SharePoint 2010: Receiving error: “Security token service is not available”

Applies to: Windows Server 2008 EnterpriseMicrosoft SharePoint Foundation 2010SharePoint Server 2010

Symptom


You see one or more of the following symptoms:
  • The following error appears in the SharePoint server’s event log every hour: 
    “An error occurred while receiving the HTTP response to http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc. This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details.”
  • Users are unable to log in to SharePoint sites protected by claims authentication.
  • Various SharePoint services such as user profiles, search etc. do not work as expected.

Cause


This problem indicates that the secure token service application is not functioning correctly. Following could be the possible causes of this problem:

  1. A required WCF hotfix has not been installed on the SharePoint server
  2. Authentication for the SecureTokenServiceApplication is not configured properly in IIS.
  3. The web.config file of the SecureTokenServiceApplication contains invalid data
  4. The SecureTokenServiceApplication is not provisioned properly.


Resolution


Depending on the cause of the problem, here are the possible resolutions:

  1. Missing WCF Hotfix: If the server is running Windows Server 2008 SP2, please ensure that the hotfix mentioned at http://support.microsoft.com/kb/971831 is installed. If the server is running Windows Server 2008 R2, the hotfix mentioned at http://support.microsoft.com/kb/976462 must be installed.
  2. Incorrect Authentication Settings: Please ensure that the authentication settings for the SecureTokenServiceApplication are correctly configured by completing the following steps:
    a) Open IIS Manager 
    b) Expand “Sites” 
    c) Expand “SharePoint Web Services” 
    d) Select “SecurityTokenServiceApplication” 
    e) From the “Features” pane, double click on “Authentication” under “IIS” 
    f) Right click “Forms Authentication” and select “Disable” 
    g) The authentication settings page should only have Windows and Anonymous access enable for the security token service to issue tokens properly (and for claims authentication to work properly) 
  3. Incorrect data in the configuration file: Please review the web.config file of the secure token service application and compare it to a web.config file from a "working" secure token service application.
  4. SecureTokenServiceApplication not provisioned: Use the following power shell commands to provision the secure token service application
    $sts = Get-SPServiceApplication | ?{$_ -match "Security"}
    $sts.Status
    $sts.Provision()​