I received this email from a friend of mine, who is not only a really badAss Windows and Azure Engineer, but he’s also a SharePoint BadAss too! Enjoy and I hope it helps you.
On Tue, Dec 10, 2019 at 8:45 AM -0500, “Brad Slagle” <addressremoved> wrote:
I created a new 2016 farm. Installation and Grey wizard completed without error. After getting CA open then I opened a SP2016 Management shell and typed get-spsite I got this error:
get-spsite : The server did not provide a meaningful reply; this might be caused by a contract mismatch, a premature session shutdown or an internal server error.
I tried to re-provision the site STS and localhost:38843 was still not working.
I found some documentation somewhere that showed a local policy: Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> “Network security: Configure encryption types allowed for Kerberos”
It showed that you needed the following to be allowed:
RC4_HMAC_MD5
AES128_HMAC_SHA1
AES256_HMAC_SHA1
On my server the RC4_HMAC_MD5 option was not checked off. After allowing it and resetting IIS, the STS started working.
I found your article about rebuilding the STS on the blog, but my STS wouldn’t start without that local policy and I figured you should put an article on your blog about it. Also the error about providing a meaningful reply really didn’t turn up anything useful.
Just figured I could help you get a unique article on your blog that I have not seen anywhere else on the web.
Brad