Wednesday, May 23, 2018

ID4014: A SecurityTokenHandler is not registered to read security token error

Getting the following error (Figure 1):

Server Error in '/' Application.

ID4014: A SecurityTokenHandler is not registered to read security token ('Assertion', 'urn:oasis:names:tc:SAML:2.0:assertion').

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.IdentityModel.Tokens.SecurityTokenException: ID4014: A SecurityTokenHandler is not registered to read security token ('Assertion', 'urn:oasis:names:tc:SAML:2.0:assertion').

Source Error:

 An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[SecurityTokenException: ID4014: A SecurityTokenHandler is not registered to read security token ('Assertion', 'urn:oasis:names:tc:SAML:2.0:assertion').] Microsoft.IdentityModel.Web.TokenReceiver.ReadToken(String tokenXml, XmlDictionaryReaderQuotas readerQuotas) +370 Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequest request) +330 Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) +323 Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs eventArgs) +138 System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +209 System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) +213 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +91

Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.7.2623.0

Figure 1

Here are some facts:

Azure Active Directory ID (Figure 2):

Figure 2

Application “PNG Projects” Object ID (Figure 3)

Figure 3

Again, trying to convert from SAML 2.0 to SAML 1.1 because SharePoint 2013 and 2016 only accept SAML 1.1.

I have the reply populated in Azure AD as https://projects-dev02-extranet.domain.com/_trust/default.aspx

Friday, May 18, 2018

AADSTS70001: Application with identifier

Getting the following error (Figure 1):

Figure 1

Here are some facts:

Azure Active Directory ID (Figure 2):

Figure 2

Application “PNG Projects” Object ID (Figure 3)

Figure 3

SAML Sign-In Information (Figure 4):

Figure 4

PowerShell with SharePoint Snap-In Showing the Token installed (Figure 5)

Installed RAW Certificate PS C:\Windows\system32> Get-SPTrustedRootAuthority "AzureAD"

Get-SPTrustedIdentityTokenIssuer "AzureAD"

Certificate : [Subject]

CN=Microsoft Azure Federated SSO Certificate

[Issuer]

CN=Microsoft Azure Federated SSO Certificate

[Serial Number]

316201B4157F75B444B5876DD1EF36E0

[Not Before]

5/16/2018 5:13:24 PM

[Not After]

5/16/2021 5:13:24 PM

[Thumbprint]

38B1DA740F7D2C8EAD5E95F6F16B9D8XXXXXXXXXXXX

Name : AzureAD

TypeName : Microsoft.SharePoint.Administration.SPTrustedRootAuthority

DisplayName : AzureAD

Id : 1f6fa3f9-a67e-4827-bd49-ca5c14e74849

Status : Online

Parent : SPTrustedRootAuthorityManager

Version : 12719405

Properties : {}

Farm : SPFarm Name=SP_Config

UpgradedPersistedProperties : {}

ProviderUri : https://login.microsoftonline.com/ef1e3a84-3051-452b-88bf-d8aec4807675/wsfed

ProviderSignOutUri :

DefaultProviderRealm : urn:sharepoint:projects-dev02.domain.com

ProviderRealms : {}

ClaimTypes : {http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name, http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname, http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname}

HasClaimTypeInformation : True

ClaimTypeInformation : {name, GivenName, SurName}

ClaimProviderName :

UseWReplyParameter : False

UseWHomeRealmParameter : False

GroupClaimType :

RegisteredIssuerName :

IdentityClaimTypeInformation : Microsoft.SharePoint.Administration.Claims.SPTrustedClaimTypeInformation

Description : SharePoint secured by Azure AD

SigningCertificate : [Subject]

CN=Microsoft Azure Federated SSO Certificate

[Issuer]

CN=Microsoft Azure Federated SSO Certificate

[Serial Number]

316201B4157F75B444B5876DD1EF36E0

[Not Before]

5/16/2018 5:13:24 PM

[Not After]

5/16/2021 5:13:24 PM

[Thumbprint]

38B1DA740F7D2C8EAD5E95F6F16B9D8E7D5FB5EB

AdditionalSigningCertificates : {}

MetadataEndPoint :

IsAutomaticallyUpdated : False

Name : AzureAD

TypeName : Microsoft.SharePoint.Administration.Claims.SPTrustedLoginProvider

DisplayName : AzureAD

Id : 742ae843-6936-4b30-bdae-1321d3907486

Status : Online

Parent : SPSecurityTokenServiceManager Name=SecurityTokenServiceManager

Version : 12719408

Properties : {}

Farm : SPFarm Name=SP_Config

UpgradedPersistedProperties : {}

Figure 5

Again, trying to convert from SAML 2.0 to SAML 1.1 because SharePoint 2013 and 2016 only accept SAML 1.1.

