Hello Readers,
We had to setup a new content source in our search and suddenly we got this error while going to the Content sources in Search Service Application.
I googled n didn't find much information so i went through the ULS logs and found these entries.
An operation failed because the following certificate has validation errors: Subject Name: CN=###############.com Issuer Name: CN=###############.com Thumbprint: 9238C86F4CF817870AFAB778E9E5E140D7ADE82F Errors: The root of the certificate chain is not a trusted root authority..
STS Call: Failed to issue new security token. Exception: System.IdentityModel.Tokens.SecurityTokenValidationException: ID4257: X.509 certificate
'CN=###############.com' validation failed by the token handler.
An exception occurred when trying to issue security token: ID3242: The security token could not be authenticated or authorized..
the actual issue was that one of the certificates were not added to 'SPTrustedRootAuthority'
Fixing this is simple
$cert = Get-PfxCertificate C:\###############.pfx
New-SPTrustedRootAuthority -Name "###############" -Certificate $cert
If you have a certificate that requires a password
Use IE and go to 'Central Admin'/_admin/ManageTrust.aspx and upload the certifcate.
That's how i got the issue fixed.
Hope it helps :)
Happy Coding
Guruparan Giritharan
When attempting to log into a Microsoft Dynamics 365 / CRM instance, you will receive this error. ADFS has returned this message. The problem appears to be that authentication now requires a UPN (user principal name / MSDN – User Name Formats) logon since ADFS was upgraded. See here https://kodlogs.net/193/id3242-the-security-token-could-not-be-authenticated-or-authorized
ReplyDelete