none
Claims to Windows Token Service (C2WTS) Stopped and Active Directory Permissions in SharePoint not Working. RRS feed

  • Question

  • Claims to Windows Token Service (C2WTS) Stopped and Active Directory Permissions in SharePoint not Working. When I remove a user from an Active Directory Group, they still have access in SharePoint or If I add a user through Active Directory, they don't get access.

    Does the "Claims to Windows Token Service" has to be started for this to work????? 

    What are the issues of starting the "Claims to Windows Token Service"?

    Mike Williams


    SharePoint Engineer - Mike

    Tuesday, January 14, 2020 10:46 PM

All replies

  • Hi Mike,

    The SharePoint Claims to Windows Token Service (C2WTS) will be required if you want to use windows authentication for Data Sources that are outside the SharePoint farm.

    SharePoint uses c2WTS to transform a claim identity into a valid Windows Identity Token. You cannot send a request to SQL Server or other data sources passing the claim. So, for internal users in Active Directory the claim will be mapped to a Windows Identity Token and that token will be used to access the resource. Since c2WTS only requires the UPN to generate a token, by default no one can access the service. To allow access you have to edit the .config file to add the groups and users to the allowed callers section.

    Best regards

    Itch Sun


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Wednesday, January 15, 2020 5:48 AM
  • Hi ,

    I am checking your situation here.

    Any progress on your troubleshooting?

    Best regards

    Itch Sun


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Monday, January 20, 2020 7:47 AM