none
ADFS 3.0-PasswordUpdate page works sometimes, but often gives "An error occurred"

    Question

  • We just upgraded to ADFS 3.0 on 2012r2 a few weeks ago.  We use the forms based authentication page a lot and it seems to work fine internally(we do not use Windows Integrated Auth), and externally through the web application proxy servers.  I enabled the UpdatePassword endpoint on the ADFS and proxy servers, but having huge problems with just that endpoint. We do have a farm, and usually see this error much more often going through the proxy servers, but I have isolated everything and this problem is not specific to a single server or to the proxies.  I can get the same error internally as well, but sometimes it works fine.  We do have some F5 load balancers in front, but I am bypassing those and point directly to the hosts.  When we do get the error it says "An error occurred.  Contact your administrator for more information"

    I have read through some articles about the hotfixes and updates for ADFS.  All of these servers are updated and have the prereq KB2919355, but they do not have KB3035025 or KB3045711.  I do not think that workplace join is our problem, but when I download those updates I cannot install them because it says they are not applicable.  I am guessing I have another update that superseded them.

    The only information I can find on this is

    https://blog.kloud.com.au/2015/07/22/adfs-sign-in-error-an-error-occurred-contact-your-administrator-for-more-information/

    He mentions he spent a ton of time and then found that ADDS needed to clean up old DCs.  We certainly do not have any old DCs showing in the Domain Controllers OU, Sites and Services, or in DNS.  I always try to clean up any metadata, but does anyone else have any ideas?  This is a tough one because it often work fine.  If I reboot my entire farm, it seems 100% for the first few hundred attempts.

    Thanks,

     

     

    Dave



    • Edited by DaveBryan37 Friday, February 17, 2017 6:59 PM
    Friday, February 17, 2017 6:57 PM

All replies

  • Hi Dave,
    Appreciate you posting the questions in the Directory Services forum. However, since the issue relates to ADFS, I would suggest you post the question in ADFS forum:
    https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=ADFS
    The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, February 20, 2017 6:30 AM
    Moderator
  • Yes - I posted to the correct forum.  Please remove

    Dave

    • Edited by DaveBryan37 Monday, February 20, 2017 6:55 PM
    Monday, February 20, 2017 6:55 PM
  • ok, thank you for the feedback.

    Regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, February 21, 2017 5:37 AM
    Moderator