SharePoint 2010服务器场SharePoint Security令牌服务验证错误

时间:2014-11-14 21:29:30

标签: sharepoint-2010 sts-securitytokenservice

在我们的SharePoint 2010服务器场上,我们续订了SSL证书,续订后,我们开始在事件日志中出现以下错误

Event ID 8311
An operation failed because the following certificate has validation errors:\n\nSubject Name:
  CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft, C=US\nIssuer Name: CN=SharePoint Root Authority, OU=SharePoint, O=Microsoft, C=US\nThumbprint: \n\nErrors:\n\n

RevocationStatusUnknown:吊销功能无法检查证书的吊销。

网站通常使用正确的续订证书。甚至SharePoint和自定义安全应用程序之间的声明身份验证也有效。但是,某些SharePoint服务会出现严重问题,例如搜索无效并发出以下错误:

The requested service, 'http://server:32843/f6a9024b8bbe48ebae7e9ffc8f5809dd/SearchService.svc' could not be activated. See the server's diagnostic trace logs for more information.
Stack trace: 
Server stack trace: 
at System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory factory, WebException responseException, ChannelBinding channelBinding)

当我在powershell中运行Get-SPSite命令时,我收到以下错误

Get-SPSite : ID4257: X.509 certificate 'CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft, C=US' validation failed by the token handler.

我无法停用/激活服务器上的任何功能,它会引发证书错误。

我已经尝试过以下内容:

1. Recreating the local trust relationship using following commands
    $rootCert = (Get-SPCertificateAuthority).RootCertificate
    New-SPTrustedRootAuthority -Name "localNew" -Certificate $rootCert

2. Adding "SharePoint Root Authority" certificate to certificate store on each server in the farm, in mmc SharePoint certificates "SharePoint Security Token Service"  certificate is displayed under "SharePoint Root Authority" certificate.

1 个答案:

答案 0 :(得分:0)

我有类似的问题,我们的症状是

<EventID>8311</EventID>
...
<Data Name="string3">NotTimeValid: Unknown error.</Data>

根本原因是该站点出现了SSRS(在同一主机上),并且SSRS(其具有与IIS不同的绑定引擎)证书已过期,但是由SharePoint记录。

相关问题
最新问题