Showing posts from October, 2010

CryptographicException Error Connecting SharePoint 2007 and ADFS 2.0 Using Domain App Pool User with SharePoint

When attempting to connect ADFS 2.0 and SharePoint 2007 most of the documentation assumes you are using the NetworkService account to run the application pools for the SharePoint content web applications.  In a real world environment though a domain user is probably running the app pools. Tech Specs: SharePoint Version: 2007 ADFS Version: 2.0 Server OS: 2008R2 ADFS URL: https://lab-adfs.defenseready.local/ SharePoint 2007 URL: https://ext.defenseready.local/ SharePoint App Pool User: defenseready\spapppool What Happens: Users opens the browser and navigates to the site.  Enter user information and click Sign In  The user now is presented with the error that An unexpected error has occurred.  How to diagnose: In order to diagnose we will need to update the web.config for the SharePoint site. First find the CallStack attribute and set it to true Secondly change the customErrors mode attribute to Off Error: When we repeat the steps earlier a

Clean Up IIS and Active Directory After ADFS 2.0 Uninstall

The following is taken from the following KB article: .  I have had to do this so many times though I found it easier to post it here :) The Active Directory Federation Services 2.0(AD FS 2.0) uninstallation wizard uninstalls AD FS 2.0 from your computer. However, you may still have to manually restore or cleanup settings in either of the following situations: When you uninstall AD FS 2.0 from a federation server or federation server proxy computer, the uninstall wizard does not restore IIS to its original state. When you uninstall AD FS 2.0 from the last added federation server in a federation server farm, the uninstall process does not delete the certificate sharing container that was created in Active Directory. Restore IIS on a federation server or federation server proxy computer When AD FS 2.0 is installed on a computer that is configured for the federation server or federation server proxy role, it will create the /adfs and /adfs/l

Display ADFS 2.0 Forms Authentication Login Page Instead of Windows Authentication Prompt

After installing ADFS 2.0 for SharePoint a Windows login prompt was shown when the SharePoint site forwarded to the ADFS server instead of the ADFS Forms Authentication login screen.  No matter what account I tried to use here I would eventually receive a 401 Not Auhorized error. The reason for this is that the ADFS website tries to use Windows Authentication before trying to use the Forms authentication which displays the loging page below.  Forms Login Screen for ADFS 2.0  To fix this do the following on the ADFS server: 1. Open IIS and Explore under Default Website\adfs\ls 2. Open the web.config file with Notepad, look for the localAuthenticationTypes section. 3. Move the line for Forms above the line for Integrated and save the web.config file.  This will force the ADFS application to use the Login Page authentication before trying to use Windows Authentication.  

Install XPS Viewer for Windows Server 2008R2

If you need to install the XPS viewer on Windows Server 2008R2 just follow these directions. 1. Open the Server Manager for the computer. 2. Click on Add features .   3. Scroll down to the XPS Viewer selection and click the check box.  4. Click the Install button.  5. After the installation has completed click the Close button.