Thus back to the issue with the first (Figure 1), This is the correct AppID how come I can getting a failure?

Friday, May 04, 2018

PowerShell 5.0

I have been having lots of trouble with using PowerShell with Azure. In order to get it running I finally came across the following site for the correct downloads: https://docs.microsoft.com/en-us/powershell/wmf/5.0/requirements

Tuesday, April 17, 2018

IIS Restart to read registry settings

Using NET STOP and NET START commands to force IIS services to re-read the registry

We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 7.0 running on Microsoft Windows Server 2008. IIS 7.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx

For more information about IIS 7.0, visit the following Microsoft Web site:

http://www.iis.net/default.aspx?tabid=1

Summary

When you make changes to the registry that affect IIS and its dependent services, you must stop and restart those services in order to force them to re-read the registry.

As an alternative to stopping and starting those services using the Services applet in Control Panel, you can use the NET STOP and NET START commands.

More Information

Stopping IISADMIN and its dependent services

To stop all IIS-related services, type NET STOP IISADMIN /Y at a command prompt. This will stop the IIS Admin Service and all dependent services. Below is an example of the output you will see after issuing this command (the dependent services listed on your computer may vary):

The following services are dependent on the IIS Admin Service service.
Stopping the IIS Admin Service service will also stop these services.

   FTP Publishing Service
   Microsoft NNTP Service
   Microsoft SMTP Service
   World Wide Web Publishing Service

You will then see a message displayed as each service is successfully stopped.

Starting the IIS-related services

Use the NET START command to restart the IIS-related services you use. For example, to restart the World Wide Web service, type NET START W3SVC.

Determining service names

To determine the service names, start Registry Editor (type Regedit.exe or Regedt32.exe) and go to the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

Under Services, the service name that works with the NET STOP and NET START commands is listed.

NOTE: For each service, there is also a DisplayName value, which is the name listed in the Services applet in Control Panel and in the messages displayed after the NET STOP and NET START commands are run. However, these Display Names cannot be used as a parameter with the NET STOP and NET START commands.

Common IIS-related services

Service Name	Display Name
Iisadmin	IIS Admin Service
Msftpsvc	FTP Publishing Service
Nntpsvc	Microsoft NNTP Service
Smtpsvc	Microsoft SMTP Service
W3svc	World Wide Web Publishing Service

Friday, March 16, 2018

SQL Connection Validation

SQL Server 2014
SQL Server 2014 SP2
Installed SQL Server 2014

Arpit, Rick and Robert are SQL Server Admins

Installed SQLServer 2014 SP2
Configure CLMCRPOC2 SQL Server 2014 to accept incoming remote SQL connections

IP address for CLMCRPOC2 = 10.220.126.188

Open SQL Server Configuration Services

Expand SQL Server Network Configuration

Protocols for MSSQLSERVER and enable TCP/IP

Create a blank file on your desktop name it SQLConnectionTest.udl
Then open and test your connection.

Friday, February 16, 2018

The maximum length of an email address 254

The maximum length of an email address is 254 characters.

Every email address is composed of two parts. The local part that comes before the '@' sign, and the domain part that follows it. In "user@example.com", the local part is "user", and the domain part is "example.com".

The local part must not exceed 64 characters and the domain part cannot be longer than 255 characters.

The combined length of the local + @ + domain parts of an email address must not exceed 254 characters. As described in RFC3696 Errata ID 1690.

I got the original part of this information from here

Thank you StackOverFlow

Thursday, February 01, 2018

SharePoint 2013 Development from local workstation

A great co-worker showed our team the following NUGET package that allows you to work directly from your work station instead of needing a full SharePoint 2013 Development Environment and I am sure it would work for SharePoint 2016. See the image below.

Thanks to Joe.