfiles.ContentDBSynchronizer..ctor(ELogType logType, SPContentDatabase cdb, SPJobState jobState)

    at Microsoft.Office.Server.UserProfiles.WSSProfileSyncJob.Execute()

    PS. I am new to sharepoint

    Thanks in advance