本地计算机\ SharePoint证书存储中的不需要的证书 [英] Unwanted certificate in Local Computer\SharePoint cert store
问题描述
分析ULS日志后,发现以下错误:
One day ago my dev ShP environment stopped working, showing 500 Internal Server Error.
After analyzing the ULS logs the following error is found:
11/13/2017 16:11:42.38 w3wp.exe(0x0C30) 0x1C1C SharePoint Foundation 监控 nasq 中级输入受监视的范围(请求(GET(https://XXXXconfluence.XXXXX.com:443/_layouts/15/settings.aspx))).
父母编号
11/13/2017 16:11:42.40 w3wp.exe(0x0C30) 0x1C1C SharePoint Foundation记录相关数据 xmnv 中级名称=请求(GET:https://XXXXconfluence.XXXXX.com:443/_layouts/15/settings.aspx)
ea7a2c9e-2403-5080-80b3-b213b527ed4e
11/13/2017 16:11:42.49 w3wp.exe(0x0C30) 0x1C1C SharePoint Foundation 拓扑 aeayb 中 SecurityTokenServiceSendRequest:RemoteAddress:'http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc'
频道:'Microsoft.IdentityModel.Protocols.WSTrust.IWSTrustChannelContract'操作:'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue'MessageId:'urn:uuid:7b117fc0 -86d3-4234-8762-dbc3c0f0ceb7'ea7a2c9e-2403-5080-80b3-b213b527ed4e
11/13/2017 16:11:42.54 w3wp.exe(0x16E0) 0x1738 SharePoint Foundation 拓扑 aeax9 中 SecurityTokenServiceReceiveRequest:LocalAddress:'http://XXXX102f0f.XXXXX.com:32843/SecurityTokenServiceApplication/securitytoken.svc'
频道:'System.ServiceModel.Channels.ServiceChannel'操作:'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue'MessageId:'urn:uuid:7b117fc0-86d3 -4234-8762-dbc3c0f0ceb7' ea7a2c9e-2403-5080-80b3-b213b527ed4e
11/13/2017 16:11:42.54 w3wp.exe(0x16E0) 0x1738 SharePoint Foundation 监控 nasq 中级输入受监视的范围(ExecuteSecurityTokenServiceOperationServer).家长编号 ea7a2c9e-2403-5080-80b3-b213b527ed4e
11/13/2017 16:11:42.66 w3wp.exe(0x16E0) 0x1738 SharePoint Foundation 声明身份验证 af3y9 中 STS呼叫声明Windows:已成功请求用户'XXXXX \ Sergey_Solovyev'的登录声明身份.
ea7a2c9e-2403-5080-80b3-b213b527ed4e
11/13/2017 16:11:43.57 w3wp.exe(0x0C30) 0x1C1C SharePoint Foundation 监控 b4ly 高 离开监视范围(SPClaimsCounterScope).执行时间= 1138.70987793141 ea7a2c9e-2403-5080-80b3-b213b527ed4e
11/13/2017 16:11:43.58 w3wp.exe(0x0C30) 0x1C1C SharePoint Foundation 一般8nca 中级访问/_layouts/15/settings.aspx时出现应用程序错误,错误= NotTimeValid:所需的证书不在其中
根据当前系统时钟或签名文件中的时间戳验证其有效期. 位于Microsoft.SharePoint.SPCertificateValidator.SPImmutableCertificateValidator.Validate(X509Certificate2证书) 在
Microsoft.SharePoint.SPCertificateValidator.Validate(X509Certificate2证书) at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token) ea7a2c9e-2403-5080-80b3-b213b527ed4e
11/13/2017 16:11:43.60 w3wp.exe(0x0C30) 0x1C1C SharePoint Foundation 运行时tkau 意想不到的System.IdentityModel.Tokens.SecurityTokenValidationException:NotTimeValid:所需的证书不在其中
根据当前系统时钟或签名文件中的时间戳验证其有效期. 在Microsoft.SharePoint.SPCertificateValidator.SPImmutableCertificateValidator.Validate(X509Certificate2证书)处
at Microsoft.SharePoint.SPCertificateValidator.Validate(X509Certificate2证书) at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token) ea7a2c9e-2403-5080-80b3-b213b527ed4e
11/13/2017 16:11:43.61 w3wp.exe(0x0C30) 0x1C1C SharePoint Foundation 一般性ajlz0 高 获取异常System.IdentityModel.Tokens.SecurityTokenValidationException的错误消息:ID4257:X.509
证书'E=help_desk@XXXX.com,CN = XXXXoqa.XXXXX.com,O = XXXXX,L = XXXX,S = XXXXX,C = US'验证由于令牌处理程序而失败. ---> System.IdentityModel.Tokens.SecurityTokenValidationException:NotTimeValid:所需的证书不在其有效性范围内
