Resolving C2WTS Error for External Data Access in SharePoint

The Claims to Windows Token Service (C2WTS) is a key player in connecting SharePoint with external systems. This service acts as a secure bridge that lets SharePoint grab data from outside sources. Imagine you’re using a provider hosted app hosted on IIS to get data from a database. In this scenario, C2WTS becomes an essential intermediary.

However, even with well-designed systems, issues can pop up. One common problem is when you’re trying to get a special key (Windows token) using the S4UClient.UpnLogon(“user@domain”) method. But instead of success, you see this error message:

“There was no endpoint listening at net.pipe://localhost/s4u/022694f3–9fbd-422b-b4b2–312e25dae2a2 that could accept the message. This is often caused by an incorrect address or SOAP action.”

Fix:

Elevate Privileges: The account responsible for the operation of the C2WTS service requires specific privileges. In the “Services” console (services.msc), locate the C2WTS service and elevate the account’s status to a member of the local “Administrators” group.

Adjust Local Security Policies: On the SharePoint server where C2WTS operates, access the “Local Security Policy” settings.

This can be done via “Start” > “Administrative Tools” > “Local Security Policy” > “Local Policies” > “User Rights Assignment.”

• Act as Part of the Operating System: Add the relevant account to this policy…