Often
we have noticed 500 Internal Server Error in SharePoint Site collections. The issue
typically occurs when the service account that is used by the STS was used for
an interactive log on and afterwards logged out. For example, an administrator
logs on to a WFE server by using the farm account and then log off. By doing
this, it forces the registry keys to be unloaded in the profile of that
account. This condition makes the keys unavailable for future use. The most
common errors which we notice in the ULS log would be like below.
SPSecurityContext:
Request for security token failed with exception: System.ServiceModel.FaultException:
The server was unable to process the request due to an internal error.
For more information about the error, either turn on
IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from
the <serviceDebug> configuration behavior) on the server in order to send
the exception information back to the client, or turn on tracing as per the
Microsoft .NET Framework SDK documentation and inspect the server trace logs
STS Call Claims Windows: Problem getting output claims identity.
Exception: 'System.Runtime.InteropServices.COMException (0x800703FA): Illegal
operation attempted on a registry key that has been marked for deletion. at
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at
System.DirectoryServices.DirectoryEntry.Exists(String path)
STS Call: Failed to issue new security token. Exception:
System.Runtime.InteropServices.COMException (0x800703FA): Illegal operation
attempted on a registry key that has been marked for deletion. at
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at
System.DirectoryServices.DirectoryEntry.Exists(String path)
Workaround :
1. Recycle the STS app pool
2. If some users are still getting 500 Internal Server Error, clear the browser cache of the user machine and it should work
Solution :
There are two steps involved to fix the issue of 500 Internal Server Error.
Step 1 : Enable auto recycle of STS App pool during off business hours.
Step 2 : Enable "Load User Profile" feature in the IIS against STS app pool. You can refer this article to configure the same.
No comments:
Post a Comment