Quantcast
Channel: Azure Active Directory forum
Viewing all 16000 articles
Browse latest View live

Cannot add domain to my Azure account

November 12, 2015, 9:23 am
$
0
0

Hello there

I'm encoutering an issue with the Azure AD feature.

I cannot add my domain (sth like 'mydomain.com')as default directory.

After having added it,it cannot be validated.

However,the TXT entry (MS=ms53158453)has been added by my registrar Arsys.

When I try to check the added domain,I got a message saying thatthenDNSmy not be propagated yet.Then, after more than 24 hours,I get the message (original message in french):

"Unable to check (or validate) this domainbecause It has already been added for your client (or customer, I don't know the correct translation in this context) or another one."

See images below.

Thanx for your help.

Searching... wondering...

Search

Occationally getting "An error occurred while processing your request" for recorded webtest

November 17, 2015, 3:09 am
$
0
0

We have created a webtest and running it using GSM monitor. Occasionally we are getting below error which causes intermittent alert spam. Any clue what is the cause

https://msdn.microsoft.com/en-us/library/ms182538(v=vs.90).aspx

An error occurred while processing your request.

HTTP Error Code:400
Message:ACS20012: The request is not a valid
WS-Federation protocol message.
Trace ID:b5a36aec-e3cd-4164-b410-8247876d11d3
Timestamp:2015-11-17 05:33:30Z

Sudheer K

User's groups are not being returned in the claims

November 16, 2015, 8:26 am
$
0
0
I changed the manifest file to return 'All' groups, and gave permission to the application to access directory data.  However, groups are still not being returned in the token.  Anyone have any ideas why?

Change password for on-premises users

November 17, 2015, 5:08 am
$
0
0

Hi

i have followed: https://azure.microsoft.com/en-us/documentation/articles/active-directory-passwords-getting-started/#enable-users-to-reset-their-azure-ad-passwords

to allow on-premises users to change their password.

but when i test password change i get this error:

We're sorry, but we cannot change your password at this time. This is due to a temporary connectivity issue, so if you try again later, changing your password may succeed.

no error messages on the ADFS server, when i try to change the user password in Azure AD portal i get this error:

I cannot reset the password for blabal@balbal.com due to an unrecoverable error with the user's on-premises account configuration. Go to aka.ms/ssprtroubleshoot to learn more about this error.

its a Office 365E3 subscription and Azure AD Premium. 

Importing a database with a function that reads from other databases

November 17, 2015, 6:33 am
$
0
0

I am having trouble importing a database. The error is in executing a script that creates a function that does a join with a table in another database. This database works on SQL Server 2012 now. How can I make this type of function work on Azure?

Any help would be appreciated.

Thanks.

Using GRAPH to manage users on behalf of a 'child' Reseller

November 13, 2015, 4:32 am
$
0
0

Hello,

In my company we have multiple 'Operating Companies' who are Microsoft resellers under a single 'umbrella' organisation.

The umbrella organisation has access to each operating company through a master Admin User account/Tenant.

We currently use the old BEC API (ListUsers operation) in order to retrieve a list of users, however we are switching this over to the GRAPH API. I have a few questions regarding the usage of GRAPH:

1. Is it possible to perform GRAPH API POST,PUT and PATCH operations (not only get) while using the Master admin user, in order to create/update/delete users and subscribed Skus of customers belonging to a 'child' Operating Company?

2. If so, will this behaviour be also be possible when accessing the resources created using CSP? Reason for asking is that I am assuming the GRAPH API will act differently depending on whether it is acting upon a CSP Tenant or a Syndication one.

Many thanks

Stuart

Office 365 Unified API - Partner Tenant access

November 12, 2015, 12:12 pm
$
0
0

I use the Office 365 Unified API for my ASP.NET MVC webapp (ofcourse still highly in development).

When I query the endpoint "https://graph.microsoft.com/beta/[myTenantId]/users" I get ofcourse a list of my users in JSON.

But now I want to get a list of users in the tenant of a customer. I have delegated access and the user that authenticates has partner/delegated access to that tenant through the Microsoft Partner Network.

But for some reason I Always get back a list of MY users and not those of my customer...

Does anyone know how to achieve what I want?

Dirsync upgrade to AADConnect side by side

November 9, 2015, 10:11 am
$
0
0

Hello everybody,

I'm currently trying to upgrade the old dirsync to AADConnect by installing the new version on a new server and when I check the connector space for the Azure Directory Connector then filter the pending export to check that it will not do anything, I see that all users are waiting to be added.

Did I miss something ? I configured the same filter and the same OU, I don't want my users to be added again.

Thank you.

Jack

Search

Azure AD Connect with Password Hash Sync

November 11, 2015, 9:10 am
$
0
0

I have a very urgent question to ask. My client has ADFS v2 already in production and married to Azure AD. When users try to sign into Azure, they get redirected to ADFS v2 for authentication.

I have installed Azure AD Connect at client site in staging mode. In the User Sign-In screen, I selected “Do not configure” because they already have ADFS and also want to do all authentication in ADFS. We don’t want to disturb that setup.

Now, client is requesting to also sync Passwords to Azure AD for backup purposes before we take out AAD Connect from staging mode. I ran the AAD Connect wizard again to customize the settings. “Password hash synchronization” box is disabled!

How do I enable password hash synchronization in this situation? Please help!

Cloud App Discovery install fail -log

November 18, 2015, 12:57 am
$
0
0

Hi,

We tested a few agent deployments to non-domain joined machines and we noted data populating in the cloud app portal. Now we want to test this in production and some clients are reporting the following:

[2848:2950][2015-11-18T10:29:11]i001: Burn v3.7.1224.0, Windows v6.1 (Build 7601: Service Pack 1), path: D:\Microsoft Cloud App Discovery Endpoint Agent WCG\EndpointAgentSetup.exe, cmdline: ''
[2848:2950][2015-11-18T10:29:11]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\c0730811\AppData\Local\Temp\Cloud_App_Discovery_-_Endpoint_Agent_20151118102911.log'
[2848:2950][2015-11-18T10:29:11]i000: Setting string variable 'WixBundleOriginalSource' to value 'D:\Microsoft Cloud App Discovery Endpoint Agent WCG\EndpointAgentSetup.exe'
[2848:2950][2015-11-18T10:29:11]i000: Setting string variable 'WixBundleName' to value 'Cloud App Discovery - Endpoint Agent'
[2848:2950][2015-11-18T10:29:12]i100: Detect begin, 2 packages
[2848:2950][2015-11-18T10:29:12]i101: Detected package: SerresEndpointClientSetup_32, state: Absent, cached: None
[2848:2950][2015-11-18T10:29:12]i101: Detected package: SerresEndpointClientSetup_64, state: Absent, cached: None
[2848:2950][2015-11-18T10:29:12]i199: Detect complete, result: 0x0
[2848:2950][2015-11-18T10:29:15]i200: Plan begin, 2 packages, action: Install
[2848:2950][2015-11-18T10:29:15]i052: Condition 'NOT VersionNT64' evaluates to false.
[2848:2950][2015-11-18T10:29:15]i052: Condition 'VersionNT64' evaluates to true.
[2848:2950][2015-11-18T10:29:15]i000: Setting string variable 'WixBundleRollbackLog_SerresEndpointClientSetup_64' to value 'C:\Users\c0730811\AppData\Local\Temp\Cloud_App_Discovery_-_Endpoint_Agent_20151118102911_0_SerresEndpointClientSetup_64_rollback.log'
[2848:2950][2015-11-18T10:29:15]i000: Setting string variable 'WixBundleLog_SerresEndpointClientSetup_64' to value 'C:\Users\c0730811\AppData\Local\Temp\Cloud_App_Discovery_-_Endpoint_Agent_20151118102911_0_SerresEndpointClientSetup_64.log'
[2848:2950][2015-11-18T10:29:15]i201: Planned package: SerresEndpointClientSetup_32, state: Absent, default requested: Absent, ba requested: Absent, execute: None, rollback: None, cache: No, uncache: No, dependency: None
[2848:2950][2015-11-18T10:29:15]i201: Planned package: SerresEndpointClientSetup_64, state: Absent, default requested: Present, ba requested: Present, execute: Install, rollback: Uninstall, cache: Yes, uncache: No, dependency: Register
[2848:2950][2015-11-18T10:29:15]i299: Plan complete, result: 0x0
[2848:2950][2015-11-18T10:29:15]i300: Apply begin
[2B20:150C][2015-11-18T10:29:32]i360: Creating a system restore point.
[2B20:150C][2015-11-18T10:29:44]i361: Created a system restore point.
[2B20:150C][2015-11-18T10:29:45]i000: Caching bundle from: 'C:\Users\c0730811\AppData\Local\Temp\{d18434a1-977f-4fc2-acf4-02cbcaba297e}\.be\EndpointAgentSetup.exe' to: 'C:\ProgramData\Package Cache\{d18434a1-977f-4fc2-acf4-02cbcaba297e}\EndpointAgentSetup.exe'
[2B20:150C][2015-11-18T10:29:45]i320: Registering bundle dependency provider: {d18434a1-977f-4fc2-acf4-02cbcaba297e}, version: 0.9.37.3
[2B20:29E8][2015-11-18T10:30:16]i305: Verified acquired payload: SerresEndpointClientSetup_64 at path: C:\ProgramData\Package Cache\.unverified\SerresEndpointClientSetup_64, moving to: C:\ProgramData\Package Cache\{EBC57BD0-9131-43DF-B300-F4E61D1956D9}v0.9.37.3\SerresEndpointClientSetup_64.msi.
[2B20:150C][2015-11-18T10:30:16]i323: Registering package dependency provider: {EBC57BD0-9131-43DF-B300-F4E61D1956D9}, version: 0.9.37.3, package: SerresEndpointClientSetup_64
[2B20:150C][2015-11-18T10:30:16]i301: Applying execute package: SerresEndpointClientSetup_64, action: Install, path: C:\ProgramData\Package Cache\{EBC57BD0-9131-43DF-B300-F4E61D1956D9}v0.9.37.3\SerresEndpointClientSetup_64.msi, arguments: ' ARPSYSTEMCOMPONENT="1" MSIFASTINSTALL="7" WIXBUNDLEORIGINALSOURCE="D:\Microsoft Cloud App Discovery Endpoint Agent WCG\EndpointAgentSetup.exe" TENANTCERTPATH=""'
[2B20:150C][2015-11-18T10:32:17]e000: Error 0x80070643: Failed to install MSI package.
[2B20:150C][2015-11-18T10:32:17]e000: Error 0x80070643: Failed to execute MSI package.
[2848:2950][2015-11-18T10:32:17]e000: Error 0x80070643: Failed to configure per-machine MSI package.
[2848:2950][2015-11-18T10:32:17]i319: Applied execute package: SerresEndpointClientSetup_64, result: 0x80070643, restart: None
[2848:2950][2015-11-18T10:32:17]e000: Error 0x80070643: Failed to execute MSI package.
[2B20:150C][2015-11-18T10:32:17]i318: Skipped rollback of package: SerresEndpointClientSetup_64, action: Uninstall, already: Absent
[2848:2950][2015-11-18T10:32:17]i319: Applied rollback package: SerresEndpointClientSetup_64, result: 0x0, restart: None
[2B20:150C][2015-11-18T10:32:17]i329: Removed package dependency provider: {EBC57BD0-9131-43DF-B300-F4E61D1956D9}, package: SerresEndpointClientSetup_64
[2B20:150C][2015-11-18T10:32:17]i351: Removing cached package: SerresEndpointClientSetup_64, from path: C:\ProgramData\Package Cache\{EBC57BD0-9131-43DF-B300-F4E61D1956D9}v0.9.37.3\
[2B20:150C][2015-11-18T10:32:17]i329: Removed package dependency provider: {C398CD96-8984-4CDF-B7DF-78F64EBEEFA2}, package: SerresEndpointClientSetup_32
[2B20:150C][2015-11-18T10:32:17]i330: Removed bundle dependency provider: {d18434a1-977f-4fc2-acf4-02cbcaba297e}
[2B20:150C][2015-11-18T10:32:17]i352: Removing cached bundle: {d18434a1-977f-4fc2-acf4-02cbcaba297e}, from path: C:\ProgramData\Package Cache\{d18434a1-977f-4fc2-acf4-02cbcaba297e}\
[2848:2950][2015-11-18T10:32:17]i399: Apply complete, result: 0x80070643, restart: None, ba requested restart:  No

Thys Janse van Rensburg tewis_j@hotmail.com

Error 0x80070643: Failed to execute MSI package

September 20, 2015, 9:40 pm
$
0
0
I got this error when i tried to installing Cloud App Doscovery agent on my WIndows 7 Sp1 64 Bit.

