SharePoint Experts, Information Architects, Expert Witness

SICG provides a broad array of business and technology consulting from architecture to design to deployment of global systems with a focus on surfacing data in the enterprise. We focus on the "How", not just the possible. Contact me direct: or call 704-873-8846 x704.

Search This Blog

Friday, May 2, 2014

SharePoint 2013 Claims to Windows Token Service not starting after reboot


The Claims to Windows Token Service should be running all all servers in the farm. If on a restart of a server, the service won’t start or is stuck on starting, the issue may be with the Cryptographic Services Service. This is a timing issue in which that service hasn’t started before the claims service has. The solution is to add a dependency to the service definition so that the CS service will start before claims:

1) Open a Command Prompt (or PowerShell) using Run as administrator
2) Type in the command:

sc config c2wts depend=CryptSvc

3) Hit Enter then close the command prompt
4) Open the Services console (Start > Run > services.msc or Start > Administrative Tools > Services)
5) Find the Claims to Windows Token Service in the list then right click on it and select Properties.
6) On the Properties pop-up, click the Dependencies tab and verify that the Cryptographic Services is listed and click OK to close

SharePoint 2013 - Event ID 6398

Event ID 6398

Error on Search Servers indicating:

The Execute method of job definition Microsoft.SharePoint.Diagnostics.S PDiagnosticsMetricsProvider threw an exception

This means that the permissions are inadequate on the location of the SharePoint Logs – verify that the WSS_WPG and WSS_ADMIN_WPG local groups have full permissions to the drive/folders in use. 

SP13: Security Token Service is not available

As may be reported by the Health Analyzer or as a message in the System Event Application Log:

The SharePoint Health Analyzer detected a condition requiring your attention.  The Security Token Service is not available.
The Security Token Service is not issuing tokens. The service could be malfunctioning or in a bad state.
Administrator should try to restart the Security Token Service on the boxes where it is not issuing tokens. If problem persists, further troubleshooting may be available in the KB article. For more information about this rule, see "".

This indicates that the SharePoint Web Services Root application pool is stopped. Open Internet Information Services (IIS) Manager, expand server then click on Application Pools – right click on the SharePoint Web Services Root and select Start:

Other possible causes:
The Security Token Service hasn’t been provisioned
1.       Login to a SharePoint server as the Farm Account
2.       Open the SharePoint 2013 Management shell using Run as administrator
3.       Enter in the following commands:
$sts = Get-SPServiceApplication | ?{$_ -match "Security"}

Incorrect Authentication Settings in IIS
1.       Open Internet Information Services (IIS) Manager
2.       Expand the Sites folder
3.       Expand the SharePoint Web Services folder
4.       Click on the SecurityTokenServiceApplication to select it
5.       In the Features pane in the IIS section, double click on Authentication
6.       Right click on Forms Authentication and select Disable (for SharePoint,only Windows and Anonymous access should be enabled for tokens and the claims service to work correctly)

Bad data in the Web.config File
Check the web.config file in the site for errors (use Windiff to compare to a working web.config) and/or remove any manual changes that may have been made.