STS cannot sign credentials - Event 8304 (SharePoint 2010 Products)

 

Applies to: SharePoint Server 2010, SharePoint Foundation 2010

Alert Name:   Security Token Service cannot sign credentials

Event ID:   8304

Summary:   The Security Token service (STS) cannot sign user credentials.

Symptoms:   One or more of the following symptoms might appear:

  • Users are unable to log on to Microsoft SharePoint Server 2010.

  • Logon fails.

  • People Picker fails to search or resolve and return an error message.

  • This event appears in the event log: Event ID: 8307 Description: An exception occurred when trying to create signing credential: <exception>.

Cause:   An error occurred with the claims provider that is specified in the exception description.

Resolution:   Import a new STS signing certificate from the SharePoint 2010 Products farm

  1. Retrieve the root certificate of your Microsoft SharePoint 2010 Products farm.

  2. Export the root certificate.

  3. Use the makecert utility to generate a new STS signing certificate based on the root certificate.

  4. Import the new certificate into the certificate store for your operating system.

Resolution:    Import a new self-signed STS signing certificate or external certificate

  1. Retrieve the root certificate of your SharePoint 2010 Products farm.

  2. Export the root certificate.

  3. Regenerate the certificate.

  4. Import the new certificate into the certificate store for your operating system.