SharePoint 2010: Security token exception
Recent Windows Security Update MS13-004 (KB2756920) is causing problem SharePoint 2010 and Exchange server. The symptom shows breaking WCF services such as SecurityTokenService error with one of following error messages:
- System.ServiceModel.Activation.Iis7Helper.ExtendedProtectionDotlessSpnNotEnabledThrowHelper (System.Object)
- System.InvalidOperationException: An exception was thrown in a call to a policy export extension.
- The requested service, ‘http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc' could not be activated. See the server’s diagnostic trace logs for more information. See http://support.microsoft.com/kb/2520344 to fix.
When it happened, you will not be able to open related services in SharePoint 2010.
- When the system is updated with KB2756920 without Windows Server 2008 SP1 (KB976932) , you will start to see Error Message #1 and #3.
- When the system is updated with Windows Server 2008 SP1 (KB976932) , you will start to see Error Message #2 and #3.
Note: KB2756920 is not necessary after SP1 update
The problem occurs when your server install KB2756920 without Windows Server 2008 SP1 (KB976932) and the changes in the authenticationMode of WCF service.
- Install Windows Server 2008 SP1 (KB976932), if not available in the system
- [Update 19-Jan-2013] Follow my post, Fixing – an exception was thrown in a call to a policy extension. Changing authenticationMode is not recommended since it won’t solve all other issues.
Modify spStsActAsBinding security authenticationMode=“IssuedToken”, so that the configuration will looks like: