Managed service contracts are great - when they're making you money. Yes, you’re getting paid monthly, but is it actually profitable? Learn to calculate your hourly overhead burden so you can master your IT services pricing strategy.
ADFS MSIS7065 error
I have recently set up a ADFS server in my 2012R2 domain. I can browse to the /adfs/ls/idpinitatedservic
Microsoft.IdentityServer.R
I have modified the SPN on the user account to include the http(s)/adfs.domain.com and ensured that the account has full access to the certificate being used. I have also tried restarting the ADFS service as well as the server to no avail. The difference between the two results seems to be IE11 vs Edge/Firefox.
The server is using the WID on a 64bit Server 2012R2 system. I am able to browse to the /federationmetadata/2007-0
An error occurred
An error occurred. Contact your administrator for more information.
Error details
Activity ID: 00000000-0000-0000-1300-00
Error time: Thu, 20 Apr 2017 13:01:57 GMT
Cookie: enabled
User agent string: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.14393
Microsoft.IdentityServer.R
I have modified the SPN on the user account to include the http(s)/adfs.domain.com and ensured that the account has full access to the certificate being used. I have also tried restarting the ADFS service as well as the server to no avail. The difference between the two results seems to be IE11 vs Edge/Firefox.
The server is using the WID on a 64bit Server 2012R2 system. I am able to browse to the /federationmetadata/2007-0
An error occurred
An error occurred. Contact your administrator for more information.
Error details
Activity ID: 00000000-0000-0000-1300-00
Error time: Thu, 20 Apr 2017 13:01:57 GMT
Cookie: enabled
User agent string: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.14393
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get this solution by purchasing an Individual license!
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
K B,
Thank you for the quick response. That is the guide that I used to set up our ADFS server. However, I did notice that the guide says to test with .htm and not .aspx. When I use the .htm site in Edge everything seems to work correctly. Using IE11 I am still getting the same redirect to /adfs/ls/wia with a page cannot be found message. In IE the credentials login is a pop out dialogue rather than built into the portal as in Edge. The error message doesn't appear on the server when using the .htm site for either browser.
Thank you for the quick response. That is the guide that I used to set up our ADFS server. However, I did notice that the guide says to test with .htm and not .aspx. When I use the .htm site in Edge everything seems to work correctly. Using IE11 I am still getting the same redirect to /adfs/ls/wia with a page cannot be found message. In IE the credentials login is a pop out dialogue rather than built into the portal as in Edge. The error message doesn't appear on the server when using the .htm site for either browser.
Is there a GPO that has modified the default settings of your IE11? have you added the https://adfs.domain.com to intranet zone. by default intranet zone is out of the box able to handle this.
I have tried using the intranet sites list, the only GPO we have in place is for trusted sites, and I have also tried removing the SPN information from the service account.
edit: should have added that I am still seeing the same results on both browsers
edit: should have added that I am still seeing the same results on both browsers
are you using a proxy like a WAP server?
does the GPO overlap (perhaps a wildcard) with the entry you are making?
go to File->Properties. The properties dialog shows the zone for that page.
is the server fully patched?
Since this is limited to IE that is where I would look.. setup a workstation free of any GPOs .. test with that and let me know
does the GPO overlap (perhaps a wildcard) with the entry you are making?
go to File->Properties. The properties dialog shows the zone for that page.
is the server fully patched?
Since this is limited to IE that is where I would look.. setup a workstation free of any GPOs .. test with that and let me know
effectively you are seeing what you should. You are just missing the automatic login.
so make sure your test workstation isnt touched by any gpo prior .. otherwise you will still have to revert whatever it did
so make sure your test workstation isnt touched by any gpo prior .. otherwise you will still have to revert whatever it did
So, I tried using a freshly loaded PC and still kept getting the error; even before I joined it to the domain. Started looking at different online threads and found one suggesting that the URL I was using was incorrect.
/adfs/ls/idpinitiatedsigno
as opposed to
/adfs/ls/idpinitatedservic
Shame I only noticed the .aspx being incorrect and not the whole last file on the URL.
Anyway, thanks for taking a look at this for me!
/adfs/ls/idpinitiatedsigno
as opposed to
/adfs/ls/idpinitatedservic
Shame I only noticed the .aspx being incorrect and not the whole last file on the URL.
Anyway, thanks for taking a look at this for me!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory
From novice to tech pro — start learning today.
-
Microsoft ApplicationsCertification: MOS Microsoft Office Specialist - PowerPoint 2007… 229 lessons
-
Microsoft ApplicationsCertification: MOS Microsoft Office Specialist - Word 2013 Part … 213 lessons
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get this solution by purchasing an Individual license!
Start your 7-day free trial.
https://blogs.technet.microsoft.com/rmilne/2014/04/28/how-to-install-adfs-2012-r2-for-office-365/
Typically there should be no need to perform any additional steps once these steps are followed.
If you want to test the passing of credentials you would need to add adfs.domain.com to your intranet zone sites and be logged as a domain user.