Friday, May 18, 2018

AADSTS70001: Application with identifier

Getting the following error (Figure 1):

Figure 1

Here are some facts:

Azure Active Directory ID (Figure 2):

Figure 2

Application “PNG Projects” Object ID (Figure 3)
Figure 3

SAML Sign-In Information (Figure 4):

Figure 4

PowerShell with SharePoint Snap-In Showing the Token installed (Figure 5)

Installed RAW Certificate PS C:\Windows\system32> Get-SPTrustedRootAuthority "AzureAD"
Get-SPTrustedIdentityTokenIssuer "AzureAD"

Certificate                 : [Subject]
                                CN=Microsoft Azure Federated SSO Certificate
                                CN=Microsoft Azure Federated SSO Certificate
                              [Serial Number]
                              [Not Before]
                                5/16/2018 5:13:24 PM
                              [Not After]
                                5/16/2021 5:13:24 PM
Name                        : AzureAD
TypeName                    : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
DisplayName                 : AzureAD
Id                          : 1f6fa3f9-a67e-4827-bd49-ca5c14e74849
Status                      : Online
Parent                      : SPTrustedRootAuthorityManager
Version                     : 12719405
Properties                  : {}
Farm                        : SPFarm Name=SP_Config
UpgradedPersistedProperties : {}

ProviderSignOutUri            :
DefaultProviderRealm          :
ProviderRealms                : {}
ClaimTypes                    : {,,}
HasClaimTypeInformation       : True
ClaimTypeInformation          : {name, GivenName, SurName}
ClaimProviderName             :
UseWReplyParameter            : False
UseWHomeRealmParameter        : False
GroupClaimType                :
RegisteredIssuerName          :
IdentityClaimTypeInformation  : Microsoft.SharePoint.Administration.Claims.SPTrustedClaimTypeInformation
Description                   : SharePoint secured by Azure AD
SigningCertificate            : [Subject]
                                  CN=Microsoft Azure Federated SSO Certificate
                                  CN=Microsoft Azure Federated SSO Certificate
                                [Serial Number]
                                [Not Before]
                                  5/16/2018 5:13:24 PM
                                [Not After]
                                  5/16/2021 5:13:24 PM
AdditionalSigningCertificates : {}
MetadataEndPoint              :
IsAutomaticallyUpdated        : False
Name                          : AzureAD
TypeName                      : Microsoft.SharePoint.Administration.Claims.SPTrustedLoginProvider
DisplayName                   : AzureAD
Id                            : 742ae843-6936-4b30-bdae-1321d3907486
Status                        : Online
Parent                        : SPSecurityTokenServiceManager Name=SecurityTokenServiceManager
Version                       : 12719408
Properties                    : {}
Farm                          : SPFarm Name=SP_Config
UpgradedPersistedProperties   : {}

Figure 5

Again, trying to convert from SAML 2.0 to SAML 1.1 because SharePoint 2013 and 2016 only accept SAML 1.1.

Thus back to the issue with the first (Figure 1), This is the correct AppID how come I can getting a failure?

Friday, May 04, 2018

PowerShell 5.0

I have been having lots of trouble with using PowerShell with Azure.  In order to get it running I finally came across the following site for the correct downloads:

Tuesday, April 17, 2018

IIS Restart to read registry settings

Using NET STOP and NET START commands to force IIS services to re-read the registry

We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 7.0 running on Microsoft Windows Server 2008. IIS 7.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site: For more information about IIS 7.0, visit the following Microsoft Web site:


When you make changes to the registry that affect IIS and its dependent services, you must stop and restart those services in order to force them to re-read the registry.

As an alternative to stopping and starting those services using the Services applet in Control Panel, you can use the NET STOP and NET START commands.

More Information

Stopping IISADMIN and its dependent services

To stop all IIS-related services, type NET STOP IISADMIN /Y at a command prompt. This will stop the IIS Admin Service and all dependent services. Below is an example of the output you will see after issuing this command (the dependent services listed on your computer may vary):
The following services are dependent on the IIS Admin Service service.
Stopping the IIS Admin Service service will also stop these services.

   FTP Publishing Service
   Microsoft NNTP Service
   Microsoft SMTP Service
   World Wide Web Publishing Service
You will then see a message displayed as each service is successfully stopped.

Starting the IIS-related services

Use the NET START command to restart the IIS-related services you use. For example, to restart the World Wide Web service, type NET START W3SVC.

Determining service names

To determine the service names, start Registry Editor (type Regedit.exe or Regedt32.exe) and go to the following registry key:

Under Services, the service name that works with the NET STOP and NET START commands is listed.

NOTE: For each service, there is also a DisplayName value, which is the name listed in the Services applet in Control Panel and in the messages displayed after the NET STOP and NET START commands are run. However, these Display Names cannot be used as a parameter with the NET STOP and NET START commands.

Common IIS-related services

Service NameDisplay Name
IisadminIIS Admin Service
MsftpsvcFTP Publishing Service
NntpsvcMicrosoft NNTP Service
SmtpsvcMicrosoft SMTP Service
W3svcWorld Wide Web Publishing Service

(c) Microsoft Corporation 2000, All Rights Reserved. Contributions by Kevin Zollman, Microsoft Corporation.

Friday, March 16, 2018

SQL Connection Validation

  1. SQL Server 2014
  2. SQL Server 2014 SP2
  3. Installed SQL Server 2014
    1. Arpit, Rick and Robert are SQL Server Admins
  4. Installed SQLServer 2014 SP2
  5. Configure CLMCRPOC2 SQL Server 2014 to accept incoming remote SQL connections
    1. IP address for CLMCRPOC2 =
  6. Open SQL Server Configuration Services
    1. Expand SQL Server Network Configuration
      1. Protocols for MSSQLSERVER and enable TCP/IP
  7. Create a blank file on your desktop name it SQLConnectionTest.udl
  8. Then open and test your connection.

Friday, February 16, 2018

The maximum length of an email address 254

The maximum length of an email address is 254 characters.
Every email address is composed of two parts. The local part that comes before the '@' sign, and the domain part that follows it. In "", the local part is "user", and the domain part is "".
The local part must not exceed 64 characters and the domain part cannot be longer than 255 characters.
The combined length of the local + @ + domain parts of an email address must not exceed 254 characters. As described in RFC3696 Errata ID 1690.

Thank you StackOverFlow

Thursday, February 01, 2018

SharePoint 2013 Development from local workstation

A great co-worker showed our team the following NUGET package that allows you to work directly from your work station instead of needing a full SharePoint 2013 Development Environment and I am sure it would work for SharePoint 2016.  See the image below.

Thanks to Joe.