Quantcast
Channel: Azure Active Directory forum
Viewing all 16000 articles
Browse latest View live

Publisher Domain verification fails because "Verification of publisher domain failed. Error getting JSON file from https://{publisher_domain}/.well-known/microsoft-identity-association. The server returned an unexpected content type header value. [f566g]"

July 29, 2019, 6:30 am
$
0
0

I'm trying to verify the publisher domain of my application but it's not working despite the json file being available when checking the link in a browser.https://{publisher_domain}/.well-known/microsoft-identity-association.

The instructions ask for the json file being hosted at https://{publisher_domain}/.well-known/microsoft-identity-association.json. I get the following error message:
Verification of publisher domain failed. Error getting JSON file from https://app.swydo.com/.well-known/microsoft-identity-association. The server returned an unexpected content type header value. [vquV0]

Does anyone know what can be the problem? 

Search

Not able to get the tenant ID

August 11, 2019, 8:44 pm
$
0
0

Hi,

I am trying to get the tenantID. I tried following the steps provided.

When trying to open Manage  -> Properties in Azure Active directory in the Azure Portel, i am getting an error

"Unable to complete due to service connection error, please try again later."

Please provide me with a solution on how to fix this.

Thanks and regards,

Anil Simon


Get Token Request failing with AADSTS7000218

August 2, 2019, 2:31 pm
$
0
0

Hi,

I am using the sample provided at https://github.com/microsoft/PowerBI-Node and use the correct application ID along with the below config defined in the Jason config file.

{
    "authorityUrl" : "https://login.microsoftonline.com/common/",
    "resourceUrl" : "https://analysis.windows.net/powerbi/api",
    "apiUrl" : "https://api.powerbi.com/",
    "appId" : "",
    "workspaceId" : "",
    "reportId" : "",
    "username" : "",
    "password" : ""
}

But when this method is called 


    // use user credentials and appId to get an aad token
    let promise = () => { return new Promise(
        (resolve, reject) => {
            context.acquireTokenWithUsernamePassword(config.resourceUrl, config.username, config.password, config.appId , function(err, tokenResponse) {
                if (err) reject(err);
                resolve(tokenResponse);
            })
        });
    };

then It throw this error.

Get Token request returned http error: 401 and server response: {"error":"invalid_client","error_description":"AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'.\r\nTrace ID: 6560c4b9-fe40-4120-ab2a-921956300000\r\nCorrelation ID: fd7fb0dd-e345-4206-b426-d121000f7393\r\nTimestamp: 2019-08-02 19:14:41Z","error_codes":[7000218],"timestamp":"2019-08-02 19:14:41Z","trace_id":"6560c4b9-fe40-4120-ab2a-921956300000","correlation_id":"fd7fb0dd-e345-4206-b426-d121000f7393"}

I do not understand why it is asking for client Secret because there is no option provided in this to specific client secret. Not sure where I need to specify that . Now sure How can we make this sample work.

I have use Azure Portal to register the App and assigning permission to PowerBI but that also did not worked and throwing the same error.

Any help would be really appreciated.

Regards
Rajaniesh


is there is any API to revoke outlook authorization?

August 21, 2019, 2:30 am
$
0
0

Is there is any way to revoke APP authorization to an outlook account by API?

Google has this oauth2/revoke

Anyone know how to do with outlook?

is there is any way to add multiple events on outlook calendar?

August 26, 2019, 11:20 pm
$
0
0
is there is any way to add multiple events on outlook calendar using Microsoft graph. I am able to add one event at a time 

Oauth troubleshooting

August 27, 2019, 1:14 am
$
0
0

We have a domain that is synced to Azure AD (Azure AD Connect). We also use O365.

We have users joined to the on-prem domain and users joined to Azure AD. The on-prem domain is phased out.

In Azure AD we have an app registration to provide access to FileMaker.

This setup is working perfectly well for all Azure AD joined users but not for the on-prem domain users although they are synced to Azure AD.

Any idea why this behavior and is there a solution?

User experience is that a credential verification is started but then it seems like the process stalls and nothing happens. Is there a tool to monitor this?

For the Azure AD joined users, the credential verification goes seamlessly (no user, no pw, no 2FA asked) and FileMaker starts. 

Thanks!

Azure AD User Data Geo Location

August 27, 2019, 2:00 am
$
0
0

Hello,

From a compliance perspective, Is there a way to know and control the geographical location of AD users data (Addresses, phone numbers, etc..).

Thank You.

Domain Controller on Cloud : PAAS

August 27, 2019, 4:25 am
$
0
0

We do not have any on premises DC and we are planning to have DC on Azure as PAAS. Can you please confirm once we have DC on Azure up and running. Can we join our on premises server or machine to Azure DC ?

Is it supported by MS ?

