c2WTS could not provide a valid Windows Token. Reason: "Token cannot be zero"
Quick & dirty post as this error took me longer than it should’ve to get to solve. Claims to Windows Token Service – used to convert a claim login into a Windows login for those times you need to authenticate against a service that’s not claims aware. Web-services, SQL Server, whatever it may be – you have code in wonderful claims land (SharePoint app code for example) that needs to talk to Windows authentication protected code; this service must be invoked to get there and can be somewhat troublesome to get right.
If you see this error, “c2WTS could not provide a valid Windows Token. Reason: "Token cannot be zero"” when trying to get a Windows token from a claim via the Claims to Windows Token Service (C2WTS) and you can’t work out why, it’s probably simply because your C2WTS service account doesn’t have local administrator permissions on the machine it’s running on.
When setting up C2WTS, this most useful tool can really help figure out what’s wrong. Here we see said error in said tool:
Add the service-account to the local administrators group…
…restart the Claims to Windows Token Service, er, service and you should be good to go.
Now we get a token just fine!
I hope this helps someone :)
// Sam Betts
Comments
Anonymous
October 20, 2014
Hi Sam, thanks for the explanation. Cheers, MarkusAnonymous
March 08, 2016
Thank you for sharing this tool. Very helpful!