Problem
This week I had a customer who had a error on there ADFS server, this error was internal and external, and also with the ADFS test site.
No user was able to work with their office application, because synchronization to Microsoft was not possible.
Error :
•Activity ID: c2a60103-7ffc-48e0-8ba5-0080020000ca
•Error time: Tue, 24 Dec 2019 07:37:53 GMT
•Cookie: enabled
•User agent string: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; rv:11.0) like Gecko
In the eventlog there is an error :
Log Name: AD FS/Admin
Source: AD FS
Date: 12/24/2019 11:25:08 AM
Event ID: 364
Task Category: None
Level: Error
Keywords: AD FS
User: DOMAIN\adfs-admin
Computer: DXP-0430-ADFS21.Domain.nl
Description:
Encountered error during federation passive request.
Additional Data
Protocol Name:
Relying Party:
Exception details:
Microsoft.IdentityServer.Web.IdPInitiatedSignonPageDisabledException: MSIS7012: An error occurred while processing the request. Contact your administrator for details.
at Microsoft.IdentityServer.Web.Protocols.Saml.IdpInitiatedSignOnRequestSerializer.ReadMessage(WrappedHttpListenerRequest httpRequest)
at Microsoft.IdentityServer.Web.Protocols.Saml.HttpSamlMessageFactory.CreateMessage(WrappedHttpListenerRequest httpRequest)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlContextFactory.CreateProtocolContextFromRequest(WrappedHttpListenerRequest request, ProtocolContext& protocolContext)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.CreateProtocolContext(WrappedHttpListenerRequest request)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetProtocolHandler(WrappedHttpListenerRequest request, ProtocolContext& protocolContext, PassiveProtocolHandler& protocolHandler)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
Event Xml:
<Event xmlns=”http://schemas.microsoft.com/win/2004/08/events/event”>
<System>
<Provider Name=”AD FS” Guid=”{2FFB687A-1571-4ACE-8550-47AB5CCAE2BC}” />
<EventID>364</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000001</Keywords>
<TimeCreated SystemTime=”2019-12-24T10:25:08.815259600Z” />
<EventRecordID>11621</EventRecordID>
<Correlation ActivityID=”{ED917B3C-CC41-408D-2C00-0080000000FB}” />
<Execution ProcessID=”5312″ ThreadID=”1488″ />
<Channel>AD FS/Admin</Channel>
<Computer>DXP-0430-ADFS21.Domain.nl</Computer>
<Security UserID=”S-1-5-21-1659004503-789336058-839522115-9634″ />
</System>
<UserData>
<Event xmlns=”http://schemas.microsoft.com/ActiveDirectoryFederationServices/2.0/Events”>
<EventData>
<Data>
</Data>
<Data>
</Data>
<Data>Microsoft.IdentityServer.Web.IdPInitiatedSignonPageDisabledException: MSIS7012: An error occurred while processing the request. Contact your administrator for details.
at Microsoft.IdentityServer.Web.Protocols.Saml.IdpInitiatedSignOnRequestSerializer.ReadMessage(WrappedHttpListenerRequest httpRequest)
at Microsoft.IdentityServer.Web.Protocols.Saml.HttpSamlMessageFactory.CreateMessage(WrappedHttpListenerRequest httpRequest)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlContextFactory.CreateProtocolContextFromRequest(WrappedHttpListenerRequest request, ProtocolContext& protocolContext)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.CreateProtocolContext(WrappedHttpListenerRequest request)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetProtocolHandler(WrappedHttpListenerRequest request, ProtocolContext& protocolContext, PassiveProtocolHandler& protocolHandler)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
</Data>
</EventData>
</Event>
</UserData>
</Event>
Solution
Get-AdfsProperties | fl *idpinitiatedsignon*
RelayStateForIdpInitiatedSignOnEnabled : False
EnableIdpInitiatedSignonPage : False
Set-AdfsProperties -EnableIdpInitiatedSignonPage $true
Get-AdfsProperties | fl *idpinitiatedsignon*
RelayStateForIdpInitiatedSignOnEnabled : False
EnableIdpInitiatedSignonPage : True