Problem obtaining access-token for AAD tenant application with Postman

August 21, 2015, 10:30 am
$
0
0

I have an Azure web API application which is secured by an azure active directory tenant.  Through Postman I am trying to obtain the OAuth2 access token using Postaman's OAuth2 Helper.  The get access-token requires four bits of info: The tenant auth endpoint, the tenant token endpoint, the client id  and the client secret of the associated tenant application.   It also seems that the tenant application reply url must include https://www.getpostman.com/oauth2/callback which is where postman is supposed to retrieve the token into the helper. 

I can't get this to work.  The get access token button reports back an error but it is very hard to decipher what the error is: the debug url reveals nothing really.

Has anyone had any experience attempting to get an AAD Oauth access token with postman for this situation?  If so, do you have any hints as to where I should look to debug what is going on?  

Being a service provider for Azure AD

October 20, 2015, 2:36 am
$
0
0

Hi,

My company is a service provider for absence management.

Some of our clients have an Azure account and we'd like to offer them an SSO based on their azure identity.

We already fully support the SAML protocole.

How are we supposed to proceed to offer this service ?

Paul,

Propagation of federation changes when running Set-MsolDomainFederationSettings

November 18, 2015, 2:56 am
$
0
0

When changing the PassiveLogOnUri federation settings using the Set-MsolDomainFederationSettings, in order to configure the SSO redirect to ADFS federation, the propagation time takes up to 1 hour.

In details after running Set-MsolDomainFederationSettings with the changes the Get-MsolDomainFederationSettings returns the updated value but when longing to login.microsoftonline.com it redirects to the old federation url.

Thanks

POC in android which access Web API protected by Azure AD B2C

November 18, 2015, 4:54 am
$
0
0

From NeerajKosliya (@NeerajKosliya) via Twitter

The customer tweets:

"When can we expect stable android sample for azure AD B2C? Facing problems with existing one. Also where to post issues faced??"

When asked for more information the customer added:

"I was developing POC in android which access Web API protected by Azure AD B2C. Raised an issue on github repository of sample app used in tutorials. Here is the Url: https://github.com/AzureADQuickStarts/B2C-NativeClient-Android/issues/1"

Twitter link: https://twitter.com/NeerajKosliya/status/666948457740005380 and DM

Appreciate if you can advise further on this matter.
 
Thanks,
@AzureSupport

Search

Unit is not connected to the organization in Azure AD

November 18, 2015, 3:08 am
$
0
0

I am trying to connect my windows 10 computer to Azure AD but it does not complete properly Start by clicking "Join Azure AD" and suppling my credentials. It asks if it is the correct organization and telling me that my computer will be controlled by Azure if needed. I then get a message saying that it is complete but also this message: "Unit is not connected to the organization in Azure AD"

After that all seems fine but I am unable to logon using my AzureAD credentials.  Any great ideas what is happening here? Are there any logs I can check?

 

Arnfinn


B2C JWT Token Signature Validation

November 12, 2015, 5:51 pm
$
0
0

Hi security experts,

I am trying to validate the JWT token returned from ADAL (Experimental version) .acquireToken() after a successful login against a B2C tenant. I have obtained the runtime JWK token from ../discovery/v2.0/keys?p={myloginpolicy}.  I am then trying to extract the public key and validate the signature of the JWT token received earlier via:

WebClientwc =newWebClient();

varsigningTokenJwt = wc.DownloadString("https://login.microsoftonline.com/{myrealm}.onmicrosoft.com/discovery/v2.0/keys?p={myloginpolicy}");

dynamicdynObj =JsonConvert.DeserializeObject(signingTokenJwt);

n = dynObj.keys[0].n;

exp = dynObj.keys[0].e;

RSAParametersRSAKeyInfo =newRSAParameters();

RSAKeyInfo.Modulus =Encoding.UTF8.GetBytes(n);

RSAKeyInfo.Exponent =Encoding.UTF8.GetBytes(exp);

RSACryptoServiceProvidercsp = newRSACryptoServiceProvider();

csp.ImportParameters(RSAKeyInfo);

RSAPKCS1SignatureDeformatterRSADeformatter = newRSAPKCS1SignatureDeformatter(csp);

RSADeformatter.SetHashAlgorithm("SHA256");

// Bit hacky this bit for the time being to get the parts of the jwt token received that would have been signed.

byte[] data =Encoding.UTF8.GetBytes(jwtToken.Split('.')[0]+"."+ jwtToken.Split('.')[1]);

byte[] signature = Encoding.UTF8.GetBytes(jwtToken.Split('.')[2]);

byte[] hash = sha1.ComputeHash(data);

System.Diagnostics.Trace.WriteLine(csp.VerifyHash(hash,CryptoConfig.MapNameToOID("SHA256"), signature));

However, this is currently throwing an exception when I try to import the parameters into the CyptoProviderService.

