本地计算机\ SharePoint证书存储中的不需要的证书 [英] Unwanted certificate in Local Computer\SharePoint cert store

查看:116
本文介绍了本地计算机\ SharePoint证书存储中的不需要的证书的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述


分析ULS日志后,发现以下错误:

One day ago my dev ShP environment stopped working, showing 500 Internal Server Error.

After analyzing the ULS logs the following error is found:

11/13/2017 16:11:42.38 w3wp.exe(0x0C30)    0x1C1C  SharePoint Foundation  监控  nasq   中级输入受监视的范围(请求(GET(https://XXXXconfluence.XXXXX.com:443/_layouts/15/settings.aspx))). 父母编号
11/13/2017 16:11:42.40  w3wp.exe(0x0C30)   0x1C1C  SharePoint Foundation记录相关数据  xmnv   中级名称=请求(GET:https://XXXXconfluence.XXXXX.com:443/_layouts/15/settings.aspx)    ea7a2c9e-2403-5080-80b3-b213b527ed4e
11/13/2017 16:11:42.49  w3wp.exe(0x0C30)   0x1C1C  SharePoint Foundation  拓扑  aeayb   中  SecurityTokenServiceSendRequest:RemoteAddress:'http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc' 频道:'Microsoft.IdentityModel.Protocols.WSTrust.IWSTrustChannelContract'操作:'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue'MessageId:'urn:uuid:7b117fc0 -86d3-4234-8762-dbc3c0f0ceb7'ea7a2c9e-2403-5080-80b3-b213b527ed4e
11/13/2017 16:11:42.54  w3wp.exe(0x16E0)   0x1738  SharePoint Foundation  拓扑  aeax9   中  SecurityTokenServiceReceiveRequest:LocalAddress:'http://XXXX102f0f.XXXXX.com:32843/SecurityTokenServiceApplication/securitytoken.svc' 频道:'System.ServiceModel.Channels.ServiceChannel'操作:'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue'MessageId:'urn:uuid:7b117fc0-86d3 -4234-8762-dbc3c0f0ceb7' ea7a2c9e-2403-5080-80b3-b213b527ed4e
11/13/2017 16:11:42.54  w3wp.exe(0x16E0)   0x1738  SharePoint Foundation  监控  nasq   中级输入受监视的范围(ExecuteSecurityTokenServiceOperationServer).家长编号  ea7a2c9e-2403-5080-80b3-b213b527ed4e
11/13/2017 16:11:42.66  w3wp.exe(0x16E0)   0x1738  SharePoint Foundation  声明身份验证    af3y9   中  STS呼叫声明Windows:已成功请求用户'XXXXX \ Sergey_Solovyev'的登录声明身份.   ea7a2c9e-2403-5080-80b3-b213b527ed4e
11/13/2017 16:11:43.57  w3wp.exe(0x0C30)   0x1C1C  SharePoint Foundation  监控  b4ly  高 离开监视范围(SPClaimsCounterScope).执行时间= 1138.70987793141 ea7a2c9e-2403-5080-80b3-b213b527ed4e
11/13/2017 16:11:43.58  w3wp.exe(0x0C30)   0x1C1C  SharePoint Foundation  一般8nca   中级访问/_layouts/15/settings.aspx时出现应用程序错误,错误= NotTimeValid:所需的证书不在其中 根据当前系统时钟或签名文件中的时间戳验证其有效期.    位于Microsoft.SharePoint.SPCertificateValidator.SPImmutableCertificateValidator.Validate(X509Certificate2证书)   在 Microsoft.SharePoint.SPCertificateValidator.Validate(X509Certificate2证书)     at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token)  ea7a2c9e-2403-5080-80b3-b213b527ed4e