根据当前系统时钟或签名文件中的时间戳进行验证的时间段. 位于Microsoft.SharePoint.SPCertificateValidator.SPImmutableCertificateValidator.Validate(X509Certificate2证书) 在
Microsoft.SharePoint.SPCertificateValidator.Validate(X509Certificate2证书) at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token) -内部异常堆栈的结尾
跟踪--- at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token) at Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.ValidateToken(SecurityToken token)
位于Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModule.AuthenticateUser(SecurityToken securityToken)上. at Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModule.SetPrincipalAndWriteSessionTokenWithOptions(SecurityToken
securityToken,SPSessionTokenWriteType writeOperationType) 在Microsoft.SharePoint.IdentityModel.SPWindowsClaimsAuthenticationHttpModule中.<> c__DisplayClass5.< PerformClaimsAuthenticationForUser> b__1() Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated
secureCode) Microsoft.SharePoint.IdentityModel.SPWindowsClaimsAuthenticationHttpModule.PerformClaimsAuthenticationForUser(HttpContext context,SPFederationAuthenticationModule fam,SessionAuthenticationModule sam,WindowsIdentity windowsIdentity,
SessionSecurityToken sessionSecurityToken,布尔型writeCookie) at Microsoft.SharePoint.IdentityModel.SPWindowsClaimsAuthenticationHttpModule.AuthenticateRequest(对象发送方,EventArgs e) 位于System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
在System.Web.HttpApplication.ExecuteStep(IExecutionStep步骤,布尔值& amp; Synchronouslyly)中 ea7a2c9e-2403-5080-80b3-b213b527ed4e
11/13/2017 16:11:42.38 w3wp.exe (0x0C30) 0x1C1C SharePoint Foundation Monitoring nasq Medium Entering monitored scope (Request (GET:https://XXXXconfluence.XXXXX.com:443/_layouts/15/settings.aspx)).
Parent No
11/13/2017 16:11:42.40 w3wp.exe (0x0C30) 0x1C1C SharePoint Foundation Logging Correlation Data xmnv Medium Name=Request (GET:https://XXXXconfluence.XXXXX.com:443/_layouts/15/settings.aspx)
ea7a2c9e-2403-5080-80b3-b213b527ed4e
11/13/2017 16:11:42.49 w3wp.exe (0x0C30) 0x1C1C SharePoint Foundation Topology aeayb Medium SecurityTokenServiceSendRequest: RemoteAddress: 'http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc'
Channel: 'Microsoft.IdentityModel.Protocols.WSTrust.IWSTrustChannelContract' Action: 'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue' MessageId: 'urn:uuid:7b117fc0-86d3-4234-8762-dbc3c0f0ceb7' ea7a2c9e-2403-5080-80b3-b213b527ed4e
11/13/2017 16:11:42.54 w3wp.exe (0x16E0) 0x1738 SharePoint Foundation Topology aeax9 Medium SecurityTokenServiceReceiveRequest: LocalAddress: 'http://XXXX102f0f.XXXXX.com:32843/SecurityTokenServiceApplication/securitytoken.svc'
Channel: 'System.ServiceModel.Channels.ServiceChannel' Action: 'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue' MessageId: 'urn:uuid:7b117fc0-86d3-4234-8762-dbc3c0f0ceb7' ea7a2c9e-2403-5080-80b3-b213b527ed4e
11/13/2017 16:11:42.54 w3wp.exe (0x16E0) 0x1738 SharePoint Foundation Monitoring nasq Medium Entering monitored scope (ExecuteSecurityTokenServiceOperationServer). Parent No ea7a2c9e-2403-5080-80b3-b213b527ed4e
11/13/2017 16:11:42.66 w3wp.exe (0x16E0) 0x1738 SharePoint Foundation Claims Authentication af3y9 Medium STS Call Claims Windows: Successfully requested sign-in claim identity for user 'XXXXX\Sergey_Solovyev'.
