Is there a reason why this is the case? Has anyone seen this issue in the past, and if so...could you please share the knowledge on what the cause is and what can be done to fix it?
If I remember correctly when we had an issue like this. We set a switch in the web.config I believe this is what the SharePoint guy did at the time.
CustomError=Off
Hi,
As I understand, you cannot log in SharePoint site when using claim based authentication in SharePoint 2010.
You can check the details of the error in ULS log. (The path of the ULS log: C:\Program files\Common Files\Microsoft Shared\Web Server Extensions\14\LOGS).
Maybe the cause is that application pool account was missing the "Impersonate a client after authentication" user right, then you can do the troubleshooting steps below:
1. Go to Start - Administrative tools - Local Security Policy - Local Policies - User Right Assignments - Impersonate a client after authentication properties
2. Add the Application Pool account for the site which is not working.
3. Reboot the server, so the changes can take effect.
4. Browse the site and it should work fine.
The article below is about the HTTP 500 Internal Server Error.
http://blogs.msdn.com/b/allengeorge/archive/2013/10/23/http-500-internal-server-error.aspx
Best regards
Sara Fan
Hi,
As I understand, you cannot log in SharePoint site when using claim based authentication in SharePoint 2010.
You can check the details of the error in ULS log. (The path of the ULS log: C:\Program files\Common Files\Microsoft Shared\Web Server Extensions\14\LOGS).
Maybe the cause is that application pool account was missing the "Impersonate a client after authentication" user right, then you can do the troubleshooting steps below:
1. Go to Start - Administrative tools - Local Security Policy - Local Policies - User Right Assignments - Impersonate a client after authentication properties
2. Add the Application Pool account for the site which is not working.
3. Reboot the server, so the changes can take effect.
4. Browse the site and it should work fine.
The article below is about the HTTP 500 Internal Server Error.
http://blogs.msdn.com/b/allengeorge/archive/2013/10/23/http-500-internal-server-error.aspx
Best regards,
Sa
Hello Fan,
I have done the settings you described above but the issue persist.
I really dont know what else to do.
Regards,
Kingsley
There are a dozen ways that you can get a 500 error on a new site collection.
- Have you checked the event logs for anything?
Have you checked the ULS logs for any entries? - Have you confirmed that the application pool and site is up and running?
- Can you confirm that the 500 error only occurs for the new web application and that you have created a site collection at the root?
- Once the web application + site collection have been created can you access them through PowerShell?
Without knowing what you've tried we can't suggest things that you might not have done.
- Edited by Alex BrassingtonMicrosoft community contributor 22 hours 17 minutes ago
Hello Alex,
Thank you for your time and support.
The application pool is up and running. The site collection was successfully created. Web site with classic authentication works but claims authentication do not work.
I dont know how to access the site via powershell. The error occurred when I created the first web application and site collection after I installed Sharepoint and the root site
Error message
Event log: Log Name: Application
Source: Microsoft-SharePoint Products-SharePoint Foundation
Date: 01/04/2015 12:32:31
Event ID: 8305
Task Category: Claims Authentication
Level: Error
Keywords:
User: KAZTEC-ENG\sun.ion
Computer: KAZTEC-SP1.KAZTEC-ENG.LOCAL
Description:
An exception occurred when trying to establish endpoint for context: Unrecognized attribute 'allowInsecureTransport'. Note that attribute names are case-sensitive. (C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\WebClients\SecurityToken\client.config
line 41).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-SharePoint Products-SharePoint Foundation" Guid="{6FB7E0CD-52E7-47DD-997A-241563931FC2}" />
<EventID>8305</EventID>
<Version>14</Version>
<Level>2</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2015-04-01T11:32:31.895416500Z" />
