Home | Recovery | Cisco How To Net How To | Blog | Search | Forums | Services | Setup Guide | Chicagotech MVP | IT Exam Practice  |  About Us | Contact Us|

 

 

Can't login ADFS: 401 - Unauthorized: Access is denied due to invalid credentials - Resolution with screenshots

 

 

Situation: I installed AD FS server and AD Sync tool on one of our servers. It works and we can sync all users to the office 365. When I try to login ADFS using mydomain.com/adfs/ls/idpinitiatedsignon.aspx internally, I can't even we have correct internal DNS setup. It keeps popup the login screen.

Then I receive this message:

401 - Unauthorized: Access is denied due to invalid credentials.

You do not have permission to view this directory or page using the credentials that you supplied.

 

The Event Viewer has this message:

Log Name: AD FS 2.0/Admin

Source: AD FS 2.0

Date: 7/30/2014 11:40:39 AM

Event ID: 364

Task Category: None

Level: Error

Keywords: AD FS

Description:

Encountered error during federation passive request.

Additional Data

Exception details:

Microsoft.IdentityServer.Configuration.ReadServiceConfigFailedException: MSIS2001: Configuration service URL is not configured. ---> Microsoft.IdentityServer.PolicyModel.Client.PolicyStoreConnectionException: ADMIN0017: An exception occurred while connecting to the configuration service. The configuration service URL 'net.tcp://localhost:1500/policy' may be incorrect or the AD FS 2.0 Windows Service is not running. ---> System.ServiceModel.EndpointNotFoundException: Could not connect to net.tcp://localhost:1500/policy. The connection attempt lasted for a time span of 00:00:02.0608368. TCP error code 10061: No connection could be made because the target machine actively refused it 127.0.0.1:1500. ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 127.0.0.1:1500

at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)

at System.Net.Sockets.Socket.Connect(EndPoint remoteEP)

at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri uri, TimeSpan timeout)

--- End of inner exception stack trace ---

Server stack trace:

at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri uri, TimeSpan timeout)

at System.ServiceModel.Channels.BufferedConnectionInitiator.Connect(Uri uri, TimeSpan timeout)

at System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan timeout)

at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan timeout)

at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)

at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)

at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)

at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)

at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan timeout)

at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)

at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)

at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:

at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)

at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)

at Microsoft.IdentityServer.Protocols.PolicyStore.IPolicyStore.Search(FilterData filter, Int32 maxObjects, String[] propertyNames)

at Microsoft.IdentityServer.PolicyModel.Client.PolicyStoreClientManager.SearchWorker(Filter filter, Int32 maxObjects, String[] propertyNames, Boolean firstTry, PropertyFactoryBase propertyFactory)

--- End of inner exception stack trace ---

at Microsoft.IdentityServer.PolicyModel.Client.PolicyStoreClientManager.SearchWorker(Filter filter, Int32 maxObjects, String[] propertyNames, Boolean firstTry, PropertyFactoryBase propertyFactory)

at Microsoft.IdentityServer.PolicyModel.Client.PolicyStoreClientManager.SearchWorker(Filter filter, Int32 maxObjects, String[] propertyNames, Boolean firstTry, PropertyFactoryBase propertyFactory)

at Microsoft.IdentityServer.PolicyModel.Client.PolicyStoreClientManager.Search(Filter filter, Int32 maxObjects, String[] propertyNames, PropertyFactoryBase propertyFactory)

at Microsoft.IdentityServer.PolicyModel.Client.PolicyManagerBase.Search[T](Filter filter, Int32 maxItems, String[] properties, PropertyFactoryBase propertyFactory)

at Microsoft.IdentityServer.PolicyModel.Client.PolicyManagerBase.GetItem[T](Filter filter, String[] properties, PropertyFactoryBase propertyFactory)

at Microsoft.IdentityServer.Configuration.ServiceConfigurationReader.ReadServiceConfiguration()

--- End of inner exception stack trace ---

at Microsoft.IdentityServer.Configuration.ServiceConfigurationReader.ReadServiceConfiguration()

at Microsoft.IdentityServer.Configuration.ServiceConfigurationReader.get_ServiceConfiguration()

at Microsoft.IdentityServer.Configuration.ServiceConfigurationReader.GetHostNetTcpPort()

at Microsoft.IdentityServer.Web.PassivePolicyManager..ctor()

at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.GetIssuerFriendlyName()

Microsoft.IdentityServer.PolicyModel.Client.PolicyStoreConnectionException: ADMIN0017: An exception occurred while connecting to the configuration service. The configuration service URL 'net.tcp://localhost:1500/policy' may be incorrect or the AD FS 2.0 Windows Service is not running. ---> System.ServiceModel.EndpointNotFoundException: Could not connect to net.tcp://localhost:1500/policy. The connection attempt lasted for a time span of 00:00:02.0608368. TCP error code 10061: No connection could be made because the target machine actively refused it 127.0.0.1:1500. ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 127.0.0.1:1500

at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)

at System.Net.Sockets.Socket.Connect(EndPoint remoteEP)

at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri uri, TimeSpan timeout)

