CryptographicException Error Connecting SharePoint 2007 and ADFS 2.0 Using Domain App Pool User with SharePoint

When attempting to connect ADFS 2.0 and SharePoint 2007 most of the documentation assumes you are using the NetworkService account to run the application pools for the SharePoint content web applications.  In a real world environment though a domain user is probably running the app pools.

Tech Specs:

SharePoint Version: 2007
ADFS Version: 2.0
Server OS: 2008R2

ADFS URL: https://lab-adfs.defenseready.local/
SharePoint 2007 URL: https://ext.defenseready.local/
SharePoint App Pool User: defenseready\spapppool

What Happens:

Users opens the browser and navigates to the site.

Enter user information and click Sign In

The user now is presented with the error that An unexpected error has occurred.

How to diagnose:

In order to diagnose we will need to update the web.config for the SharePoint site.

First find the CallStack attribute and set it to true
Secondly change the customErrors mode attribute to Off

When we repeat the steps earlier and try to access the site we can now see the full error.

SharePoint is reporting a CryptographicException

 How to Resolve:

In order to give the application pool the correct rights to load the certificates we need to update the application pool settings.   Specifically we need to update the Load User Profile setting to True.

 After you have updated this restart IIS and give it another try.


Popular posts from this blog

Add User As Local Administrator On Domain Controller

Calling Dataverse Web API in PowerShell using Client Credentials

Windows Server 2008R2 VMs Shut Down After 1 to 2 Hours