Quantcast
Channel: Azure Active Directory forum
Viewing all 16000 articles
Browse latest View live

Azure AD Sync tool - Password Synchronization Event ID 611

$
0
0

Permissions have been provided for the AD Sync tool account to connect to on-premise Active Directory

  • ·       Replicating Directory Changes <o:p></o:p>
  • ·       Replicating Directory Changes All <o:p></o:p>

Error message is below.


Log Name:      Application
Source:        Directory Synchronization
Date:          15/05/2015 12:04:14 PM
Event ID:      611
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      winvdazs01.<domain name>
Description:
Password synchronization failed for domain: <domain name>. Details:
Microsoft.Online.PasswordSynchronization.SynchronizationManagerException: Unable to open connection to domain: <domainname>. Error: There was an error creating the connection context. ---> Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsException: There was an error creating the connection context. ---> System.MissingMethodException: Method not found: 'IntPtr System.Runtime.InteropServices.Marshal.GetFunctionPointerForDelegate(!!0)'.
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnectionContext.CreateDrsHandle(Void* rpcBindingHandle, SafePointer<_SEC_WINNT_AUTH_IDENTITY_W> authHandle)
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnection.CreateConnectionContext(SourceDomainController sourceDomain)
   --- End of inner exception stack trace ---
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnection.CreateConnectionContext(SourceDomainController sourceDomain)
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsConnection.EstablishConnection()
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsConnection.Connect()
   at Microsoft.Online.PasswordSynchronization.RetryUtility.<>c__DisplayClass1.<ExecuteWithRetry>b__0()
   at Microsoft.Online.PasswordSynchronization.RetryUtility.ExecuteWithRetry[T](Func`1 operation, Func`1 shouldAbort, RetryPolicyHandler retryPolicy)
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.OpenConnection(IDrsConnection connection)
   --- End of inner exception stack trace ---
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.OpenConnection(IDrsConnection connection)
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.CreateConnection()
   at Microsoft.Online.PasswordSynchronization.RecoveryTask.SynchronizeCredentialsToCloud()
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.SynchronizeSecrets()
   at Microsoft.Online.PasswordSynchronization.SynchronizationExecutionContext.SynchronizeDomain()
   at Microsoft.Online.PasswordSynchronization.SynchronizationManager.SynchronizeDomain(SynchronizationExecutionContext syncExecutionContext)
Microsoft.Online.PasswordSynchronization.SynchronizationManagerException: Unable to open connection to domain: <domain name>. Error: There was an error creating the connection context. ---> Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsException: There was an error creating the connection context. ---> System.MissingMethodException: Method not found: 'IntPtr System.Runtime.InteropServices.Marshal.GetFunctionPointerForDelegate(!!0)'.
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnectionContext.CreateDrsHandle(Void* rpcBindingHandle, SafePointer<_SEC_WINNT_AUTH_IDENTITY_W> authHandle)
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnection.CreateConnectionContext(SourceDomainController sourceDomain)
   --- End of inner exception stack trace ---
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnection.CreateConnectionContext(SourceDomainController sourceDomain)
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsConnection.EstablishConnection()
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsConnection.Connect()
   at Microsoft.Online.PasswordSynchronization.RetryUtility.<>c__DisplayClass1.<ExecuteWithRetry>b__0()
   at Microsoft.Online.PasswordSynchronization.RetryUtility.ExecuteWithRetry[T](Func`1 operation, Func`1 shouldAbort, RetryPolicyHandler retryPolicy)
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.OpenConnection(IDrsConnection connection)
   --- End of inner exception stack trace ---
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.OpenConnection(IDrsConnection connection)
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.CreateConnection()
   at Microsoft.Online.PasswordSynchronization.RecoveryTask.SynchronizeCredentialsToCloud()
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.SynchronizeSecrets()
   at Microsoft.Online.PasswordSynchronization.SynchronizationExecutionContext.SynchronizeDomain()
   at Microsoft.Online.PasswordSynchronization.SynchronizationManager.SynchronizeDomain(SynchronizationExecutionContext syncExecutionContext)
Microsoft.Online.PasswordSynchronization.SynchronizationManagerException: Unable to open connection to domain: <domain name>. Error: There was an error creating the connection context. ---> Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsException: There was an error creating the connection context. ---> System.MissingMethodException: Method not found: 'IntPtr System.Runtime.InteropServices.Marshal.GetFunctionPointerForDelegate(!!0)'.
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnectionContext.CreateDrsHandle(Void* rpcBindingHandle, SafePointer<_SEC_WINNT_AUTH_IDENTITY_W> authHandle)
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnection.CreateConnectionContext(SourceDomainController sourceDomain)
   --- End of inner exception stack trace ---
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnection.CreateConnectionContext(SourceDomainController sourceDomain)
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsConnection.EstablishConnection()
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsConnection.Connect()
   at Microsoft.Online.PasswordSynchronization.RetryUtility.<>c__DisplayClass1.<ExecuteWithRetry>b__0()
   at Microsoft.Online.PasswordSynchronization.RetryUtility.ExecuteWithRetry[T](Func`1 operation, Func`1 shouldAbort, RetryPolicyHandler retryPolicy)
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.OpenConnection(IDrsConnection connection)
   --- End of inner exception stack trace ---
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.OpenConnection(IDrsConnection connection)
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.CreateConnection()
   at Microsoft.Online.PasswordSynchronization.RecoveryTask.SynchronizeCredentialsToCloud()
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.SynchronizeSecrets()
   at Microsoft.Online.PasswordSynchronization.SynchronizationExecutionContext.SynchronizeDomain()
   at Microsoft.Online.PasswordSynchronization.SynchronizationManager.SynchronizeDomain(SynchronizationExecutionContext syncExecutionContext)
.

<domain name>
Event Xml:
< Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Directory Synchronization" />
    <EventID Qualifiers="0">611</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-05-15T02:04:14.000000000Z" />
    <EventRecordID>4247</EventRecordID>
    <Channel>Application</Channel>
    <Computer>winvdazs01.<domain name></Computer>
    <Security />
  </System>
  <EventData>
    <Data>Password synchronization failed for domain: <domain name>. Details:
Microsoft.Online.PasswordSynchronization.SynchronizationManagerException: Unable to open connection to domain: <domain name>. Error: There was an error creating the connection context. ---&gt; Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsException: There was an error creating the connection context. ---&gt; System.MissingMethodException: Method not found: 'IntPtr System.Runtime.InteropServices.Marshal.GetFunctionPointerForDelegate(!!0)'.
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnectionContext.CreateDrsHandle(Void* rpcBindingHandle, SafePointer&lt;_SEC_WINNT_AUTH_IDENTITY_W&gt; authHandle)
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnection.CreateConnectionContext(SourceDomainController sourceDomain)
   --- End of inner exception stack trace ---
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnection.CreateConnectionContext(SourceDomainController sourceDomain)
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsConnection.EstablishConnection()
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsConnection.Connect()
   at Microsoft.Online.PasswordSynchronization.RetryUtility.&lt;&gt;c__DisplayClass1.&lt;ExecuteWithRetry&gt;b__0()
   at Microsoft.Online.PasswordSynchronization.RetryUtility.ExecuteWithRetry[T](Func`1 operation, Func`1 shouldAbort, RetryPolicyHandler retryPolicy)
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.OpenConnection(IDrsConnection connection)
   --- End of inner exception stack trace ---
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.OpenConnection(IDrsConnection connection)
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.CreateConnection()
   at Microsoft.Online.PasswordSynchronization.RecoveryTask.SynchronizeCredentialsToCloud()
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.SynchronizeSecrets()
   at Microsoft.Online.PasswordSynchronization.SynchronizationExecutionContext.SynchronizeDomain()
   at Microsoft.Online.PasswordSynchronization.SynchronizationManager.SynchronizeDomain(SynchronizationExecutionContext syncExecutionContext)
Microsoft.Online.PasswordSynchronization.SynchronizationManagerException: Unable to open connection to domain: <domain name>. Error: There was an error creating the connection context. ---&gt; Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsException: There was an error creating the connection context. ---&gt; System.MissingMethodException: Method not found: 'IntPtr System.Runtime.InteropServices.Marshal.GetFunctionPointerForDelegate(!!0)'.
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnectionContext.CreateDrsHandle(Void* rpcBindingHandle, SafePointer&lt;_SEC_WINNT_AUTH_IDENTITY_W&gt; authHandle)
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnection.CreateConnectionContext(SourceDomainController sourceDomain)
   --- End of inner exception stack trace ---
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnection.CreateConnectionContext(SourceDomainController sourceDomain)
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsConnection.EstablishConnection()
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsConnection.Connect()
   at Microsoft.Online.PasswordSynchronization.RetryUtility.&lt;&gt;c__DisplayClass1.&lt;ExecuteWithRetry&gt;b__0()
   at Microsoft.Online.PasswordSynchronization.RetryUtility.ExecuteWithRetry[T](Func`1 operation, Func`1 shouldAbort, RetryPolicyHandler retryPolicy)
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.OpenConnection(IDrsConnection connection)
   --- End of inner exception stack trace ---
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.OpenConnection(IDrsConnection connection)
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.CreateConnection()
   at Microsoft.Online.PasswordSynchronization.RecoveryTask.SynchronizeCredentialsToCloud()
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.SynchronizeSecrets()
   at Microsoft.Online.PasswordSynchronization.SynchronizationExecutionContext.SynchronizeDomain()
   at Microsoft.Online.PasswordSynchronization.SynchronizationManager.SynchronizeDomain(SynchronizationExecutionContext syncExecutionContext)
Microsoft.Online.PasswordSynchronization.SynchronizationManagerException: Unable to open connection to domain: <domain name>. Error: There was an error creating the connection context. ---&gt; Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsException: There was an error creating the connection context. ---&gt; System.MissingMethodException: Method not found: 'IntPtr System.Runtime.InteropServices.Marshal.GetFunctionPointerForDelegate(!!0)'.
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnectionContext.CreateDrsHandle(Void* rpcBindingHandle, SafePointer&lt;_SEC_WINNT_AUTH_IDENTITY_W&gt; authHandle)
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnection.CreateConnectionContext(SourceDomainController sourceDomain)
   --- End of inner exception stack trace ---
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnection.CreateConnectionContext(SourceDomainController sourceDomain)
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsConnection.EstablishConnection()
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsConnection.Connect()
   at Microsoft.Online.PasswordSynchronization.RetryUtility.&lt;&gt;c__DisplayClass1.&lt;ExecuteWithRetry&gt;b__0()
   at Microsoft.Online.PasswordSynchronization.RetryUtility.ExecuteWithRetry[T](Func`1 operation, Func`1 shouldAbort, RetryPolicyHandler retryPolicy)
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.OpenConnection(IDrsConnection connection)
   --- End of inner exception stack trace ---
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.OpenConnection(IDrsConnection connection)
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.CreateConnection()
   at Microsoft.Online.PasswordSynchronization.RecoveryTask.SynchronizeCredentialsToCloud()
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.SynchronizeSecrets()
   at Microsoft.Online.PasswordSynchronization.SynchronizationExecutionContext.SynchronizeDomain()
   at Microsoft.Online.PasswordSynchronization.SynchronizationManager.SynchronizeDomain(SynchronizationExecutionContext syncExecutionContext)
.

<domain name></Data>
  </EventData>
< /Event>

Many Thanks.


Sign in after multiple failures report

$
0
0

We've been reviewing the reports that are part of our Azure AD environment. The "Sign ins after multiple failures" report is puzzling. 

It shows users who have multiple login failures. The report indicates that some users have 70+ login failures before successfully logging in. However, when I question the user about it, they have no idea what happened. They indicate that they didn't have any login issues and they didn't try and login multiple times unsuccessfully. First thought is that someone is trying to login as one of my users. However, in each case, the IP address matches exactly with the user's IP address (all of my users are remote), so I know that it isn't a 3rd party.

Here's a screenshot showing what we're seeing.

The 2nd strange thing is that all of them show "Media Center PC" when the login is finally successful. 

Has anyone seen something similar? Any thoughts as to what this is coming from?

NICE write up!

$
0
0
I was going to reach out to our AD team to see which properties are being synced and decided to Bing this first. This was super easy to find, and exactly what I needed.

The Connector failed to download the latest system configuration

$
0
0

After I install and attempt to register my connector I get the error "The Connector failed to download the latest system configuration" every 50 seconds or so and the connetor fails to register in Azure. By default the connector service runs under the "NT AUTHORITY\system" context but after I change the account the service runs under to my admin account and restart the service the connector registers itself successfully in Azure.

My firewall has no kind of authentication set up which might block the "NT AUTHORITY\system" account going out to the internet so any ideas why I'm getting this error?

I've had no success (after days of troubleshooting) getting KCD to work with Azure AppProxy with the connector running under my admin account so I'm trying to get it working under the default scenario.


Application Proxy issues

$
0
0

Hi All,

I have non-claims-aware web site hosted in IIS and configured for ONLY Windows Integrated Authentication. I'm attempting to publish the site externally using Azure Application proxy but am having issues.

I have successfully registered my connector in Azure and my app config looks fine to me:

My web site uses a host header so I have published an SPN into my local AD for the http service of the web server using the following:

setSPN -A http/hostheaderName webServerName

That SPN value matches what I have set up in the Azure portal and I can query the SPN successfully in my local AD using setSPN -L webserverName.

I have also added the SPN to the delegation of my connecter server in my local AD.

As far as I can see everything looks good but when I attempt to browse to the external URL I get a status of "Bad Gateway" and the following error from Azure AppProxy "Incorrect Kerberos constrained delegation configuration in your on-premises Active Directory."

Any ideas?


distinguishing userinfo endpoint from graphAPI resouce endpoint

$
0
0

we are getting good tutorials on letting the owin pipeline use opened connect auth_code grants to go off and pre-populate a refresh token into a web apps token store - ready for one or more API consumers in the web app to silently access when converting their client_credential grant into API-resource-endpoint ready access tokens.

The pre-population accesstoken() call attempts to get access/refresh tokens on the graph resource.

Is this access to the graph there for managing pre=-pulation of tokens, or gaining access to the graph (for people pickers, for user profile access)?

Is there a difference between hooking up explicitly to the graph resource API and using a "user info" endpoint?

Is token handling different?

The answer might be as simple as: one is old architecture, and the graph API is the preferred new architecture.

165             OpenIdConnectConfigurationPing =
166                 new OpenIdConnectConfiguration()
167                 {
168                     AuthorizationEndpoint = "https://connect-interop.pinglabs.org:9031/as/authorization.oauth2",
169                     Issuer = "https://connect-interop.pinglabs.org:9031",
170                     TokenEndpoint = "https://connect-interop.pinglabs.org:9031/as/token.oauth2",
171                     UserInfoEndpoint = "https://connect-interop.pinglabs.org:9031/idp/userinfo.openid"
172                 };

checksession endpoint

$
0
0
new OpenIdConnectConfiguration() {
    AuthorizationEndpoint = "https://login.windows.net/d062b2b0-9aca-4ff7-b32a-ba47231a4002/oauth2/authorize",

    CheckSessionIframe = "https://login.windows.net/d062b2b0-9aca-4ff7-b32a-ba47231a4002/oauth2/checksession",

Anyone like to explain the meaning of the CheckSessionIframe endpoint?

Which session (and which iframe) are we talking about

As an SP, my security model is limited to processing sending (opened connect) requests, and processing responses. Perhaps, one can include metadata, too. But too much knowledge of the IDP, or FP, some homerealm selector page that is not part of the SP doesn't seem proper.

Custom Branding Hidden

$
0
0

I'm building an application that uses Azure Active Directory to authenticate - the authentication procedure works ok, however I've noticed an issue with the custom branding. When I click on a Login link I'm redirected to the Sign In page and all the branding is as expected. Once I enter a valid email address, the Sign In screen is redrawn and the illustration image disappears. Looking at the CSS it has visibility = visible and display = none (see image below). If I were to change the email address to and invalid one and then back to a valid, the CSS changes to visibility = visible and display = block and the correct illustration image is shown. Has anyone else come across this?




Azure AD Connect (re)configuration crashes

$
0
0

I'm using Azure AD Connect, and it has been working well for several days.  Yesterday I was trying out Mult-factor authentication in azure, and I had forgotten that the account used to do the sync is stored in Azure AD connect until I got a 24 hour sync error from Microsoft. 

