ITSGMBH
asked on
ADFS / WAP and Exchange 2010 OWA
Hi 2gether
I fighting around with publishing Exchange 2010 OWA trought Server 2012 ADFS and Web Application Proxy.
I have an WAP Server joined to my domain and placed in an OPT Zone. I want to use the ADFS Preauthentification for publishing OWA in my DNS SplitScope Scenario.
After i fill in my Usercreds to login to OWA, nothing really happens.
I see that the WAP Server is requesting an kerberos ticket, but the ADFS Server is not able to send the kerberos ticket back. I read the how-to and step by step guide a thousand time...added the SPN, activated constrained delegation..but it does not work at all.
The Logs on the WAP Server are telling me:
EVENT ID 12027, Username and Password wrong (0x8007052e). But i am quiet sure the credentials are right...because EAS and the other published rules work.
On the other side the ADFS Serverlog tells me:
Did anyone had this problem before? The strange thing is...i tested the whole thing before with the same components and it worked in the lab.
thx for any help
I fighting around with publishing Exchange 2010 OWA trought Server 2012 ADFS and Web Application Proxy.
I have an WAP Server joined to my domain and placed in an OPT Zone. I want to use the ADFS Preauthentification for publishing OWA in my DNS SplitScope Scenario.
After i fill in my Usercreds to login to OWA, nothing really happens.
I see that the WAP Server is requesting an kerberos ticket, but the ADFS Server is not able to send the kerberos ticket back. I read the how-to and step by step guide a thousand time...added the SPN, activated constrained delegation..but it does not work at all.
The Logs on the WAP Server are telling me:
EVENT ID 12027, Username and Password wrong (0x8007052e). But i am quiet sure the credentials are right...because EAS and the other published rules work.
On the other side the ADFS Serverlog tells me:
364:
Encountered error during federation passive request.
Additional Data
Protocol Name:
Relying Party:
Exception details:
Microsoft.IdentityServer.Web.InvalidScopeException: 06a7aa66-3aad-e311-80c1-005056983900
at Microsoft.IdentityServer.Web.Protocols.MSISHttp.MSISHttpProtocolHandler.ValidateSignInContext(MSISHttpSignInRequestContext msisContext, WrappedHttpListenerRequest request)
at Microsoft.IdentityServer.Web.Protocols.MSISHttp.MSISHttpProtocolHandler.CreateProtocolContext(WrappedHttpListenerRequest request)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetProtocolHandler(WrappedHttpListenerRequest request, ProtocolContext& protocolContext, PassiveProtocolHandler& protocolHandler)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
Did anyone had this problem before? The strange thing is...i tested the whole thing before with the same components and it worked in the lab.
thx for any help
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.