Search

Multi Factor Authentication

August 27, 2019, 4:40 am
$
0
0

I enabled MFA for my o365 account, I get prompted when going to OWA, which works, but I'm also being asked for my password on my phone when trying to access my mail account and putting it in does not work. I'm also being prompted for a password on my Outlook (0365 version on Win10). why would it be doing this and how do I get around this issue?

Thanks

Patrick

Azure App registration Logout URL

August 27, 2019, 5:12 am
$
0
0

Hi Team,

Can you please tell me how to setup logout URL for registered App in Azure ?

We want to route users back to application sign in page and clear all Microsoft log in cache.

Migrate user profiles to Azure from Windows 7 and Windows 10

August 24, 2019, 4:53 am
$
0
0

Hi

We are preparing to move our consultants and sales staff to Azure. All will get new PC's.-
That is one issue to deal with

But even when I login to our Azure (only preliminary setup by now) from an existing PC, none of my data, my mail account, application setting or other, are there but in the old local or Domain profile!

With the "real" users the problem is even greater as they are on standalone Win7 & 10 PC's (Workgroup) with oneDrive as backup, and they run a mix of Office 2013 and 2016, 32 and 64bit.

I am searching for a path that can result in our users having all their data, mail, mail-setup etc. moved over to their new Windows 10 AzureAD joined PC's.

I have searched for days now but cannot find anyone who has successfully done this?

Non Gallery application integration

August 19, 2019, 6:51 am
$
0
0

Hi,

We have integrated an app which is working fine while we type URL directly to the browser .

We are also able to access the link from open office, PDF, wordpad, Email. But we are unable to access link from microsoft word, excel, PPT. ?

Any ides what could be the issue ?

Chrome tries to automatically login me in to Sharepoint/Office365 sites with wrong user profile

August 27, 2019, 5:57 am
$
0
0
My Chrome browser no longer lets me login to SharePoint/Office365 sites with my main user profile at work. Last week, I logged into a service/app account that my team maintains for an internal application sends emails via the Office365 smtp server. Now anytime I try to access a Microsoft site, it automatically tries to login to the service/app account, even when I enter my main user credentials. I have tried clearing all browser data (cookies, cache, passwords, etc), and even uninstalled/reinstalled Chrome and restarted my computer. Nothing fixes this issue. Does anyone know of any other solutions? Is there a location where I can clear AAD cookies on my local computer?

Office 365 Exchange Dynamic Distribution Group.

August 22, 2019, 8:57 am
$
0
0

Hello, 

I want to create a dynamic distribution group in the O365 Exchange portal which uses a rule to "import" mailuser that has the Usagelocation attribute of "US".  

I do not see Usagelocation when I click the rule drop down.  Please see attached, and advise if there is a way.  

I apologize if this is not the correct forum.  I do not see any O365 forum in Technet.  

Thanks.

Azure AD, recovery of deleted devices

October 14, 2018, 12:11 pm
$
0
0

Hi,

can any one help me with steps to recovery the  deleted device from Azure AD, mainly looking Bitlocker recovary key? 

Thanks 

Rajesh

Search

AD Connect health agent registration failed after installation

April 16, 2018, 6:48 pm
$
0
0

After this installation of Azure AD Connect on a Windows Server 2012 R2 machine, the AD Connect health agent doesn't register. The services on the machine stay disabled and not started. I've read that I need to run the Powershell command: 

Register-AzureADConnectHealthSyncAgent -AttributeFiltering:$false -StagingMode:$false

However, this doesn't work as it comes back with "Configuration failed"

2018-04-17 01:40:54.893 Aquiring Monitoring Service certificate using tenant.cert


Configuration Failed

To retry configuration, type:
Register-AzureADConnectHealthSyncAgent

Monitoring will not start until configuration is successful.

To review installation steps and requirements, please visit:
http://go.microsoft.com/fwlink/?LinkID=518643

Detailed log file created in temporary directory:
C:\Users\admin.inova\AppData\Local\Temp\AdHealthAadSyncAgentConfiguration.2018-04-16_19-40-21.log

Register-AzureADConnectHealthSyncAgent : Failed configuring Monitoring Service using command: C:\Program
Files\Microsoft Azure AD Connect Health Sync
Agent\Monitor\Microsoft.Identity.Health.AadSync.MonitoringAgent.Startup.exe sourcePath="C:\Program Files\Microsoft
Azure AD Connect Health Sync Agent\tenant.cert" version="1.1.751.0"
At line:1 char:1+ Register-AzureADConnectHealthSyncAgent -AttributeFiltering:$false -St ...+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+ CategoryInfo          : NotSpecified: (:) [Register-AzureADConnectHealthSyncAgent], InvalidOperationException+ FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.Identity.AadConnect.Health.AadSync.PowerShell
   .ConfigurationModule.RegisterAzureAdConnectHealthSyncAgent

There is no Proxy server used, which can be seen in the log files too:

2018-04-17 01:40:21.175 User Context outbound connections to https://management.azure.com/providers/Microsoft.ADHybridHealthService/ will use proxy address https://management.azure.com/providers/Microsoft.ADHybridHealthService/ (if equal, no proxy is used)
2018-04-17 01:40:21.175 Service Context: Outbound connections to https://management.azure.com/providers/Microsoft.ADHybridHealthService/ will use proxy address https://management.azure.com/providers/Microsoft.ADHybridHealthService/ (if equal, no proxy is used)

So, when I try to run the test-azureadconnecthealthconnectivity, I get the following:

PS C:\Windows\system32> Test-AzureADConnectHealthConnectivity -Role Sync
Test-AzureADConnectHealthConnectivity's execution in details are as follows:
Starting Test-AzureADConnectHealthConnectivity ...

Connectivity Test Step 1 of 3: Testing dependent service endpoints begins ...
AAD CDN connectivity is skipped.
Connecting to endpoint https://login.microsoftonline.com
Endpoint validation for https://login.microsoftonline.com is Successful.
Connecting to endpoint https://login.windows.net
Unhandled exception occurred: The operation has timed out
Connecting to endpoint https://policykeyservice.dc.ad.msft.net/clientregistrationmanager.svc
Endpoint validation for https://policykeyservice.dc.ad.msft.net/clientregistrationmanager.svc is Successful.
Connecting to endpoint https://policykeyservice.dc.ad.msft.net/policymanager.svc
Endpoint validation for https://policykeyservice.dc.ad.msft.net/policymanager.svc is Successful.
Connectivity Test Step 1 of 3 - Failed to connect some service endpoints, please investigate.

Connectivity Test Step 2 of 3 - Blob data upload procedure begins ...
Unhandled exception occurred: System.Security.Cryptography.CryptographicException: The parameter is incorrect.

   at System.Security.Cryptography.ProtectedData.Unprotect(Byte[] encryptedData, Byte[] optionalEntropy, DataProtectionS
cope scope)
   at Microsoft.Identity.Health.Common.Clients.PowerShell.ConfigurationModule.TestAzureADConnectHealthConnectivity.LoadI
dentityInfo()
   at Microsoft.Identity.Health.Common.Clients.PowerShell.ConfigurationModule.TestAzureADConnectHealthConnectivity.TestI
nsightServiceDataUploadProcedure()
   at Microsoft.Identity.Health.Common.Clients.PowerShell.ConfigurationModule.TestAzureADConnectHealthConnectivity.Proce
ssRecord()

I've used the same account with the registration command as I used with installation of the Azure AD Connect software, of which the sync is running without problems.

There is MFA enabled on that account, but I do not see an issue there.

Hope somebody can assist.

Specific Office 365 Dynamic Distribution Group Query

August 27, 2019, 11:03 am
$
0
0
Hello, 

I am working on an O365 dynamically group in Azure portal.  Basically, I want to populate any enabled user accounts, AND the account has a mailbox.  

Does anyone know how to do it?

Thanks.

Azure AD Smart Lockout

November 7, 2018, 8:19 am
$
0
0

Hey all, I've been having the hardest time find answers to some Azure AD Smart Lockout questions and I'm hoping someone has some experience with it.  I'm looking to move away from ADFS to PTA but there are lingering questions about Smart Lockout and how it functions.

  • Basic Azure AD from O365 with on prem DirSync (Smart Lockout can't be modified with this - 10 failed login attempts - 60 second lockout.)
  • On premise password policy is set higher than the thresholds above.

What is the calculation after the next failed login attempt? (Microsoft does not supply the increase, just that it does increase the duration after each failed attempt after lockout) 

At what point does the increase in lockout duration meet a maximum value and what is that value?

How do you unlock an account that's locked out via Smart Lockout?  Will a valid on-premise login to O365 unlock the account and reset the lockout counters for Smart Lockout?

Are bad login attempts logged anywhere in a DC or server running the PTA agent? (Basic Azure AD does not have auditing available for Smart Lockout that I know of.)

Is it possible, if logged somewhere visible, to block an IP from even being able to try to attempt a login?

Azure AD Application Proxy 404 error

September 7, 2018, 3:21 am
$
0
0

Hi,

I have 2 web-servers inside my network and trying to publish them to the Internet.

But I'm getting 404 error in any case even if I try to publish it with a custom domain and with .msappproxy.net domain

In the Azure Portal connector is looking connected and "green"

In logs on server with connector  I can't see any errors.

What would you recommend to check?

And some more questions:

And is possible to publish web-servers on Linux in such way?

Is it possible to use one connector for 2 websites?

Thanks.

1


B2C: Add action to button

May 3, 2018, 8:26 am
$
0
0

I've created a login page. How do I add an custom URL action to the 'Cancel' button?

Thanks

Viewing all 16000 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>