SharePoint 2010: Security token exception

English

Recent Windows Security Update MS13-004 (KB2756920) is causing problem SharePoint 2010 and Exchange server.  The symptom shows breaking WCF services such as SecurityTokenService error with one of following error messages:

Error Messages:

  1. System.ServiceModel.Activation.Iis7Helper.ExtendedProtectionDotlessSpnNotEnabledThrowHelper (System.Object)
  2. System.InvalidOperationException: An exception was thrown in a call to a policy export extension.
    Extension: System.ServiceModel.Channels.TransportSecurityBindingElement…
  3. The requested service, ‘http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc' could not be activated. See the server’s diagnostic trace logs for more information. See http://support.microsoft.com/kb/2520344 to fix.

When it happened, you will not be able to open related services in SharePoint 2010.

Symptoms:

  1. When the system is updated with KB2756920 without Windows Server 2008 SP1 (KB976932) , you will start to see Error Message #1 and #3.
  2. When the system is updated with Windows Server 2008 SP1 (KB976932) , you will start to see Error Message #2 and #3.
    Note: KB2756920 is not necessary after SP1 update

Cause:

The problem occurs when your server install KB2756920 without Windows Server 2008 SP1 (KB976932) and the changes in the authenticationMode of WCF service.

Resolution:

  1. Install Windows Server 2008 SP1 (KB976932), if not available in the system
  2. [Update 19-Jan-2013] Follow my post, Fixing – an exception was thrown in a call to a policy extension. Changing authenticationMode is not recommended since it won’t solve all other issues.
    Modify spStsActAsBinding security authenticationMode=“IssuedToken”, so that the configuration will looks like:


  
  
      
   

   

Avatar
Riwut Libinuko
Sr. Cloud Solution Architect

My research interests include distributed robotics, mobile computing and programmable matter.

comments powered by Disqus

Related