When you are setting up a SharePoint server by cloning or deploying from a VMware template, you may receive errors relating to the Security Token Service. In this case, you may want to look at the certificates stored in the new machine. If you open up the certificate console of the Local Machine, there is a folder called SharePoint which has the following certificates issued by the SharePoint Root Authority:
https://blogs.blackmarble.co.uk/blogs/rhepworth/post/2010/01/07/reassigning-the-correct-ssl-certificate-to-sharepoint-2010-web-services-iis-site.aspx
- SharePoint Security Token Service
- SharePoint Security Token Service Encryption
- SharePoint Services
- The certificates may be valid, but when you try to export the certificates, you will see that there exists no Private key for each of the certificates. In this case, it is recommended to delete these certificates and import fresh certificates with the private key (in .pfx) format from any other machine where SharePoint is running correctly. The scenario I described here is typically for cloned virtual machines. In general, if you see Security Token Service related errors, you may want to refer to the following articles:
https://blogs.blackmarble.co.uk/blogs/rhepworth/post/2010/01/07/reassigning-the-correct-ssl-certificate-to-sharepoint-2010-web-services-iis-site.aspx