11/13/2017 16:11:43.60  w3wp.exe(0x0C30)   0x1C1C  SharePoint Foundation  运行时tkau   意想不到的System.IdentityModel.Tokens.SecurityTokenValidationException:NotTimeValid:所需的证书不在其中 根据当前系统时钟或签名文件中的时间戳验证其有效期.    在Microsoft.SharePoint.SPCertificateValidator.SPImmutableCertificateValidator.Validate(X509Certificate2证书)处    at Microsoft.SharePoint.SPCertificateValidator.Validate(X509Certificate2证书)     at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token)    ea7a2c9e-2403-5080-80b3-b213b527ed4e
11/13/2017 16:11:43.61  w3wp.exe(0x0C30)   0x1C1C  SharePoint Foundation  一般性ajlz0   高   获取异常System.IdentityModel.Tokens.SecurityTokenValidationException的错误消息:ID4257:X.509 证书'E=help_desk@XXXX.com,CN = XXXXoqa.XXXXX.com,O = XXXXX,L = XXXX,S = XXXXX,C = US'验证由于令牌处理程序而失败. ---> System.IdentityModel.Tokens.SecurityTokenValidationException:NotTimeValid:所需的证书不在其有效性范围内 根据当前系统时钟或签名文件中的时间戳进行验证的时间段.      位于Microsoft.SharePoint.SPCertificateValidator.SPImmutableCertificateValidator.Validate(X509Certificate2证书)   在 Microsoft.SharePoint.SPCertificateValidator.Validate(X509Certificate2证书)     at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token)     -内部异常堆栈的结尾 跟踪---     at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token)      at Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.ValidateToken(SecurityToken token)     位于Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModule.AuthenticateUser(SecurityToken securityToken)上.     at Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModule.SetPrincipalAndWriteSessionTokenWithOptions(SecurityToken securityToken,SPSessionTokenWriteType writeOperationType)   在Microsoft.SharePoint.IdentityModel.SPWindowsClaimsAuthenticationHttpModule中.<> c__DisplayClass5.< PerformClaimsAuthenticationForUser> b__1()    Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated secureCode)    Microsoft.SharePoint.IdentityModel.SPWindowsClaimsAuthenticationHttpModule.PerformClaimsAuthenticationForUser(HttpContext context,SPFederationAuthenticationModule fam,SessionAuthenticationModule sam,WindowsIdentity windowsIdentity, SessionSecurityToken sessionSecurityToken,布尔型writeCookie)     at Microsoft.SharePoint.IdentityModel.SPWindowsClaimsAuthenticationHttpModule.AuthenticateRequest(对象发送方,EventArgs e)     位于System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()     在System.Web.HttpApplication.ExecuteStep(IExecutionStep步骤,布尔值& amp; Synchronouslyly)中    ea7a2c9e-2403-5080-80b3-b213b527ed4e