When I tried to go back into AzureADConnect.exe to reconfigure with an account not using Multi-factor authentication - I can't get past the first screen.  When I click the checkmark "I agree..", then click connect, I get an error that "AzureADconnect has stopped working" - with the following details:

Problem signature:
  Problem Event Name:APPCRASH
  Application Name:AzureADConnect.exe
  Application Version:1.0.629.0
  Application Timestamp:55147933
  Fault Module Name:clr.dll
  Fault Module Version:4.0.30319.34209
  Fault Module Timestamp:5348a1ef
  Exception Code:c00000fd
  Exception Offset:0000000000056ba0
  OS Version:6.3.9600.2.0.0.400.8
  Locale ID:1033
  Additional Information 1:68c2
  Additional Information 2:68c2f070b69ae7aab6f2c46d9e0d817c
  Additional Information 3:1706
  Additional Information 4:170613a9fe6c8d1cbf7859eaf2783d8c

I have tried to repair and uninstall the application - but neither of those two options appear to do anything.  How can I restore the functionality of this client?

Azure Active Directory Connect -- FormatException --

$
0
0

Cannot connect to azure using azure AD connector

Error MSG

Format Exception

   Index(zero based) must be greater than or equal to zero and less than the size of the argument list.

I have no clue what that means.  Any help greatly appreciated.

JMcadoo

Authentication by Live Id

$
0
0

HI,

I have requirement to pass user name and password from my application Login page , once user provide user name and password i need to authenticate user using Active directory.

Please note: User name here is the Windows Live Id and Password is the Password for the live id account.

please suggest how can i achieve it  

ServiceNow Integration. Sub group being imported as blank group members.

$
0
0

We have noticed that if you have multi tier groups configured in Azure and try to import these into ServiceNow, the sub groups create blank entries in the Group Members tab of the groups in ServiceNow. Is there any way to stop this so the group members are only populated by users, not groups? Also, it would be really useful to have this multi tier group setup populate the parent/child relationship in ServiceNow so the group hierarchical structure is kept.

Is there a way to amend the Web Services used by Azure directly to change what data gets sent to ServiceNow?

Azure AD Connect Health Agent Installation failure

$
0
0

I am attempting to deploy Azure AD Connect Health to monitor my ADFS implementation (Two federations servers and 2 proxies all running on Server 2012 in Azure IAAS). I was able to enable the service in the Azure portal with no trouble, but I cannot get the agents to install. Specifically, I am getting stuck at the authentication phase. Here are my steps:

1. Launch powershell and run Register-ADHealthAgent cmdlet
2. Dialog pops up and asks for email. I give it and click Continue.
3. I am asked MS Account vs. Work/School. I choose Work/School and am redirected to my STS login page
4. I enter my credentials and click Login.
5. It appears that the page simply reloads, and username and password boxes are blanked out. I know the credentials I entered are correct because if I intentionally enter incorrect credentials, I get an error message about bad credentials instead of the described behavior. When I eventually give up and close the dialog, the error message in powershell and in the log for the cmdlet just inidicates that I cancelled the authentication dialog and nothing about whatever the problem is.

I have confirmed (by launching IE separately) that I can browse to https://sts.blah.com/adfs/ls/idpinitiatedsignon.aspx and authenticate with my credentials successfully, so it's not a problem with the machine reaching ADFS. The user I'm using to login is a Global Admin on the tenant and has an AAD Premium license applied. The machine I'm attempting to register is one of my ADFS proxy servers. No outbound restrictions are in place, IE ESC is disabled, and there is no forward proxy configured. I have rebooted the server multiple times.

One additional piece of information that may be relevant: I originally installed the AD Health Agent while the server was still running only powershell 3. The installation completed successfully, but the register-adhealthagent cmdlet didn't exist. I then installed WMF 4 to get PS 4. I have since uninstalled and reinstalled the AD Health Agent as a troubleshooting step, but this behavior is still present. 

Tutorial: Azure Active Directory integration with NetSuite

SignOut of AAD-integrated application without signing out of AAD

$
0
0

Hi,

We're modifying an existing asp.net web application to use Azure Active Directory for authentication, using the OWIN OpenID Connect components.  We were not previously using the OWIN authentication management components but instead maintained sessions and tracked user identify with custom code.  In our early experiments we find that if we end the user's session as maintained by our application, but invoke the OWIN login like this:

HttpContext.Current.GetOwinContext().Authentication.Challenge

AAD recognizes the user without forcing re-entry of username and password and passes the prior user identity back to the application.  So we need to do something to tell OWIN/OpenIDConnect/AAD that the user is logging out of our application.  At the same time, we do NOT want to log the user out of AAD/Office365 entirely - just out of our application.

Is this possible?

thanks!

Martin


Help with inbound sync rule

$
0
0

Hi all, I'm interested in setting an inbound rule based on the following criteria: on premise user accounts must be synchronized if and only if the following condition applies

  • company NOT NULL (AND)
  • department NOT NULL (AND)
  • mail NOT NULL (AND)
  • division NOT NULL (AND)
  • title NOT NULL (AND)
  • the account is not disabled (AND)
  • the account is not expired

I've tried to set a rule implemented like this

  • connected system = my local domain
  • object type = user
  • metaverse = person
  • link type = join
  • precedence = 20
  • scoping filter = none
  • join rules = none
  • transformations =

  flow type: expression

  target attribute: cloudFiltered

  source: IIF(IsNullOrEmpty([department]) || IsNullOrEmpty([company]) || IsNullOrEmpty([division]) || IsNullOrEmpty([title]) || IsNullOrEmpty([mail]) || [userAccountControl] = 514 || [userAccountControl] = 66050 || [accountExpires] < Now, True, False)

  apply once: unchecked

  merge type: update

But it doesn't work :( :(

Any suggestions? Thanks in advance!!

Azure AD Connect Health: "Health service data is not up to date" error

$
0
0

I've deployed connect health to monitor my ADFS implementation (2 federation servers, 2 proxies. server 2012. ADFS 2.1. All in Azure IAAS VMs. No outbound restriction/proxy/limitations, etc.) I have the blade created in my azure portal, and I have the agents deployed to all four servers. I can see the servers in the azure portal, but they are all listed as "warning" status with the error "health service data is not up to date" and additional info about how no information has been received since X date.

If I restart the three windows AD heatlh services on the servers, the date will update (so it seems like it gets a heartbeat from the server), but it doesn't move the warning from active to resolved. Also, I see no data about logins processed, services authenticated to, etc.

So, I have two symptoms with probably only one cause: 1. the agents aren't "phoning home" regularly, 2. I don't get any useful data in the portal.

I'd appreciate any troubleshooting ideas anyone might have.

Thanks!

Azure AD OAuth Access Token Request ::: 400 - Bad Request

$
0
0

I have an app that I am trying to implement a SSO solution with windows azure AD, but I am getting a generic 400 Bad Request Error.  I have checked and rechecked my request and it appears correct as much as I can tell:

POST https://login.windows.net/common/oauth2/token

HEADERS

Host:login.windows.net
Content-type:application/x-www-form-urlencoded
User-Agent: wTrack/.001
Date: Thu, 21 May 2015 02:48:43 GMT 

BODY

client_id=1ad9f025-dfaf-4cb7-a9ff-29ea619bab44&
client_secret=<secret>&
code=<code>&
redirect_uri=https%3A%2F%2Fwtrack.dev%2Flogin%2Fmicrosoft&
grant_type=authorization_code

I have been looking at this for quite some time.  Any help that could be provided would be greatly appreciated.

CorrelationID: 3e38d957-ab89-4c6d-b0ce-42c1800d99fb

Graph API Directory Extension (User)

$
0
0

Hello

I have registered a Directory Extension on User Object using Graph API. But I'm wondering where I can see this new extension visible on the User in Azure Management Portal or in Office365 Admin Portal??.

And how can it be exposed on Application Attributes for WAAD SSO /SAML assertions???

Regards,

Maqsood.

adal.js JavaScript runtime error: Redeclaration of const property on IE

Viewing all 16000 articles
Browse latest View live


Latest Images

<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>