Management

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 773 other subscribers

Social

  • LinkedIn
  • RSS Feed for Posts
  • Twitter
  • StumbleUpon

[Solved] Encountered error during federation passive request. ADFS website fails.

Problem

This week I had a customer who had a error on there ADFS server, this error was internal and external, and also with the ADFS test site.

No user was able to work with their office application, because synchronization to Microsoft was not possible.

Error :
•Activity ID: c2a60103-7ffc-48e0-8ba5-0080020000ca
•Error time: Tue, 24 Dec 2019 07:37:53 GMT
•Cookie: enabled
•User agent string: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; rv:11.0) like Gecko

In the eventlog there is an error :

Log Name: AD FS/Admin
Source: AD FS
Date: 12/24/2019 11:25:08 AM
Event ID: 364
Task Category: None
Level: Error
Keywords: AD FS
User: DOMAIN\adfs-admin
Computer: DXP-0430-ADFS21.Domain.nl
Description:
Encountered error during federation passive request.
Additional Data
Protocol Name:
Relying Party:
Exception details:
Microsoft.IdentityServer.Web.IdPInitiatedSignonPageDisabledException: MSIS7012: An error occurred while processing the request. Contact your administrator for details.
at Microsoft.IdentityServer.Web.Protocols.Saml.IdpInitiatedSignOnRequestSerializer.ReadMessage(WrappedHttpListenerRequest httpRequest)
at Microsoft.IdentityServer.Web.Protocols.Saml.HttpSamlMessageFactory.CreateMessage(WrappedHttpListenerRequest httpRequest)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlContextFactory.CreateProtocolContextFromRequest(WrappedHttpListenerRequest request, ProtocolContext& protocolContext)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.CreateProtocolContext(WrappedHttpListenerRequest request)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetProtocolHandler(WrappedHttpListenerRequest request, ProtocolContext& protocolContext, PassiveProtocolHandler& protocolHandler)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
Event Xml:
<Event xmlns=”http://schemas.microsoft.com/win/2004/08/events/event”>
<System>
<Provider Name=”AD FS” Guid=”{2FFB687A-1571-4ACE-8550-47AB5CCAE2BC}” />
<EventID>364</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000001</Keywords>
<TimeCreated SystemTime=”2019-12-24T10:25:08.815259600Z” />
<EventRecordID>11621</EventRecordID>
<Correlation ActivityID=”{ED917B3C-CC41-408D-2C00-0080000000FB}” />
<Execution ProcessID=”5312″ ThreadID=”1488″ />
<Channel>AD FS/Admin</Channel>
<Computer>DXP-0430-ADFS21.Domain.nl</Computer>
<Security UserID=”S-1-5-21-1659004503-789336058-839522115-9634″ />
</System>
<UserData>

<Event xmlns=”http://schemas.microsoft.com/ActiveDirectoryFederationServices/2.0/Events”>
<EventData>
<Data>
</Data>
<Data>
</Data>
<Data>Microsoft.IdentityServer.Web.IdPInitiatedSignonPageDisabledException: MSIS7012: An error occurred while processing the request. Contact your administrator for details.
at Microsoft.IdentityServer.Web.Protocols.Saml.IdpInitiatedSignOnRequestSerializer.ReadMessage(WrappedHttpListenerRequest httpRequest)
at Microsoft.IdentityServer.Web.Protocols.Saml.HttpSamlMessageFactory.CreateMessage(WrappedHttpListenerRequest httpRequest)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlContextFactory.CreateProtocolContextFromRequest(WrappedHttpListenerRequest request, ProtocolContext&amp; protocolContext)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.CreateProtocolContext(WrappedHttpListenerRequest request)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetProtocolHandler(WrappedHttpListenerRequest request, ProtocolContext&amp; protocolContext, PassiveProtocolHandler&amp; protocolHandler)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
</Data>
</EventData>
</Event>
</UserData>
</Event>

Solution

Get-AdfsProperties | fl *idpinitiatedsignon*

RelayStateForIdpInitiatedSignOnEnabled : False
EnableIdpInitiatedSignonPage : False

Set-AdfsProperties -EnableIdpInitiatedSignonPage $true
Get-AdfsProperties | fl *idpinitiatedsignon*

RelayStateForIdpInitiatedSignOnEnabled : False
EnableIdpInitiatedSignonPage : True