Monday, May 30, 2016

ID3242: The security token could not be authenticated or authorized.

Hello Readers,

We had to setup a new content source in our search and suddenly we got this error while going to the Content sources in Search Service Application.

I googled n didn't find much information so i went through the ULS logs and found these entries.

 An operation failed because the following certificate has validation errors:  Subject Name: CN=###############.com Issuer Name: CN=###############.com Thumbprint: 9238C86F4CF817870AFAB778E9E5E140D7ADE82F  Errors:   The root of the certificate chain is not a trusted root authority..

STS Call: Failed to issue new security token. Exception: System.IdentityModel.Tokens.SecurityTokenValidationException: ID4257: X.509 certificate 
'CN=###############.com' validation failed by the token handler.

An exception occurred when trying to issue security token: ID3242: The security token could not be authenticated or authorized..

the actual issue was that one of the certificates were not added to 'SPTrustedRootAuthority'

Fixing this is simple

$cert = Get-PfxCertificate C:\###############.pfx
New-SPTrustedRootAuthority -Name "###############" -Certificate $cert

If you have a certificate that requires a password
Use IE and go to 'Central Admin'/_admin/ManageTrust.aspx and upload the certifcate.

That's how i got the issue fixed.
Hope it helps :)

Happy Coding
Guruparan Giritharan

1 comment:

  1. When attempting to log into a Microsoft Dynamics 365 / CRM instance, you will receive this error. ADFS has returned this message. The problem appears to be that authentication now requires a UPN (user principal name / MSDN – User Name Formats) logon since ADFS was upgraded. See here https://kodlogs.net/193/id3242-the-security-token-could-not-be-authenticated-or-authorized

    ReplyDelete