We help IT Professionals succeed at work.

ADFS MSIS7065 error

3,518 Views
Last Modified: 2018-02-08
I have recently set up a ADFS server in my 2012R2 domain.  I can browse to the /adfs/ls/idpinitatedservice.aspx page, however, I either have an error on the login page on the right pane or am prompted to input my credentials.  Upon inputting the credentials I am taken to /adfs/ls/wia with a message that the website cannot be found.  In either scenario the ADFS server records the following error:

  Microsoft.IdentityServer.RequestFailedException: MSIS7065: There are no registered protocol handlers on path /adfs/ls/idpinitatedservice.aspx to process the incoming request.

I have modified the SPN on the user account to include the http(s)/adfs.domain.com and ensured that the account has full access to the certificate being used.  I have also tried restarting the ADFS service as well as the server to no avail.  The difference between the two results seems to be IE11 vs Edge/Firefox.  

The server is using the WID on a 64bit Server 2012R2 system.  I am able to browse to the /federationmetadata/2007-06/federationmetadata.xml page; so I know some of this set up is working.  The error message on the web portal is (Edge browser as well as IE11 on the server):

An error occurred
An error occurred. Contact your administrator for more information.
Error details
Activity ID: 00000000-0000-0000-1300-0080000000fb
Error time: Thu, 20 Apr 2017 13:01:57 GMT
Cookie: enabled
User agent string: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.14393
Comment
Watch Question

Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
Michael MillerIT Engineer

Author

Commented:
K B,

Thank you for the quick response.  That is the guide that I used to set up our ADFS server.  However, I did notice that the guide says to test with .htm and not .aspx.  When I use the .htm site in Edge everything seems to work correctly.  Using IE11 I am still getting the same redirect to /adfs/ls/wia with a page cannot be found message.  In IE the credentials login is a pop out dialogue rather than built into the portal as in Edge.  The error message doesn't appear on the server when using the .htm site for either browser.
K B

Commented:
Is there a GPO that has modified the default settings of your IE11? have you added the https://adfs.domain.com to intranet zone.  by default intranet zone is out of the box able to handle this.
K B

Commented:
perhaps try to setup with a user account that does not have the SPN modifications also
Michael MillerIT Engineer

Author

Commented:
I have tried using the intranet sites list, the only GPO we have in place is for trusted sites, and I have also tried removing the SPN information from the service account.

edit: should have added that I am still seeing the same results on both browsers
K B

Commented:
are you using a proxy like a WAP server?
does the GPO overlap (perhaps a wildcard) with the entry you are making?

go to File->Properties. The properties dialog shows the zone for that page.

is the server fully patched?

Since this is limited to IE that is where I would look.. setup a workstation free of any GPOs .. test with that and let me know
K B

Commented:
effectively you are seeing what you should.  You are just missing the automatic login.

2017-04-20_1342.png
so make sure your test workstation isnt touched by any gpo prior .. otherwise you will still have to revert whatever it did
Michael MillerIT Engineer

Author

Commented:
So, I tried using a freshly loaded PC and still kept getting the error; even before I joined it to the domain.  Started looking at different online threads and found one suggesting that the URL I was using was incorrect.  

/adfs/ls/idpinitiatedsignon.htm

as opposed to

/adfs/ls/idpinitatedservice.htm

Shame I only noticed the .aspx being incorrect and not the whole last file on the URL.  

Anyway, thanks for taking a look at this for me!

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions