This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

Token Validation failed when using SMAAccount (Domain\username) event ID :342

Question
0

Sign in to vote

i have recently installed ADFS 4.0 everything works fine. one issue is that when user is using domain\username (SMA Account) it gives Token validation failed and in event viewer i can see event ID 342 (Token Validation Failed) but everything works fine if i use UPN username@domain.com any thought what rule i need to add it to ADFS.

Error:
Token validation failed.

Additional Data

Token Type:
http://schemas.microsoft.com/ws/2006/05/identitymodel/tokens/UserName
%Error message:
UserName -The user name or password is incorrect

Exception details:
System.IdentityModel.Tokens.SecurityTokenValidationException: esanchez ---> System.ComponentModel.Win32Exception: The user name or password is incorrect
at Microsoft.IdentityServer.Tokens.LsaLogonUserHelper.GetLsaLogonUserHandle(SafeHGlobalHandle pLogonInfo, Int32 logonInfoSize, SafeCloseHandle& tokenHandle, SafeLsaReturnBufferHandle& profileHandle)
at Microsoft.IdentityServer.Tokens.LsaLogonUserHelper.GetLsaLogonUserInfo(SafeHGlobalHandle pLogonInfo, Int32 logonInfoSize, DateTime& nextPasswordChange, DateTime& lastPasswordChange, String authenticationType, String issuerName)
at Microsoft.IdentityServer.Tokens.LsaLogonUserHelper.GetLsaLogonUser(String domain, String username, String password, DateTime& nextPasswordChange, DateTime& lastPasswordChange, String issuerName)
at Microsoft.IdentityServer.Service.LocalAccountStores.ActiveDirectory.ActiveDirectoryCpTrustStore.ValidateUser(IAuthenticationContext context)
--- End of inner exception stack trace ---
at Microsoft.IdentityServer.Service.LocalAccountStores.ActiveDirectory.ActiveDirectoryCpTrustStore.ValidateUser(IAuthenticationContext context)
at Microsoft.IdentityServer.Service.Tokens.MsisLocalCpUserNameSecurityTokenHandler.ValidateTokenInternal(UsernameAuthenticationContext usernameAuthenticationContext, SecurityToken token)
at Microsoft.IdentityServer.Service.Tokens.MsisLocalCpUserNameSecurityTokenHandler.ValidateToken(SecurityToken token)

System.ComponentModel.Win32Exception (0x80004005): The user name or password is incorrect
at Microsoft.IdentityServer.Tokens.LsaLogonUserHelper.GetLsaLogonUserHandle(SafeHGlobalHandle pLogonInfo, Int32 logonInfoSize, SafeCloseHandle& tokenHandle, SafeLsaReturnBufferHandle& profileHandle)
at Microsoft.IdentityServer.Tokens.LsaLogonUserHelper.GetLsaLogonUserInfo(SafeHGlobalHandle pLogonInfo, Int32 logonInfoSize, DateTime& nextPasswordChange, DateTime& lastPasswordChange, String authenticationType, String issuerName)
at Microsoft.IdentityServer.Tokens.LsaLogonUserHelper.GetLsaLogonUser(String domain, String username, String password, DateTime& nextPasswordChange, DateTime& lastPasswordChange, String issuerName)
at Microsoft.IdentityServer.Service.LocalAccountStores.ActiveDirectory.ActiveDirectoryCpTrustStore.ValidateUser(IAuthenticationContext context)

Thank you,

@

Wednesday, May 24, 2017 4:55 PM

All replies

0

Sign in to vote

This error is coming from LSASS. On ADFS server, check if your user can authenticate using domain\user format?

On an elevated command prompt, run following command

runas /user:domain\username cmd.exe

Check if the authentication also fails here

Thursday, July 13, 2017 8:03 AM
0

Sign in to vote

Hi Jai,

Encountered the same error.. what if runas /user:domain\username cmd.exe is failing ?
Regards | Jack

Monday, August 14, 2017 12:19 PM