ea7a2c9e-2403-5080-80b3-b213b527ed4e
11/13/2017 16:11:43.57 w3wp.exe (0x0C30) 0x1C1C SharePoint Foundation Monitoring b4ly High Leaving Monitored Scope (SPClaimsCounterScope). Execution Time=1138.70987793141 ea7a2c9e-2403-5080-80b3-b213b527ed4e
11/13/2017 16:11:43.58 w3wp.exe (0x0C30) 0x1C1C SharePoint Foundation General 8nca Medium Application error when access /_layouts/15/settings.aspx, Error=NotTimeValid: A required certificate is not within
its validity period when verifying against the current system clock or the timestamp in the signed file. at Microsoft.SharePoint.SPCertificateValidator.SPImmutableCertificateValidator.Validate(X509Certificate2 certificate) at
Microsoft.SharePoint.SPCertificateValidator.Validate(X509Certificate2 certificate) at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token) ea7a2c9e-2403-5080-80b3-b213b527ed4e
11/13/2017 16:11:43.60 w3wp.exe (0x0C30) 0x1C1C SharePoint Foundation Runtime tkau Unexpected System.IdentityModel.Tokens.SecurityTokenValidationException: NotTimeValid: A required certificate is not within
its validity period when verifying against the current system clock or the timestamp in the signed file. at Microsoft.SharePoint.SPCertificateValidator.SPImmutableCertificateValidator.Validate(X509Certificate2 certificate)
at Microsoft.SharePoint.SPCertificateValidator.Validate(X509Certificate2 certificate) at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token) ea7a2c9e-2403-5080-80b3-b213b527ed4e
11/13/2017 16:11:43.61 w3wp.exe (0x0C30) 0x1C1C SharePoint Foundation General ajlz0 High Getting Error Message for Exception System.IdentityModel.Tokens.SecurityTokenValidationException: ID4257: X.509
certificate 'E=help_desk@XXXX.com, CN=XXXXoqa.XXXXX.com, O=XXXXX, L=XXXX, S=XXXXX, C=US' validation failed by the token handler. ---> System.IdentityModel.Tokens.SecurityTokenValidationException: NotTimeValid: A required certificate is not within its validity
period when verifying against the current system clock or the timestamp in the signed file. at Microsoft.SharePoint.SPCertificateValidator.SPImmutableCertificateValidator.Validate(X509Certificate2 certificate) at
Microsoft.SharePoint.SPCertificateValidator.Validate(X509Certificate2 certificate) at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token) --- End of inner exception stack
trace --- at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token) at Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.ValidateToken(SecurityToken token)
at Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModule.AuthenticateUser(SecurityToken securityToken) at Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModule.SetPrincipalAndWriteSessionTokenWithOptions(SecurityToken
securityToken, SPSessionTokenWriteType writeOperationType) at Microsoft.SharePoint.IdentityModel.SPWindowsClaimsAuthenticationHttpModule.<>c__DisplayClass5.<PerformClaimsAuthenticationForUser>b__1() at Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated
secureCode) at Microsoft.SharePoint.IdentityModel.SPWindowsClaimsAuthenticationHttpModule.PerformClaimsAuthenticationForUser(HttpContext context, SPFederationAuthenticationModule fam, SessionAuthenticationModule sam, WindowsIdentity windowsIdentity,
SessionSecurityToken sessionSecurityToken, Boolean writeCookie) at Microsoft.SharePoint.IdentityModel.SPWindowsClaimsAuthenticationHttpModule.AuthenticateRequest(Object sender, EventArgs e) at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) ea7a2c9e-2403-5080-80b3-b213b527ed4e
事件查看器显示的内容相同:
操作失败,因为以下证书具有验证错误:
主题名称:E=help_desk@XXXX.com,CN = XXXXqa.epam.com,O = XXXXX,L = XXXX,S = XXXX,C = US发行人名称:CN = XXXX,DC = XXXXX,DC = com指纹: 1588C8FDE0D6C31275EE16D96A9ED7173F29EFE7
错误:
NotTimeValid:根据当前系统时钟或签名文件中的时间戳进行验证时,所需的证书不在其有效期内.
