SharePoint 2013 Secure store service Error - Sorry this site hasn't been shared with you

Alessandro Piras 96 Reputation points
2021-06-17T19:18:03.427+00:00

Hi all,

i just performed a clean install of SharePoint server 2013 (SP1) on a server.
the farm consists of only one server.
After installing SharePoint and all service applications:
• Excel Service
• Performance Point Service
• SQL Server Reporting Services Service Application
• Secure Store Service Application
I encountered a problem on the Secure Store service:
when I open the service application I get "Sorry this site hasn't been shared with you".

in the event viewer log i see:
"The Secure Store Service application Secure Store Service is not accessible. The full exception text is: Could not establish trust relationship for the SSL / TLS secure channel with authority 'servername: 32844'"

I tried to:

  • re-import the SharePoint root certificate into manage trust
  • I have checked and there are no associated certificates in the "SharePoint web services" site

The secure store service application is running.
what can i do? I don't understand where the problem is.

THANK YOU!!

SharePoint Server
SharePoint Server
A family of Microsoft on-premises document management and storage systems.
2,206 questions
SharePoint Server Management
SharePoint Server Management
SharePoint Server: A family of Microsoft on-premises document management and storage systems.Management: The act or process of organizing, handling, directing or controlling something.
2,794 questions
0 comments No comments
{count} votes

Accepted answer
  1. Alessandro Piras 96 Reputation points
    2021-06-30T11:08:57.457+00:00

    Hi Echo Du,

    I deleted and recreated the service application but the result is always the same.
    However, I found the solution to the problem.
    the problem was not related to permissions or certificates but to the TLS settings that the customer applied on the machines.
    As I showed you earlier, the TLS and Ciphers settings had been customized.
    To fix the problem I had to enable strong cryptography in .NET Framework 4.6. adding the following registry keys:

    Windows Registry Editor Version 5.00
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319]
    "SchUseStrongCrypto"=dword:00000001
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft.NETFramework\v4.0.30319]
    "SchUseStrongCrypto"=dword:00000001

    https://learn.microsoft.com/en-us/sharepoint/security-for-sharepoint-server/enable-tls-and-ssl-support-in-sharepoint-2013#16---enable-strong-cryptography-in-net-framework-46-or-higher

    After this I was able to successfully open the Secure StoreService page.

    Thank you very much!!


1 additional answer

Sort by: Most helpful
  1. Echo Du_MSFT 17,116 Reputation points
    2021-06-18T02:38:35.23+00:00

    Hello @Alessandro Piras ,

    Welcome to Q&A Forum!

    Per my understanding, the reason is some permissions and GPO issues when we installed SharePoint. That the server was too locked down and the installer was unable to import the root certificate.

    For resolving your issue, you need to add the SSL to the SharePoint Trusted Root Authority. You are able to do as the followings:

    1.Export a SSL Certificate from Windows Server.

    2.Add the SSL Certificate into SharePoint Trusted Root Certificate authority.

    3.Open IIS >> Application Pools >> SecurityTokenServiceApplicationPool >> right click >> Advanced Settings >> make sure the Identity is a farm account

    4.Reset IIS: Open Windows PowerShell as an admin >> enter iisreset

    Here is an article about exporting a SSL Certificate and adding it into SharePoint Trusted Root Certificate authority.

    Below is a similar post for your reference:

    Thanks,
    Echo Du

    ==============================

    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.