Problem
You find the following entry in the SharePoint 2010 Central Administration Review problems and solutions All Reports listing:
Title | The Security Token Service is not available |
Severity | 2 – Warning |
Category | Availability |
Explanation | The Security Token Service is not issuing tokens. The service could be malfunctioning or in a bad state. |
Remedy | Administrator should try to restart the Security Token Service on the boxes where it is not issuing tokens. If problem persists, further troubleshooting may be available in the KB article. For more information about this rule, see “http://go.microsoft.com/fwlink/?LinkID=160531“. |
Failing Servers | [NameOfFailingServer] |
Failing Services | SPSecurityTokenService (SecurityTokenService) |
Rule Settings | View |
And looking in the Windows Server Application log, you see the following error event occuring once every 15 minutes:
Log Name: Application Source: Microsoft-SharePoint Products-SharePoint Foundation Date: [date/time] Event ID: 8306 Task Category: Claims Authentication Level: Error Keywords: User: [domain\FarmServiceAccount] Computer: [NameOfFailingServer] Description: An exception occurred when trying to issue security token: Could not connect to http://localhost:[port]/SecurityTokenServiceApplication/securitytoken.svc/actas. TCP error code 10061: No connection could be made because the target machine actively refused it 127.0.0.1:[port]. . Event Xml: 8306 14 2 47 0 0x4000000000000000 29898 Application [NameOfFailingServer] Could not connect to http://localhost:[port]/SecurityTokenServiceApplication/securitytoken.svc/actas. TCP error code 10061: No connection could be made because the target machine actively refused it 127.0.0.1:[port].
Solution
- Solution A: Restart the Security Token Service application pool:
- As Administrator, launch IIS Manager.
- In the Connections pane (at left), expand the tree to view Application Pools.
- Select Application Pools. This updates the results pane (center pane).
- Right-click on SecurityTokenServiceApplicationPool, and then click Stop.
- Right-click on SecurityTokenServiceApplicationPool, and then click Start.
- Go back to Central Administration, Review problems and solutions :All Reports view.
- Click on the issue, The Security Token Service is not available.
- Click Re-analyze Now.
- Click Close.
- Refresh after several minutes.
- Solution B: Re-provision the service
- Launch the SharePoint Management Shell as Administrator.
- Run the following script:
$sts = Get-SPServiceApplication | ?{$_ -match "Security"} $sts.Status $sts.Provision()
- Go back to Central Administration, Review problems and solutions :All Reports view.
- Click on the issue, The Security Token Service is not available.
- Click Re-analyze Now.
- Click Close.
- Refresh after several minutes.