locked
Event 1021 after configuring WHFB RRS feed

  • Question

  • Hi,

    I'm trying to configure WHFB Hybrid certificate trust and I am getting spammed by event 1021 on the AD FS server. It's AD FS 2016, our devices are Hybrid Joined (so they don't appear in the on prem RegisteredDevices OU, but I have some devices in there - android phones)

    Full details of the event log

    Encountered error during OAuth token request. 
    
    Additional Data 
    
    Exception details: 
    Microsoft.IdentityServer.Web.Protocols.OAuth.Exceptions.OAuthInvalidGrantException: MSIS9422: Received invalid OAuth JWT Bearer request. The certificate used to sign JWT Bearer request is not from a registered device. ---> Microsoft.IdentityServer.Web.Protocols.OAuth.Exceptions.OAuthInvalidGrantException: MSIS9422: Received invalid OAuth JWT Bearer request. The certificate used to sign JWT Bearer request is not from a registered device.
       at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthToken.OAuthJWTBearerRequestContext.ValidateDeviceObject(DRDevice device)
       at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthToken.OAuthJWTBearerRequestContext.CreateUserToken()
       at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthToken.OAuthJWTBearerRequestContext.ValidateJWTBearer()
       --- End of inner exception stack trace ---
       at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthToken.OAuthJWTBearerRequestContext.ValidateJWTBearer()
       at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthToken.OAuthJWTBearerRequestContext.ValidateCore()
       at Microsoft.IdentityServer.Web.Protocols.ProtocolContext.Validate()
       at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthToken.OAuthTokenProtocolHandler.ProcessJWTBearerRequest(OAuthJWTBearerRequestContext jwtBearerContext)
    
    Microsoft.IdentityServer.Web.Protocols.OAuth.Exceptions.OAuthInvalidGrantException: MSIS9422: Received invalid OAuth JWT Bearer request. The certificate used to sign JWT Bearer request is not from a registered device.
       at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthToken.OAuthJWTBearerRequestContext.ValidateDeviceObject(DRDevice device)
       at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthToken.OAuthJWTBearerRequestContext.CreateUserToken()
       at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthToken.OAuthJWTBearerRequestContext.ValidateJWTBearer()
    


    • Edited by Michael Bould Monday, July 1, 2019 1:19 PM more detail
    Monday, July 1, 2019 1:18 PM