SharePoint 2010 Secure Store Service Error

Tonight I was configuring my SharePoint 2010 farm and attempted to “Generate New Key” for the Secure Store Service.  After entering my passphrase, I was presented with the error:

An error occurred during the “Generate Key” process. Please try again or contact your administrator.

Not very helpful, and neither was the event or ULS logs.  I found this post here from Trevor that describes the same error, and he advises to ensure that the logged in user is a member of the farm administrators group – but that was OK.

After turning up the diagnostic logging, I came across this line in the logs:

The Secure Store Service application Secure Store Service is not accessible. The full exception text is: User does not have permission to perform the operation.

This seems to concur with Trevor’s findings, however the next line in the logs was:

Unexpected exception from endpoint address : https://app01:32844/cabb71d36c534d49ba47bf4ca164e983/SecureStoreService.svc/https

App01 is one of five servers in my farm, and one of two application servers.  It seemed a bit suspicious that it couldn’t communicate on a particular URL, and both app01 and app02 had the Microsoft SharePoint Foundation Web Application stopped.  As soon as I started the web application on app01 only, I was able to generate the key for the Secure Store Service.

I then confirmed that the web application was still stopped on app02.  Very weird it had a problem with one and not the other.  Nonetheless I was able to generate the key.

9 thoughts on “SharePoint 2010 Secure Store Service Error”

  1. Hi,
    I am having this problem at the moment and can’t work it out.
    The blog post linked above no longer exists, could I get some idea what the page explained so that I can find the information elsewhere? Is it simply to check the permission?


    1. Hi Michael,

      I’ve updated the link to the new URL. It should be a matter of adding the logged in user to the Farm Administrator’s group, and check the roles as well.

      Hope that helps.


  2. I found that I was only able to generate a new key when logged in as the specific account defined as the “farm administrator”. Using a different account which was also in the Farm Admins group was not sufficient… which is the opposite of what others have found apparently! :) That’s why we love SharePoint.

  3. I found I had the same error – but discovered it was because I was running it from the server directly where the hostname was different.
    Once I connected to the admin console from my own machine it worked.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>