none
Exchange and ADFS, working with Errors in ADFS

    Question

  • We have configured Exchange 2013 OWA and ECP to authenticate with ADFS. It is working and everything is operational. However, ADFS is getting several errors a minute that show something trying to use https://localhost/owa/ and authenticate through ADFS.

    Obviously, something on or in exchange is doing this, but I have no idea what or where. Anyone have any ideas?

    Here is the error in ADFS:

    Encountered error during federation passive request. 

    Additional Data 

    Protocol Name: 
    wsfed 

    Relying Party: 
    https://localhost/owa/ 

    Exception details: 
    Microsoft.IdentityServer.Web.InvalidScopeException: MSIS7007: The requested relying party trust 'https://localhost/owa/' is unspecified or unsupported. If a relying party trust was specified, it is possible that you do not have permission to access the trust relying party. Contact your administrator for details.
       at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationSignInContext.ValidateCore()
       at Microsoft.IdentityServer.Web.Protocols.ProtocolContext.Validate()
       at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.GetRequiredPipelineBehaviors(ProtocolContext pContext)
       at Microsoft.IdentityServer.Web.PassiveProtocolListener.EvaluateHomeRealm(PassiveProtocolHandler protocolHandler, ProtocolContext protocolContext)
       at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)

    Thursday, April 18, 2019 4:58 PM

All replies

  • Hi ACorbs1,

    As a workaround, you can solve this issue by simply adding "https://localhost/owa/" as an identifier on your relying party trust for OWA. Under Identifier and Relying Party Identifier, as below:


    Best Regards,
    Niko Cheng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Friday, April 19, 2019 7:26 AM
    Moderator
  • The thought had occurred to me to allow localhost/owa, but it does not answer the root question of where this is coming from and what might be causing it. I am most concerned that this is a symptom of a larger problem with our exchange deployment.
    Tuesday, April 23, 2019 4:33 PM
  • Hi ACorbs1,

    ADFS Trace log may help us find out who is trying to use https://localhost/owa/ and authenticate through ADFS, the following blog has explained this log in details, for your reference: 

    Diagnostics in AD FS 2.0


    Best Regards,
    Niko Cheng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Thursday, April 25, 2019 9:46 AM
    Moderator
  • Hi ACorbs1,

    I'm just writing to check how's everything going? If you have any questions or needed further help on this issue, please feel free to post back. If the issue has been resolved, please mark the helpful replies as answers, this will make answer searching in the forum easier and be beneficial to other community members as well.

    Thanks for your understanding.


    Best Regards,
    Niko Cheng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Friday, May 3, 2019 2:01 AM
    Moderator