SharePoint 2010: Security token exception

English

Recent Windows Security Update MS13-004 (KB2756920) is causing problem SharePoint 2010 and Exchange server.  The symptom shows breaking WCF services such as SecurityTokenService error with one of following error messages:

Error Messages:

  1. System.ServiceModel.Activation.Iis7Helper.ExtendedProtectionDotlessSpnNotEnabledThrowHelper (System.Object)
  2. System.InvalidOperationException: An exception was thrown in a call to a policy export extension.
    Extension: System.ServiceModel.Channels.TransportSecurityBindingElement…
  3. The requested service, ‘http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc’ could not be activated. See the server’s diagnostic trace logs for more information. See http://support.microsoft.com/kb/2520344 to fix.

When it happened, you will not be able to open related services in SharePoint 2010.

Symptoms:

  1. When the system is updated with KB2756920 without Windows Server 2008 SP1 (KB976932) , you will start to see Error Message #1 and #3.
  2. When the system is updated with Windows Server 2008 SP1 (KB976932) , you will start to see Error Message #2 and #3.
    Note: KB2756920 is not necessary after SP1 update

Cause:

The problem occurs when your server install KB2756920 without Windows Server 2008 SP1 (KB976932) and the changes in the authenticationMode of WCF service.

Resolution:

  1. Install Windows Server 2008 SP1 (KB976932), if not available in the system
  2. [Update 19-Jan-2013] Follow my post, Fixing – an exception was thrown in a call to a policy extension. Changing authenticationMode is not recommended since it won’t solve all other issues.
    Modify spStsActAsBinding security authenticationMode="IssuedToken", so that the configuration will looks like:

<binding name="spStsActAsBinding">
   <security
          authenticationMode="IssuedToken"
          allowInsecureTransport="true"
          defaultAlgorithmSuite="Basic256Sha256"
          messageSecurityVersion="WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12" />
   <binaryMessageEncoding>
       <readerQuotas maxStringContentLength="1048576" maxArrayLength="2097152"/>
    </binaryMessageEncoding>
    <httpTransport  maxReceivedMessageSize="2162688"  authenticationScheme="Negotiate" useDefaultWebProxy="false"/>
</binding>

2 thoughts on “SharePoint 2010: Security token exception

  1. Pingback: SharePoint 2010: Security token exception | Ideas For Free | ARB Security Solutions - SharePoint Security Integrators

  2. Sorry none of the given solution is working, I already have Win 2008 R2 SP1 Installer.. Do you have any other ideas
    -Regards,
    SAM

Leave a Reply