Event Viewer shows the same:
An operation failed because the following certificate has validation errors:
Subject Name: E=help_desk@XXXX.com, CN=XXXXqa.epam.com, O=XXXXX, L=XXXX, S=XXXX, C=US Issuer Name: CN=XXXX, DC=XXXXX, DC=com Thumbprint: 1588C8FDE0D6C31275EE16D96A9ED7173F29EFE7
Errors:
NotTimeValid: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
我已将所有证书替换为新证书(在有效期内),清除了证书缓存,并使用新安装的证书为每个网站修改了IIS绑定.
使用PowerShell,我发现上面带有指纹的证书(1588C8FDE0D6C31275EE16D96A9ED7173F29EFE7)位于Certificate :: LocalMachine \ SharePoint中,如下所示:
I have replaced all certificates to new ones (within the validity period), cleared certificate cache, modified IIS bindings for each website using the newly installed certificates.
Using PowerShell I've found that the certificate with the thumbprint above (1588C8FDE0D6C31275EE16D96A9ED7173F29EFE7) is located in Certificate::LocalMachine\SharePoint as shown here:
删除此证书,执行iisreset以及重新启动计算机都无济于事-它再次神奇地出现在这里.
真的不知道如何处理该错误,因此将不胜感激!
Removing this certificate, performing iisreset as well as computer restart doesn't help - it magically appears here again.
Really don't know how to deal with this error so any help will be greatly appreciated!
推荐答案
Sergey Soloviev,
Hi Sergey Soloviev,
要解决此问题,请检查以下内容:
To troubleshoot the issue, check things below:
1.检查本地计算机中的时区和时间是否正确.
1. Check if the time zone and the time in your local computer is right.
2.检查您的SharePoint环境中是否使用了通配符证书.
2. Check if a WildCard Certificate is used in your SharePoint environment.
并且您应该确保可信存储区"中的证书名称必须与证书的友好名称匹配.
And you should make sure the Name of the Certificate in the Trusted Store must match the Friendly name of the Certificate.
此外,请确保您在商店中没有使用不同名称的相同证书.
Also, make sure you do not have the same certificates in the store using different names.
3.检查服务帐户的密码是否已过期.
3. Check if the password of the service account has expired.
4.检查所有SharePoint服务器上IIS中的证书是否已过期.
4. Check if the certificates in IIS on all SharePoint servers have expired.
5.重新启动服务器.
5. Reboot the server.
您还可以按照以下文章中的故障排除步骤进行操作.
You also could follow the troubleshooting steps in the article below.
SharePoint 2013:所需的证书不在其有效期内.
SharePoint 2013: A required certificate is not within its validity period.
http://alstechtips.blogspot.sg/2016/05/sharepoint -2013-required-certificate-is.html
最诚挚的问候,
萨拉范
这篇关于本地计算机\ SharePoint证书存储中的不需要的证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!