Tag: ADFS

Microsoft Company Portal temporary unavailable error troubleshooting

Recently was assisting the Intune team to troubleshoot “Company Portal Temporary Unavailable” error for the iOS devices. The Azure AD was federated with AD FS. Looking at the Company Portal logs from mobile device the following detailed error message was discovered (extracted the part we are interested in): InAppProcess : {context = "Failed to fetch … Continue reading Microsoft Company Portal temporary unavailable error troubleshooting

AD FS 2016 Access Control Policies troubleshooting

The Access Control (AC) policies were introduced in AD FS 2016. See this official documentation to get familiar with AD FS Access Control policies concept and settings. Recently had to troubleshoot the following scenario. Customer has Hybrid Exchange environment with email boxes located in on premises Exchange 2010 and archives located in Exchange Online. Exchange … Continue reading AD FS 2016 Access Control Policies troubleshooting

AD FS 2016 Extranet Smart Lockout eventIDs 1203 and 1210 clarification

Continuing my journey of learning the great AD FS Extranet Smart Lockout (ESL) feature. As mentioned in my other post, the enhancement were made in AD FS 2016 auditing and there will be Event ID 1203 logged in the ADFS Security log by ADFS Auditing in case there was a failure to validate user credentials … Continue reading AD FS 2016 Extranet Smart Lockout eventIDs 1203 and 1210 clarification

AD FS Extranet Smart Lockout user management via remote PowerShell

Recently had experienced issue when trying to execute AD FS Extranet Smart Lockout user management cmdlet via remote PowerShell. Error in PowerShell: Exception of type 'Microsoft.IdentityServer.User.UserActivityRestServiceException' was thrown. + CategoryInfo         : NotSpecified: (:) [Get-AdfsAccountActivity], User ActivityRestServiceException + FullyQualifiedErrorId : Microsoft.IdentityServer.User.UserActivityRestSer viceException,Microsoft.IdentityServer.Management.Commands.GetAdfsAccountAc tivity + PSComputerName       : Win2016-ADFS01 In AD FS Admin logs on Win2016-ADFS01 server saw … Continue reading AD FS Extranet Smart Lockout user management via remote PowerShell

AD FS 2016 Extranet Smart Lockout behavior

I’m sure you are familiar with the following articles discussing the Federated account lockouts and AD FS Extranet Smart Lockout (ESL) feature and set up recommendations. https://blogs.technet.microsoft.com/tspring/2017/01/20/federated-to-microsoft-cloud-and-account-lockouts/ https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-ad-fs-extranet-smart-lockout-protection https://samilamppu.com/2018/07/09/w2016-adfs-smart-lockout/ Recently was helping the customer whose environment was experiencing high volume of on-premises AD accounts lockouts due to the external bad passwords attempts via AD FS … Continue reading AD FS 2016 Extranet Smart Lockout behavior

AD FS Relying Party certificates errors troubleshooting (EventID 317)

Customer has configured the new Relying Party Trust by using the Relying Party Trust Wizard and importing the data from the file that was downloaded earlier on the management computer. When testing the Relying Party sign-on, the application was returning the error “An error SAML response status was received. urn:oasis:names:tc:SAML:2.0:status:Responder” Per following article https://msdn.microsoft.com/en-us/library/hh269642.aspx this … Continue reading AD FS Relying Party certificates errors troubleshooting (EventID 317)

AD FS 2.0 and Safari (iOS 9 and iOS 10) sign in issue (authentication cookies size issue)

Recently have been working on the issue when the users on iOS 9 and 10 were not able to complete the authentication from outside of corporate network (via AD FS Proxy). The users were getting the error – “There was a problem accessing the site. Try to browse to the site again. Reference number: XXX”. … Continue reading AD FS 2.0 and Safari (iOS 9 and iOS 10) sign in issue (authentication cookies size issue)

Federated applications (CRM and IIS) ADFS Single Sign-On (SSO) troubleshooting with Fiddler

Recently had very interesting issue to troubleshoot. This (long 😊 ) troubleshooting description for sure will help many to understand the ADFS Single Sign-On (SSO) flow and how to read the Fiddler traces. Environment: ADFS 3.0, CRM 2013, IIS 8.5 running a site. Both the CRM and the IIS site are federated with the ADFS. … Continue reading Federated applications (CRM and IIS) ADFS Single Sign-On (SSO) troubleshooting with Fiddler