We began to see this error in our SP 2013 farm a few days ago.
No configuration changes have been made in the farm or Active Directory.
Event 8306:
An exception occurred when trying to issue security token: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'..
Steps taken without success:
1. Restart SecurityToken app pool in IIS in all farm servers
We ran this but it failed:
$hostSvc = Get-SPServiceHostconfig
$hostSvc.Provision()
$SecToken=Get-SPServiceApplication | where { $_.TypeName -Like “Security Token*”}
$SecToken.provision()SecurityToken URL loads successfully:
http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc.NET trust level for the secure token service is set to "Full" in IIS
So it seems the SecurityToken service is up, but for some reason is unable to issue tokens.
Please provide some guidance on this.
Thank you in advance!

