This project has moved and is read-only. For the latest updates, please go here.
1

Closed

Fix configuration errors using PowerShell cmdlets and restart the Federation Service

description

Hi we are getting below error on ADFS services start and user login please help us.

==========================1===============================
An error occurred loading an authentication provider. Fix configuration errors using PowerShell cmdlets and restart the Federation Service.
Identifier: MultiFactorAuthenticationProvider
Context: Proxy device TLS pipeline

Additional Data
Exception details:
The authentication method Neos.IdentityServer.MultiFactor.AuthenticationProvider, Neos.IdentityServer.MultiFactor, Version=1.2.0.0, Culture=neutral, PublicKeyToken=3a36c681d9dd304c could not be loaded. Exception has been thrown by the target of an invocation.

==========================2===============================

The Federation Service encountered an error while processing the WS-Trust request.
Request type: http://schemas.microsoft.com/idfx/requesttype/issue

Additional Data
Exception details:
System.ArgumentOutOfRangeException: Not a valid Win32 FileTime.
Parameter name: fileTime
at System.DateTime.FromFileTimeUtc(Int64 fileTime)
at Microsoft.IdentityServer.Tokens.LsaLogonUserHelper.GetPasswordExpiryDetails(SafeLsaReturnBufferHandle profileHandle, DateTime& nextPasswordChange, DateTime& lastPasswordChange)
at Microsoft.IdentityServer.Tokens.LsaLogonUserHelper.GetLsaLogonUserInfo(SafeHGlobalHandle pLogonInfo, Int32 logonInfoSize, DateTime& nextPasswordChange, DateTime& lastPasswordChange, String authenticationType, String issuerName)
at Microsoft.IdentityServer.Tokens.LsaLogonUserHelper.GetLsaLogonUser(String domain, String username, String password, DateTime& nextPasswordChange, DateTime& lastPasswordChange, String issuerName)
at Microsoft.IdentityServer.Service.LocalAccountStores.ActiveDirectory.ActiveDirectoryCpTrustStore.ValidateUser(IAuthenticationContext context)
at Microsoft.IdentityServer.Service.Tokens.MsisLocalCpUserNameSecurityTokenHandler.ValidateTokenInternal(UsernameAuthenticationContext usernameAuthenticationContext, SecurityToken token)
at Microsoft.IdentityServer.Service.Tokens.MsisLocalCpUserNameSecurityTokenHandler.ValidateToken(SecurityToken token)
at Microsoft.IdentityServer.Web.WSTrust.SecurityTokenServiceManager.GetEffectivePrincipal(SecurityTokenElement securityTokenElement, SecurityTokenHandlerCollection securityTokenHandlerCollection)
at Microsoft.IdentityServer.Web.WSTrust.SecurityTokenServiceManager.Issue(RequestSecurityToken request, IList1& identityClaimSet, List1 additionalClaims)
Closed Mar 26 at 8:06 PM by redhook

comments

redhook wrote Mar 26 at 8:06 PM

Hi,

We don't provide any support for custom builds.
We can see in your trace that the assembly signature is not our.
$typeName = "Neos.IdentityServer.MultiFactor.AuthenticationProvider, Neos.IdentityServer.MultiFactor, Version=1.2.0.0, Culture=neutral, PublicKeyToken=175aa5ee756d2aa2"
Register-AdfsAuthenticationProvider -TypeName $typeName -Name "MultiFactorAuthenticationProvider" -Verbose -ConfigurationFilePath ".\configdata.xml" 
net stop adfssrv
net start adfssrv
PublicKeyToken=175aa5ee756d2aa2

For Custom builds your MUST recompile all projects and sign them with your own Key.
As said in dcoumentation (also on first page of this site) :
  • Due to security, solution must be signed in Visual Studio with a certificate .pfx
  • You must also deploy your assemblies un the GAC.
  • You must also ensure that the right .Net Framework is deployed on tour servers (builds for 4.5.2 and 4.6.2)
  • You must modify your PowerShell command (PublicToken) according your signature cert.
  • Only deploy these components on ADFS Servers but not on ADFS Proxies.
Best Regards