locked
Event 1021 after configuring WHFB RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    I'm trying to configure WHFB Hybrid certificate trust and I am getting spammed by event 1021 on the AD FS server. It's AD FS 2016, our devices are Hybrid Joined (so they don't appear in the on prem RegisteredDevices OU, but I have some devices in there - android phones)

    Full details of the event log

    Encountered error during OAuth token request. 

Additional Data 

Exception details: 
Microsoft.IdentityServer.Web.Protocols.OAuth.Exceptions.OAuthInvalidGrantException: MSIS9422: Received invalid OAuth JWT Bearer request. The certificate used to sign JWT Bearer request is not from a registered device. ---> Microsoft.IdentityServer.Web.Protocols.OAuth.Exceptions.OAuthInvalidGrantException: MSIS9422: Received invalid OAuth JWT Bearer request. The certificate used to sign JWT Bearer request is not from a registered device.
   at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthToken.OAuthJWTBearerRequestContext.ValidateDeviceObject(DRDevice device)
   at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthToken.OAuthJWTBearerRequestContext.CreateUserToken()
   at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthToken.OAuthJWTBearerRequestContext.ValidateJWTBearer()
   --- End of inner exception stack trace ---
   at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthToken.OAuthJWTBearerRequestContext.ValidateJWTBearer()
   at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthToken.OAuthJWTBearerRequestContext.ValidateCore()
   at Microsoft.IdentityServer.Web.Protocols.ProtocolContext.Validate()
   at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthToken.OAuthTokenProtocolHandler.ProcessJWTBearerRequest(OAuthJWTBearerRequestContext jwtBearerContext)

Microsoft.IdentityServer.Web.Protocols.OAuth.Exceptions.OAuthInvalidGrantException: MSIS9422: Received invalid OAuth JWT Bearer request. The certificate used to sign JWT Bearer request is not from a registered device.
   at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthToken.OAuthJWTBearerRequestContext.ValidateDeviceObject(DRDevice device)
   at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthToken.OAuthJWTBearerRequestContext.CreateUserToken()
   at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthToken.OAuthJWTBearerRequestContext.ValidateJWTBearer()


    • Edited by Michael Bould Monday, July 1, 2019 1:19 PM more detail
    Monday, July 1, 2019 1:18 PM