SharePoint Experts, Information Architects, Expert Witness

SICG provides a broad array of business and technology consulting from architecture to design to deployment of global systems with a focus on surfacing data in the enterprise. We focus on the "How", not just the possible. Contact me direct: or call 704-873-8846 x704.

Search This Blog

Friday, May 2, 2014

SP13: Security Token Service is not available

As may be reported by the Health Analyzer or as a message in the System Event Application Log:

The SharePoint Health Analyzer detected a condition requiring your attention.  The Security Token Service is not available.
The Security Token Service is not issuing tokens. The service could be malfunctioning or in a bad state.
Administrator should try to restart the Security Token Service on the boxes where it is not issuing tokens. If problem persists, further troubleshooting may be available in the KB article. For more information about this rule, see "".

This indicates that the SharePoint Web Services Root application pool is stopped. Open Internet Information Services (IIS) Manager, expand server then click on Application Pools – right click on the SharePoint Web Services Root and select Start:

Other possible causes:
The Security Token Service hasn’t been provisioned
1.       Login to a SharePoint server as the Farm Account
2.       Open the SharePoint 2013 Management shell using Run as administrator
3.       Enter in the following commands:
$sts = Get-SPServiceApplication | ?{$_ -match "Security"}

Incorrect Authentication Settings in IIS
1.       Open Internet Information Services (IIS) Manager
2.       Expand the Sites folder
3.       Expand the SharePoint Web Services folder
4.       Click on the SecurityTokenServiceApplication to select it
5.       In the Features pane in the IIS section, double click on Authentication
6.       Right click on Forms Authentication and select Disable (for SharePoint,only Windows and Anonymous access should be enabled for tokens and the claims service to work correctly)

Bad data in the Web.config File
Check the web.config file in the site for errors (use Windiff to compare to a working web.config) and/or remove any manual changes that may have been made.


alasdaircs said...

Brand new SharePoint 2013 SP1 install on Windows Server 2012 R2, and I needed this. Thanks.

mansuri.isteyaq said...

Not working

David M. Sterling said...

As mentioned in 2016, you should check your permissions (CA > Web Applications > Web Application > User Policy). The internal server error is generally due to a) not having set user policy, b) no access to the site(s) by the Application Pool Account or c) a database error (usually permissions). If none of that helps, look at the accounts running the services (services.msc).