locked
AD FS SSO ERROR MSIS7065: There are no registered protocol handlers on path /adfs/ls to process the incoming request. RRS feed

  • Question


  • Hello

    Installed AD FS Role on windows server 2012


    Can access the meta data
    https://sso.myorg.com/federationmetadata/2007-06/federationmetadata.xml
    Per the metadata, the sso url is https://sso.myorg.com/adfs/ls
    but I cannot access that URL.

    When I try On the browser I get
     
     An error occurred
    An error occurred. Contact your administrator for more information.


    In the event log:
    Encountered error during federation passive request.

    Additional Data

    Protocol Name:

    Relying Party:
     
    Exception details:
    Microsoft.IdentityServer.RequestFailedException: MSIS7065: There are no registered protocol handlers on path /adfs/ls to process the incoming request.
       at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)






    I can access
    https://sso.myorg.com/adfs/ls/idpinitiatedsignon.aspx
    to get to a log in screen.


    Have forms auth enabled for both intranet and extranet under AD FS Primary Auth policy.


    Reviewed this guide:
    https://technet.microsoft.com/en-us/library/adfs2-troubleshooting-things-to-check%28v=ws.10%29.aspx
    As per:
    "Determine whether AD FS 2.0 sites are missing in IIS or whether they have been enabled"
    I checked IIS but the /adfs/ls are not present.

    Why would
    "https://sso.myorg.com/adfs/ls/idpinitiatedsignon.aspx"
    work and not "https://sso.myorg.com/adfs/ls"



    When I stop and start the AD FS service, I can see a list of URL.
    including one for the meta data in Event id 100

    But listed under Other Endpoints, I see
    https://+:443//adfs/ls

    What does this format URL mean?



    Have I installed incorrectly?

    In AD FS -> Service -> Endpoints, I can see URL /adfs/ls enabled.


    Have tried all in this thread also but no improvement.
    https://social.technet.microsoft.com/Forums/en-US/cd3d570f-774f-458e-a226-4516e39af843/no-registered-protocol-handlers-error-following-installation-of-adfs-30-on-server-2012-r2?forum=Geneva

    Including verrifying the SPN.

    any suggestions on what the problem might be?
    is https://+:443//adfs/ls problematic? and or the fact that adfs/ls not under default website? but why does "https://sso.myorg.com/adfs/ls/idpinitiatedsignon.aspx" work?
    Monday, May 23, 2016 10:03 PM

Answers

  • Well adfs/ls is not suppose to show you anything. This is a URL for and redirect POST messages during the different federation flow. The idpinitiatedsignon page is available through regular browsers.

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Tuesday, October 11, 2016 10:39 AM

All replies

  • This error  message is expected going to this URL with your browser.

    Do you also have the same error message when you are redirected from a Relying Party Trust?


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Tuesday, May 24, 2016 10:44 PM
  • Any update?

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Thursday, May 26, 2016 1:53 PM
  • I am getting the very same issues as the original poster.

    I also get the error when redirected to the /adfs/ls endpoint from a relying party.

    I can get one flow working - user goes to /adfs/ls/idpinitiatedsignon.aspx and logs in, then redirects to relying party. In this scenario the user is successfully logged into the relying party site.

    However, the scenario where the user goes directly to the relying party site and gets redirected back to /adfs/ls to authenticate does not work. An error message is displayed on the /adfs/ls screen and the event log error 

    "There are no registered protocol handlers on path /adfs/ls to process the incoming request." is generated.

    I have tried all the same trouble-shooting issues as the original poster but am still stuck. Any suggestions?

    Wednesday, June 22, 2016 3:26 PM
  • Hi,

    Have you found any solution for this issue. Because I'm also facing the exact same issue.

    Thanks.

    Wednesday, September 28, 2016 6:33 AM
  • Well adfs/ls is not suppose to show you anything. This is a URL for and redirect POST messages during the different federation flow. The idpinitiatedsignon page is available through regular browsers.

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Tuesday, October 11, 2016 10:39 AM
  • Hi,

    I am also facing the exact same issue. My browser shows 404 for

    /adfs/ls

    saying this URL was not found on this server. Any ideas?


    • Edited by rohitvk Wednesday, February 28, 2018 4:38 AM
    Wednesday, February 28, 2018 4:36 AM
  • Again, this URL is not supposed to show you anything. This is an endpoint waiting for specific context to be send. Just doing a GET on this is not expected to do anything.

    If you have this error message trying to access to a specific relying party trust, please post more details as well as a filddler trace. Ideally create a new thread as this one is marked as resolved.


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Thursday, March 1, 2018 1:04 AM