--- End of inner exception stack trace ---

Server stack trace:

at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri uri, TimeSpan timeout)

at System.ServiceModel.Channels.BufferedConnectionInitiator.Connect(Uri uri, TimeSpan timeout)

at System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan timeout)

at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan timeout)

at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)

at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)

at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)

at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)

at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan timeout)

at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)

at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)

at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:

at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)

at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)

at Microsoft.IdentityServer.Protocols.PolicyStore.IPolicyStore.Search(FilterData filter, Int32 maxObjects, String[] propertyNames)

at Microsoft.IdentityServer.PolicyModel.Client.PolicyStoreClientManager.SearchWorker(Filter filter, Int32 maxObjects, String[] propertyNames, Boolean firstTry, PropertyFactoryBase propertyFactory)

--- End of inner exception stack trace ---

at Microsoft.IdentityServer.PolicyModel.Client.PolicyStoreClientManager.SearchWorker(Filter filter, Int32 maxObjects, String[] propertyNames, Boolean firstTry, PropertyFactoryBase propertyFactory)

at Microsoft.IdentityServer.PolicyModel.Client.PolicyStoreClientManager.SearchWorker(Filter filter, Int32 maxObjects, String[] propertyNames, Boolean firstTry, PropertyFactoryBase propertyFactory)

at Microsoft.IdentityServer.PolicyModel.Client.PolicyStoreClientManager.Search(Filter filter, Int32 maxObjects, String[] propertyNames, PropertyFactoryBase propertyFactory)

at Microsoft.IdentityServer.PolicyModel.Client.PolicyManagerBase.Search[T](Filter filter, Int32 maxItems, String[] properties, PropertyFactoryBase propertyFactory)

at Microsoft.IdentityServer.PolicyModel.Client.PolicyManagerBase.GetItem[T](Filter filter, String[] properties, PropertyFactoryBase propertyFactory)

at Microsoft.IdentityServer.Configuration.ServiceConfigurationReader.ReadServiceConfiguration()

System.ServiceModel.EndpointNotFoundException: Could not connect to net.tcp://localhost:1500/policy. The connection attempt lasted for a time span of 00:00:02.0608368. TCP error code 10061: No connection could be made because the target machine actively refused it 127.0.0.1:1500. ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 127.0.0.1:1500

at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)

at System.Net.Sockets.Socket.Connect(EndPoint remoteEP)

at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri uri, TimeSpan timeout)

--- End of inner exception stack trace ---

Server stack trace:

at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri uri, TimeSpan timeout)

at System.ServiceModel.Channels.BufferedConnectionInitiator.Connect(Uri uri, TimeSpan timeout)

at System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan timeout)

at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan timeout)

at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)

at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)

at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)

at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)

at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan timeout)

at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)

at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)

at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:

at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)

at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)

at Microsoft.IdentityServer.Protocols.PolicyStore.IPolicyStore.Search(FilterData filter, Int32 maxObjects, String[] propertyNames)

at Microsoft.IdentityServer.PolicyModel.Client.PolicyStoreClientManager.SearchWorker(Filter filter, Int32 maxObjects, String[] propertyNames, Boolean firstTry, PropertyFactoryBase propertyFactory)

System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 127.0.0.1:1500

at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)

at System.Net.Sockets.Socket.Connect(EndPoint remoteEP)

at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri uri, TimeSpan timeout)


Resolution:

1. Edit the web.config file on each server in the AD FS federation server farm1.In Windows Explorer, locate the C:\inetpub\adfs\ls\ folder, and then make a backup copy of the web.config file.
2.Click Start, click All Programs, click Accessories, right-click Notepad, and then click Run as administrator.
3.On the File menu, click Open. In the File Name box, type C:\inetpub\adfs\ls\web.config, and then click Open.
4.In the web.config file, follow these steps: a.Locate the line that contains <authentication mode=, and then change it to <authentication mode="Forms"/>.
b.Locate the section that begins with <localAuthenticationTypes>, and then change the section so that the <add name="Forms" entry is listed first, as follows:
<localAuthenticationTypes>

<add name="Forms" page="FormsSignIn.aspx" />

<add name="Integrated" page="auth/integrated/" />
<add name="TlsClient" page="auth/sslclient/" />
<add name="Basic" page="auth/basic/" />

5.On the File menu, click Save.
6.At an elevated command prompt, restart IIS by using the iisreset command.


  

  

 


 

 

 

Contact a consultant

Related Topics

 

 

 

Bob Lin Photography services

Real Estate Photography services 

 

  This web is provided "AS IS" with no warranties.
Copyright © 2002-2018 ChicagoTech.net, All rights reserved. Unauthorized reproduction forbidden.