When upgrading to windows server 2008 R2 from sans R2 the Security Token Service loses its self-generated certificates and an error “The requested service, 'http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc' could not be activated.”  The resolution is simple enough.  Re-Provision the Token Service.  This seems like a popular way to fix a lot of things in SharePoint 2010.  Something’s broken?  Recreate the service application.  Jon in support was awesome he gave me a nice little PowerShell script.

$sts = Get-SPServiceApplication | where {$_.name -like "*token*"}
$sts.provision()

All this does is find service application with the name token in it and then it provisions it.  Simple enough but took forever to figure out.