This project has moved and is read-only. For the latest updates, please go here.

sts_token_request_failed: Token request to security token service failed.

Nov 12, 2014 at 8:21 AM
I m hitting this error when testing a tenant connection

Unable to connect to Azure tenant for following reason:
sts_token_request_failed: Token request to security token service failed. Check InnerException for more details
It may be expected if w3wp process of central admin has intentionally no access to Azure.


I tried to run a console App .exe in my SP Server using Azure Graph Client with the same tenant name, id, client id, secret. The Console App runs without error. But i still hit error when adding tenant in Central Admin.

Any idea?

below are some error i found in ULS

[AzureCP] Unexpected error while acquiring a AccessToken: sts_token_request_failed: Token request to security token service failed. Check InnerException for more details, Callstack:
at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.AcquireTokenFromACS(String resource, ICredential credential)
at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.AcquireToken(String resource, ClientCredential credential)
at azurecp.AzureCP.GetAccessToken(AzureTenant coco).

[AzureCP] Details of error while acquiring a AccessToken: System.Net.WebException: The remote server returned an error: (400) Bad Request., Callstack:
at System.Net.HttpWebRequest.GetResponse()
at Microsoft.IdentityModel.Clients.ActiveDirectory.HttpHelper.SendPostRequestAndDeserializeJsonResponse[T](String uri, StringBuilder messageBuilder).
Nov 12, 2014 at 1:59 PM
hello,
can you try to run the console application with the same account (and on same machine) as the one the central admin application pool (farm account)?
Does it work in this case?
cheers,
Yvan
Nov 19, 2014 at 9:16 AM
Hi Yvand,

I managed to find out the root cause of this issue.

In my Azure Management Portal, We have added a user as "Co-Administrator" role and if we create the Application using this Co-admin account, the App created will have this issue when adding new tenant in SharePoint Central Admin.

We then deleted the created App and login using "Global Admin" role, which is the account we used to create the Azure Subscription, to create another App. This time, the error is gone.
Marked as answer by Yvand on 11/19/2014 at 4:17 AM