11/13/2017 16:11:42.38 w3wp.exe (0x0C30)   0x1C1C  SharePoint Foundation   Monitoring  nasq    Medium  Entering monitored scope (Request (GET:https://XXXXconfluence.XXXXX.com:443/_layouts/15/settings.aspx)). Parent No
11/13/2017 16:11:42.40  w3wp.exe (0x0C30)   0x1C1C  SharePoint Foundation   Logging Correlation Data    xmnv    Medium  Name=Request (GET:https://XXXXconfluence.XXXXX.com:443/_layouts/15/settings.aspx)   ea7a2c9e-2403-5080-80b3-b213b527ed4e
11/13/2017 16:11:42.49  w3wp.exe (0x0C30)   0x1C1C  SharePoint Foundation   Topology    aeayb   Medium  SecurityTokenServiceSendRequest: RemoteAddress: 'http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc' Channel: 'Microsoft.IdentityModel.Protocols.WSTrust.IWSTrustChannelContract' Action: 'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue' MessageId: 'urn:uuid:7b117fc0-86d3-4234-8762-dbc3c0f0ceb7' ea7a2c9e-2403-5080-80b3-b213b527ed4e
11/13/2017 16:11:42.54  w3wp.exe (0x16E0)   0x1738  SharePoint Foundation   Topology    aeax9   Medium  SecurityTokenServiceReceiveRequest: LocalAddress: 'http://XXXX102f0f.XXXXX.com:32843/SecurityTokenServiceApplication/securitytoken.svc' Channel: 'System.ServiceModel.Channels.ServiceChannel' Action: 'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue' MessageId: 'urn:uuid:7b117fc0-86d3-4234-8762-dbc3c0f0ceb7'  ea7a2c9e-2403-5080-80b3-b213b527ed4e
11/13/2017 16:11:42.54  w3wp.exe (0x16E0)   0x1738  SharePoint Foundation   Monitoring  nasq    Medium  Entering monitored scope (ExecuteSecurityTokenServiceOperationServer). Parent No    ea7a2c9e-2403-5080-80b3-b213b527ed4e
11/13/2017 16:11:42.66  w3wp.exe (0x16E0)   0x1738  SharePoint Foundation   Claims Authentication   af3y9   Medium  STS Call Claims Windows: Successfully requested sign-in claim identity for user 'XXXXX\Sergey_Solovyev'.    ea7a2c9e-2403-5080-80b3-b213b527ed4e
11/13/2017 16:11:43.57  w3wp.exe (0x0C30)   0x1C1C  SharePoint Foundation   Monitoring  b4ly    High    Leaving Monitored Scope (SPClaimsCounterScope). Execution Time=1138.70987793141 ea7a2c9e-2403-5080-80b3-b213b527ed4e
11/13/2017 16:11:43.58  w3wp.exe (0x0C30)   0x1C1C  SharePoint Foundation   General 8nca    Medium  Application error when access /_layouts/15/settings.aspx, Error=NotTimeValid: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.     at Microsoft.SharePoint.SPCertificateValidator.SPImmutableCertificateValidator.Validate(X509Certificate2 certificate)     at Microsoft.SharePoint.SPCertificateValidator.Validate(X509Certificate2 certificate)     at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token)  ea7a2c9e-2403-5080-80b3-b213b527ed4e
11/13/2017 16:11:43.60  w3wp.exe (0x0C30)   0x1C1C  SharePoint Foundation   Runtime tkau    Unexpected  System.IdentityModel.Tokens.SecurityTokenValidationException: NotTimeValid: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.      at Microsoft.SharePoint.SPCertificateValidator.SPImmutableCertificateValidator.Validate(X509Certificate2 certificate)     at Microsoft.SharePoint.SPCertificateValidator.Validate(X509Certificate2 certificate)     at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token)   ea7a2c9e-2403-5080-80b3-b213b527ed4e
11/13/2017 16:11:43.61  w3wp.exe (0x0C30)   0x1C1C  SharePoint Foundation   General ajlz0   High    Getting Error Message for Exception System.IdentityModel.Tokens.SecurityTokenValidationException: ID4257: X.509 certificate 'E=help_desk@XXXX.com, CN=XXXXoqa.XXXXX.com, O=XXXXX, L=XXXX, S=XXXXX, C=US' validation failed by the token handler. ---> System.IdentityModel.Tokens.SecurityTokenValidationException: NotTimeValid: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.       at Microsoft.SharePoint.SPCertificateValidator.SPImmutableCertificateValidator.Validate(X509Certificate2 certificate)     at Microsoft.SharePoint.SPCertificateValidator.Validate(X509Certificate2 certificate)     at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token)     --- End of inner exception stack trace ---     at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token)     at Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.ValidateToken(SecurityToken token)     at Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModule.AuthenticateUser(SecurityToken securityToken)     at Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModule.SetPrincipalAndWriteSessionTokenWithOptions(SecurityToken securityToken, SPSessionTokenWriteType writeOperationType)     at Microsoft.SharePoint.IdentityModel.SPWindowsClaimsAuthenticationHttpModule.<>c__DisplayClass5.<PerformClaimsAuthenticationForUser>b__1()     at Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated secureCode)     at Microsoft.SharePoint.IdentityModel.SPWindowsClaimsAuthenticationHttpModule.PerformClaimsAuthenticationForUser(HttpContext context, SPFederationAuthenticationModule fam, SessionAuthenticationModule sam, WindowsIdentity windowsIdentity, SessionSecurityToken sessionSecurityToken, Boolean writeCookie)     at Microsoft.SharePoint.IdentityModel.SPWindowsClaimsAuthenticationHttpModule.AuthenticateRequest(Object sender, EventArgs e)     at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()     at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)   ea7a2c9e-2403-5080-80b3-b213b527ed4e