You may ask why I am doing this. I have a set of SOAP web services that will be validating the bearer tokens (so cant use OWIN :-( but still have the need to confirm the token has come from a valid source and has not been tampered with).

Two question then:

1. Am I on the right track in terms of validating the signature?

2. If the above strategy is correct, what am I missing in terms of being able to successfully execute the validation?

Thanks in advance


edit: Fixed the exception, e needed to base64 decoded doh!

azure ad password synced users not able to self service change or reset password but can change password for first time login

November 18, 2015, 7:23 am
$
0
0

Anyone faced similar issue for password synced users not able to reset password and receive connectivity issue error

Error when user self service reset or change password

we couldn't change your password
We're sorry, but we cannot change your password at this time. This is due to a temporary connectivity issue, so if you try again later, changing your password may succeed. 
If the issue persists, please contact your admin to change your password for you. Cancel

Page

https://account.activedirectory.windowsazure.com/ChangePassword.aspx?portalUrl=https%3a%2f%2faccount.activedirectory.windowsazure.com%2fProfile%2fDefault.aspx

Support Code SID and UID

onclick="window.open('https://microsoft.qualtrics.com/SE/?SID=SV_8bTR2PaInGCqe7X&sourceUrl=https%3A%2F%2Faccount.activedirectory.windowsazure.com%2FChangePassword.aspx%3FportalUrl%3Dhttps%253a%252f%252faccount.activedirectory.windowsazure.com%252fProfile%252fDefault.aspx&productVersion=1.0.0.688&Q_Lang=en-GB&role=NonAdmin', 'O365_PopUp_Window', 'height=900, width=800, top=-66, left=283, scrollbars=yes,

PUID:10030000947EA16F TID:d1e87ad4-f8e9-43cf-a9c9-014ad5ce9556 SID:a2963452-d11d-4e11-86f9-86a32faaa65f CID:bfb98858-8db7-4507-9918-a2a4ad8c1407 F:15GA

SID=SV_8bTR2PaInGCqe7X&sourceUrl=https%3A%2F%2Faccount.activedirectory.windowsazure.com%2FChangePassword.aspx%3FportalUrl%3Dhttps%253a%252f%252faccount.activedirectory.windowsazure.com%252fProfile%252fDefault.aspx&productVersion=1.0.0.688&Q_Lang=en-

PUID:10030000947EA16F TID:d1e87ad4-f8e9-43cf-a9c9-014ad5ce9556 SID:a2963452-d11d-4e11-86f9-86a32faaa65f CID:bfb98858-8db7-4507-9918-a2a4ad8c1407 F:15GA

User

Password synced users

Symptoms


Users able to change password when requested during first time login.

Admin able to reset password for users but user not able to self-service to change or reset password.

User has registered with authentication method (1 only) as configured.

AD Connect Sync is syncing ok as per default frequency. Password Write Back Status in Azure Management Portal is "Configured"

Anyone please. Thanks.

Code example for combining AAD SSO and Azure Storage account

November 13, 2015, 1:29 pm
$
0
0

Is there any code example that meets following requirements: (Could be web either application or native application)

1. Provide SSO Authentication with Azure Active Directory;

2. User could also self-register to the application;

3. After login, a user can access his own database data. (from azure sql database service);

4. After login, a user can upload or download files to or from his/her own folder.(to or from azure storage account service);

Is there any code example can meet as many requirement as possible from above.

Adding a "Key" to the configuration of an application in Azure Active Directory does not show me the key but still gets created

January 13, 2015, 5:25 am
$
0
0

Hi,

I am currently trying to configure a new Web Application on an Azure Active Directory associated with an O365 tenant. I've followed the instructions found here and all but the Key functionality is set up fine. But I need a key and this is where my problem begins. When I go to create a key I click the drop down and select either 1-year or 2-year options and click the Save button. It waits for a moment, and eventually returns an error like this one: "Could not update the configuration for app 'mynewapp'.". The result is it does not show me a key because the portal thinks it failed. However when I refresh the browser and load the application configuration back up I can see that in fact a key has been created.

Any thoughts as to what's causing this problem and how I can work around it?

Regards.

Viewing all 16000 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>