<EventRecordID>42358</EventRecordID>
<Correlation ActivityID="{07C18AE0-6233-40E9-B99E-C747723ECFC2}" />
<Execution ProcessID="788" ThreadID="6224" />
<Channel>Application</Channel>
<Computer>KAZTEC-SP1.KAZTEC-ENG.LOCAL</Computer>
<Security UserID="S-1-5-21-1872518793-706367052-2123955694-1206" />
</System>
<EventData>
<Data Name="string0">Unrecognized attribute 'allowInsecureTransport'. Note that attribute names are case-sensitive. (C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\WebClients\SecurityToken\client.config
line 41)</Data>
</EventData>
</Event>
Client file located in C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\WebClients\SecurityToken
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<client>
<endpoint
name="SecurityTokenService"
contract="Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract"
binding="customBinding"
bindingConfiguration="spStsBinding"/>
<endpoint
name="SecurityTokenService_ActAs"
contract="Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract"
binding="customBinding"
bindingConfiguration="spStsActAsBinding"/>
<endpoint
name="WindowsTokenCacheService"
contract="Microsoft.SharePoint.Administration.Claims.ISPWindowsTokenCacheServiceContract"
binding="customBinding"
bindingConfiguration="SPWindowsTokenCacheServiceHttpsBinding"/>
</client>
<!-- Binding List: -->
<bindings>
<customBinding>
<binding
name="spStsBinding">
<binaryMessageEncoding>
<readerQuotas
maxStringContentLength="1048576"
maxArrayLength="2097152"/>
</binaryMessageEncoding>
<httpTransport
maxReceivedMessageSize="2162688"
authenticationScheme="Negotiate"
useDefaultWebProxy="false" />
</binding>
<binding
name="spStsActAsBinding">
<security
authenticationMode="SspiNegotiatedOverTransport"
allowInsecureTransport="true"
defaultAlgorithmSuite="Basic256Sha256"
messageSecurityVersion="WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12" />
<binaryMessageEncoding>
<readerQuotas
maxStringContentLength="1048576"
maxArrayLength="2097152"/>
</binaryMessageEncoding>
<httpTransport
maxReceivedMessageSize="2162688"
authenticationScheme="Negotiate"
useDefaultWebProxy="false"/>
</binding>
<binding name="SPWindowsTokenCacheServiceHttpsBinding">
<security authenticationMode="IssuedTokenOverTransport" />
<textMessageEncoding>
<readerQuotas maxStringContentLength="1048576" maxArrayLength="2097152"/>
</textMessageEncoding>
<httpsTransport maxReceivedMessageSize="2162688" authenticationScheme="Anonymous" useDefaultWebProxy="false" />
</binding>
</customBinding>
</bindings>
</system.serviceModel>
Regards,
Kingsley
There are a dozen ways that you can get a 500 error on a new site collection.
- Have you checked the event logs for anything?
Have you checked the ULS logs for any entries? - Have you confirmed that the application pool and site is up and running?
- Can you confirm that the 500 error only occurs for the new web application and that you have created a site collection at the root?
- Once the web application + site collection have been created can you access them through PowerShell?
Without knowing what you've tried we can't suggest things that you might not have done.
- Edited by Alex BrassingtonMicrosoft community contributor Wednesday, April 01, 2015 9:17 AM
Hi,
Based on the details about the error, there is an unrecognized attribute 'allowInsecureTransport' in the client.config.
To resolve this issue you will need to download the KB976462 hotfix which can be found at http://connect.microsoft.com/VisualStudio/Downloads/DownloadDetails.aspx?DownloadID=23806.
The article below is about unrecognized attribute allowInsecureTransport.
http://www.the14folder.com/tag/unrecognized-attribute-allowinsecuretransport/
Best regards
Sara Fan
Hi,
Based on the details about the error, there is an unrecognized attribute 'allowInsecureTransport' in the client.config.
To resolve this issue you will need to download the KB976462 hotfix which can be found at http://connect.microsoft.com/VisualStudio/Downloads/DownloadDetails.aspx?DownloadID=23806.
The article below is about unrecognized attribute allowInsecureTransport.
http://www.the14folder.com/tag/unrecognized-attribute-allowinsecuretransport/
Best regards,
Sa
The KB976462 hotfix resolved the issue.
Thank you Sara Fan
- Marked as answer by kingruke 2 hours 44 minutes ago