事件查看器显示的内容相同:

操作失败,因为以下证书具有验证错误:

主题名称:E=help_desk@XXXX.com,CN = XXXXqa.epam.com,O = XXXXX,L = XXXX,S = XXXX,C = US发行人名称:CN = XXXX,DC = XXXXX,DC = com指纹: 1588C8FDE0D6C31275EE16D96A9ED7173F29EFE7

错误:

NotTimeValid:根据当前系统时钟或签名文件中的时间戳进行验证时,所需的证书不在其有效期内.

Event Viewer shows the same:

An operation failed because the following certificate has validation errors:

Subject Name: E=help_desk@XXXX.com, CN=XXXXqa.epam.com, O=XXXXX, L=XXXX, S=XXXX, C=US Issuer Name: CN=XXXX, DC=XXXXX, DC=com Thumbprint: 1588C8FDE0D6C31275EE16D96A9ED7173F29EFE7

Errors:

NotTimeValid: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

我已将所有证书替换为新证书(在有效期内),清除了证书缓存,并使用新安装的证书为每个网站修改了IIS绑定.

使用PowerShell,我发现上面带有指纹的证书(1588C8FDE0D6C31275EE16D96A9ED7173F29EFE7)位于Certificate :: LocalMachine \ SharePoint中,如下所示:

I have replaced all certificates to new ones (within the validity period), cleared certificate cache, modified IIS bindings for each website using the newly installed certificates.

Using PowerShell I've found that the certificate with the thumbprint above (1588C8FDE0D6C31275EE16D96A9ED7173F29EFE7) is located in Certificate::LocalMachine\SharePoint as shown here:

删除此证书,执行iisreset以及重新启动计算机都无济于事-它再次神奇地出现在这里.

真的不知道如何处理该错误,因此将不胜感激!

Removing this certificate, performing iisreset as well as computer restart doesn't help - it magically appears here again.

Really don't know how to deal with this error so any help will be greatly appreciated!

推荐答案

Sergey Soloviev,

Hi Sergey Soloviev,

要解决此问题,请检查以下内容:

To troubleshoot the issue, check things below:

1.检查本地计算机中的时区和时间是否正确.

1. Check if the time zone and the time in your local computer is right.

2.检查您的SharePoint环境中是否使用了通配符证书.

2. Check if a WildCard Certificate is used in your SharePoint environment.

并且您应该确保可信存储区"中的证书名称必须与证书的友好名称匹配.

And you should make sure the Name of the Certificate in the Trusted Store must match the Friendly name of the Certificate. 

此外,请确保您在商店中没有使用不同名称的相同证书.

Also, make sure you do not have the same certificates in the store using different names. 

3.检查服务帐户的密码是否已过期.

3. Check if the password of the service account has expired.

4.检查所有SharePoint服务器上IIS中的证书是否已过期.

4. Check if the certificates in IIS on all SharePoint servers have expired.

5.重新启动服务器.

5. Reboot the server.

您还可以按照以下文章中的故障排除步骤进行操作.

You also could follow the troubleshooting steps in the article below.

SharePoint 2013:所需的证书不在其有效期内.

SharePoint 2013: A required certificate is not within its validity period.

http://alstechtips.blogspot.sg/2016/05/sharepoint -2013-required-certificate-is.html

最诚挚的问候,

萨拉范


这篇关于本地计算机\ SharePoint证书存储中的不需要的证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