How to re-create the local Trusted Root Authority


In Microsoft SharePoint Foundation/Server 2010 or Microsoft SharePoint Foundation/Server 2013, you see the following error getting logged in the Application Event Log:

Log Name:    Application
Source: Microsoft-SharePoint Products-SharePoint Foundation
Event ID: 8311
Task Category: Topology
Level: Error
Description: An operation failed because the following certificate has validation errors:
\n\nSubject Name: CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft, C=US\nIssuer
Name: CN=SharePoint Root Authority, OU=SharePoint, O=Microsoft, C=US\nThumbprint:
7884622F8B800E7AFAAFD3DDF98BE8AC96D4F952\n\nErrors:\n\n The root of the certificate chain
is not a trusted root authority.

Additionally, other areas such as search, claims authentication also do not function correctly.


This problem occurs when an administrator deletes the local trust relationship of the farm from the Security section of the Central Administration website

Note Specifically, the local trust is located in Central Administration > Security > Manage Trust


In order to resolve this problem, the local trust relationship has to be created. This can be done by running the following PowerShell commands

$rootCert = (Get-SPCertificateAuthority).RootCertificate
New-SPTrustedRootAuthority -Name "localNew" -Certificate $rootCert

After running the above commands, perform an IISReset on all servers in the farm.


Raksta ID: 2545744. Pēdējo reizi pārskatīts: 2014. gada 24. febr.. Pārskatījums: 1