Feb 5, 2012 at 9:26 AM

None of our webapps use claims authentication. However we got the below error message in event viewer of the new WFE server soon after we added that server to the farm.

An exception occurred when trying to issue security token: Could not connect to http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc/actas. TCP error code 10061: No connection could be made because the target machine actively refused it ::1:32843. .

In AutoSPInstallerInput.xml, we had <ClaimsToWindowsTokenService Start="false" />
To resolve this problem, we manually started the "Claims to Windows Token Service" in central admin.

One basic question here is, why do we have to enable this service even when none of our webapplications uses claims based authentication? Can somebody clarify on this please.

Feb 6, 2012 at 6:33 PM

Whether your web apps use claims or not has no bearing on whether you need C2WTS started - the latter has more to do with the service apps you are implementing (e.g. Excel Services).

Have you provisioned Excel Services, PerformancePoint, or Visio Services?