Tuesday, September 4, 2012

FAST Down Due to SharePoint Security Token Service Certificate Errors

Good Morning SharePoint!  Walking in the door with a fire to put out is better than coffee.

When browsing to a search page we were getting the following error.

clip_image001

Source: SharePoint Foundation

Event ID: 8311

An operation failed because the following certificate has validation errors:\n\nSubject Name: CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft, C=US\nIssuer Name: CN=SharePoint Root Authority, OU=SharePoint, O=Microsoft, C=US\nThumbprint: 9057913C61BA802F52787B75CFBE3BFAD0104E43\n\nErrors:\n\n The root of the certificate chain is not a trusted root authority..

A quick search lead me to the following KB article.

How to re-create the local Trusted Root Authority

This article states that an administrator deleted the local trust in CA. But I check and it is there.  I didn’t delete it and no one else has access.

clip_image002

I ran the following command from the article, which added a new local trust relationship.

$rootCert = (Get-SPCertificateAuthority).RootCertificate
New-SPTrustedRootAuthority -Name "localNew" -Certificate $rootCert

clip_image003

I still do not know what caused this to happen.  Will have to look into it later.