SharePoint 2013 Site Collection Change Lock State using PowerShell

There are various situations where a site collection administrator has to make changes to the lock status of a/multiple site collections. It could be because you are migrating, or you want to execute some auditing and so on. Below is a script which can help you do the same. We can change the Lock state of a site collection to any of the available one. You can also add multiple site collections in the $sitelist parameter.

Hope it helps :) !


$sitelist = @("https://yoursitecollectionURL",)
foreach($site in $sitelist){
  $s = get-spsite $site
  $s.LockIssue = "Any text you want to add for logging purpose"
  //Set-SPSite -Identity $site -LockState [NoAccess|UnLock|ReadOnly]
  Set-SPSite -Identity $site -LockState NoAccess
                                         }

500 Internal Server Error - SharePoint STS Application Pool

Often we have noticed 500 Internal Server Error in SharePoint Site collections. The issue typically occurs when the service account that is used by the STS was used for an interactive log on and afterwards logged out. For example, an administrator logs on to a WFE server by using the farm account and then log off. By doing this, it forces the registry keys to be unloaded in the profile of that account. This condition makes the keys unavailable for future use. The most common errors which we notice in the ULS log would be like below.

SPSecurityContext: Request for security token failed with exception: System.ServiceModel.FaultException: The server was unable to process the request due to an internal error.  For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs

STS Call Claims Windows: Problem getting output claims identity. Exception: 'System.Runtime.InteropServices.COMException (0x800703FA): Illegal operation attempted on a registry key that has been marked for deletion. at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)  at System.DirectoryServices.DirectoryEntry.Exists(String path) 

STS Call: Failed to issue new security token. Exception: System.Runtime.InteropServices.COMException (0x800703FA): Illegal operation attempted on a registry key that has been marked for deletion. at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Exists(String path) 

Workaround :

1.  Recycle the STS app pool

2.  If some users are still getting 500 Internal Server Error, clear the browser cache of the user machine and it should work

Solution :

There are two steps involved to fix the issue of 500 Internal Server Error.

Step 1 : Enable auto recycle of STS App pool during off business hours.

Step 2 : Enable "Load User Profile" feature in the IIS against STS app pool. You can refer this article to configure the same.