SharePoint 2010 Secure Store Service Error

Your ads will be inserted here by

Easy Ads.

Please go to the plugin admin page to set up your ad code.

Tonight I was configuring my SharePoint 2010 farm and attempted to “Generate New Key” for the Secure Store Service.  After entering my passphrase, I was presented with the error:

An error occurred during the “Generate Key” process. Please try again or contact your administrator.

Not very helpful, and neither was the event or ULS logs.  I found this post here from Trevor that describes the same error, and he advises to ensure that the logged in user is a member of the farm administrators group – but that was OK.

After turning up the diagnostic logging, I came across this line in the logs:

The Secure Store Service application Secure Store Service is not accessible. The full exception text is: User does not have permission to perform the operation.

Your ads will be inserted here by

Easy Ads.

Please go to the plugin admin page to set up your ad code.

This seems to concur with Trevor’s findings, however the next line in the logs was:

Unexpected exception from endpoint address : https://app01:32844/cabb71d36c534d49ba47bf4ca164e983/SecureStoreService.svc/https

App01 is one of five servers in my farm, and one of two application servers.  It seemed a bit suspicious that it couldn’t communicate on a particular URL, and both app01 and app02 had the Microsoft SharePoint Foundation Web Application stopped.  As soon as I started the web application on app01 only, I was able to generate the key for the Secure Store Service.

I then confirmed that the web application was still stopped on app02.  Very weird it had a problem with one and not the other.  Nonetheless I was able to generate the key.

Your ads will be inserted here by

Easy Ads.

Please go to the plugin admin page to set up your ad code.

9 thoughts on “SharePoint 2010 Secure Store Service Error”

  1. Hi,
    I am having this problem at the moment and can’t work it out.
    The blog post linked above no longer exists, could I get some idea what the page explained so that I can find the information elsewhere? Is it simply to check the permission?

    Thanks,
    Michael

    1. Hi Michael,

      I’ve updated the link to the new URL. It should be a matter of adding the logged in user to the Farm Administrator’s group, and check the roles as well.

      Hope that helps.

      Cheers,
      Peter

  2. I found that I was only able to generate a new key when logged in as the specific account defined as the “farm administrator”. Using a different account which was also in the Farm Admins group was not sufficient… which is the opposite of what others have found apparently! 🙂 That’s why we love SharePoint.

  3. I found I had the same error – but discovered it was because I was running it from the server directly where the hostname was different.
    Once I connected to the admin console from my own machine it worked.

Leave a Reply

Your email address will not be published. Required fields are marked *