I am trying to create a new SharePoint 2019 farm.
After I run the SharePoint 2019 Products Configuration Wizard, the procedure fails in Step 3 with the Exception System.InvalidOperationException: The security token service is not available in the farm.
In PSCDiagnostics log file the trace messages can be found below:
06/12/2023 23:38:04 9 INF Creating connection string for config db SharePoint_Config server spdevsql 06/12/2023 23:38:04 9 INF Creating connection string for admin content db SharePoint_AdminContent_daf179a5-a4c9-490d-9bd6-14aceefe417e server spdevsql 06/12/2023 23:38:04 9 INF Using NTLM for sql connection string 06/12/2023 23:38:04 9 INF Creating a new farm with config db SharePoint_Config content db SharePoint_AdminContent_daf179a5-a4c9-490d-9bd6-14aceefe417e server spdevsql for farm mode 06/12/2023 23:39:33 9 ERR Task configdb has failed with an unknown exception 06/12/2023 23:39:33 9 ERR Exception: System.InvalidOperationException: The security token service is not available in the farm. at Microsoft.SharePoint.Administration.Claims.SPSecurityTokenService.get_Local() at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.get_Local() at Microsoft.SharePoint.Administration.Claims.SPClaimProviderOperations.EntityTypes(Uri context, SPClaimProviderOperationOptions mode, String[] providerNames) at Microsoft.SharePoint.Administration.Claims.SPClaimEntityTypes.GetEntityTypesForSecurityGroupPrincipalType(Uri contextUri, SPClaimProviderOperationOptions mode) at Microsoft.SharePoint.Administration.Claims.SPClaimEntityTypes.ConvertFromPrincipalType(Uri contextUri, SPPrincipalType principalType) at Microsoft.SharePoint.Utilities.SPUtility.SPPrincipalEntityType..ctor(SPPrincipalType scopes, SPPrincipalSource sources, SPWeb web, SPWebApplication webApplication, Nullable1 urlZone) at Microsoft.SharePoint.Utilities.SPUtility.ResolvePrincipalInternal(SPWeb web, SPWebApplication webApp, Nullable1 urlZone, String input, SPPrincipalType scopes, SPPrincipalSource sources, SPUserCollection usersContainer, Boolean inputIsEmailOnly, Boolean alwaysAddWindowsResolver) at Microsoft.SharePoint.Utilities.SPUtility.ResolvePrincipal(SPWebApplication webApp, Nullable`1 urlZone, String input, SPPrincipalType scopes, SPPrincipalSource sources, Boolean inputIsEmailOnly) at Microsoft.SharePoint.Administration.SPSiteCollection.ResolvePrincipalForSiteCreation(Uri siteUri, Uri siteHostUri, String loginName, Boolean& isWindowsLegacyAccount, String& userKey) at Microsoft.SharePoint.Administration.SPSiteCollection.AddInternal(SPSiteCollectionAddParameters param) at Microsoft.SharePoint.Administration.SPSiteCollection.Add(SPSiteCollectionAddParameters param) at Microsoft.SharePoint.Administration.SPAdministrationWebApplication.CreateDefaultInstance(SqlConnectionStringBuilder administrationContentDatabase, SPWebService adminService, IdentityType identityType, String farmUser, SecureString farmPassword) at Microsoft.SharePoint.Administration.SPFarmFactory.CreateAdministrationWebService(SPFarm farm, SqlConnectionStringBuilder administrationContentDatabase, IdentityType identityType, String farmUser, SecureString farmPassword) at Microsoft.SharePoint.Administration.SPFarmFactory.CreateBasicServices(SPFarm farm) at Microsoft.SharePoint.Administration.SPFarmFactory.Create() at Microsoft.SharePoint.Administration.SPFarm.Create(SqlConnectionStringBuilder configurationDatabase, SqlConnectionStringBuilder administrationContentDatabase, SqlConnectionStringBuilder siteMapDatabase, SqlConnectionStringBuilder timerServiceDatabase, IdentityType identityType, String farmUser, SecureString farmPassword, SecureString masterPassphrase) at Microsoft.SharePoint.PostSetupConfiguration.ConfigurationDatabaseTask.CreateOrConnectConfigDb() at Microsoft.SharePoint.PostSetupConfiguration.ConfigurationDatabaseTask.Run() at Microsoft.SharePoint.PostSetupConfiguration.TaskThread.ExecuteTask()
I run the Configuration Wizard with SPAdmin domain account, which is a local Administrator on SharePoint Server and has dbcreator, securityadmin and serveradmin roles in SQL Server.
When I check the status of the configuation, in SQL Server, SharePoint_Config and SharePoint_AdminContent databases have been created but tables are partialy loaded. For example "SecurityTokenService" record from SharePoint_Config.dbo.Objects table is missing. (SharePoint_Config.dbo.Objects.Name='SecurityTokenService')
In IIS, no web applications have been created.
This is the message in the Configuration Wizard.
Furthermore, in SharePoint log file (part of it in SPDEVSRV-20230612-2321.log) just before the exception of "Security Token Service" there is an exception related to Active Directory.
06/12/2023 23:39:33.20 psconfigui.exe (0x0080) 0x16DC SharePoint Foundation General 8l26 High Error when trying to get trusted forests and domains. Exception message: The user name or password is incorrect. , callstack: at System.DirectoryServices.ActiveDirectory.PropertyManager.GetPropertyValue(DirectoryContext context, DirectoryEntry directoryEntry, String propertyName) at System.DirectoryServices.ActiveDirectory.Domain.GetDomain(DirectoryContext context) at Microsoft.SharePoint.Utilities.SPUserUtility.GetTrustedDomains(List1 trustedForestNames, List1 trustedDomainNames)
06/12/2023 23:39:33.20 psconfigui.exe (0x0080) 0x16DC SharePoint Foundation General 72dz Medium Found 0 trusted forests .
06/12/2023 23:39:33.20 psconfigui.exe (0x0080) 0x16DC SharePoint Foundation General 72e0 Medium Found 0 trusted domains
06/12/2023 23:39:33.21 psconfigui.exe (0x0080) 0x16DC SharePoint Foundation Performance ftq3 Medium SearchFromGC name = mydomain.com. Error Message: The user name or password is incorrect.
06/12/2023 23:39:33.21 psconfigui.exe (0x0080) 0x16DC SharePoint Foundation Web Controls 88wj Medium Exception when search SID "0x010500000000000515000000EC5FE65F86706E04E02763009A510000" from AD "mydomain.com". Exception=The user name or password is incorrect.
The SID in the log file is the SID of the Farm administrator user account (MyDomain\SPAdmin)
I have verified permissions for the accounts SQL Service Account, SPAdmin and SPFarm and it seems they have beed correctly defined (Database permissions, Winows Permssions, Local Security Policy)
Please let me know if you have any advice, thank you.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 38%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EK7%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 33%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXX%3C/text%3E%3C/svg%3E)