The Security Token Service is Unavailable

I received this email from a friend of mine, who is not only a really badAss Windows and Azure Engineer, but he’s also a SharePoint BadAss too! Enjoy and I hope it helps you.

On Tue, Dec 10, 2019 at 8:45 AM -0500, “Brad Slagle” <addressremoved> wrote:

I created a new 2016 farm.  Installation and Grey wizard completed without error.  After getting CA open then I opened a SP2016 Management shell and typed get-spsite I got this error:

get-spsite : The server did not provide a meaningful reply; this might be caused by a contract mismatch, a premature session shutdown or an internal server error.

I tried to re-provision the site STS  and localhost:38843 was still not working.

I found some documentation somewhere that showed a local policy:  Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> “Network security: Configure encryption types allowed for Kerberos”

It showed that you needed the following to be allowed:


On my server the RC4_HMAC_MD5 option was not checked off.  After allowing it and resetting IIS, the STS started working.

I found your article about rebuilding the STS on the blog, but my STS wouldn’t start without that local policy and I figured you should put an article on your blog about it.  Also the error about providing a meaningful reply really didn’t turn up anything useful.

Just figured I could help you get a unique article on your blog that I have not seen anywhere else on the web.