locked
Win2k16 ADFS problem RRS feed

  • Question

  • Hello,

    I'm trying to configure ADFS in Win2k16 with AD LDS as a users store. Basically it works wiith AD but when I try to authenticate against AD LDS I get info : Incorrect User ID or password. I check ADFS events on ADFS server and I get error events 342 and 362 with information :

    test2@test1.xx.xx.test-The distinguished name contains invalid syntax.

    This user exist in my LDAP store with mentioned UPN. Any ideas whats wrong ?

    Marek

    Friday, December 25, 2015 10:59 PM

Answers

All replies

  • Hello,

    UPDATE:

    Previous errors regarding distinguished name were caused by wrong username (the same like part of domain name) used for LDAP connection from ADFS.
    Now I still have errors 342 and 362 ( and 305 in addition) but details point to directory searching problem . It concerns also account used for connection (used in -LdapServerConnection parameter). Some details (event 305):

    The Federation Service encountered an error while querying a LDAP server at xx-as00-test.xx.xx.net.

    Additional Data
    Domain name: xx-as00-test.xx.xx.net
    LDAP server hostname (if available): xx-as00-xx.xx.lidl.net
    Authentication type: Basic
    SSL mode: None
    Username (if available): Test2@Test1.xx.xx.test
    Error code (if available): NoSuchObject
    Error from LDAP server (if available): 0000208D: NameErr: DSID-03152709, problem 2001 (NO_OBJECT), data 0, best match of:
        'DC=Test1,DC=xx,DC=xx,DC=test'

    Exception Details:
     The object does not exist.

    Here is parameter used during establishing trust:

    –UserContainer "OU=TestApp1,DC=Test1,DC=xx,DC=xx,DC=test"

    It's correct.

    Sunday, December 27, 2015 6:23 PM
  • Hi,
     
    For ADFS related issues, I'd suggest you post in the dedicated forum below, there you should get more professional responses. There is not so much about ADFS here:
     
    https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=ADFS
     
    The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.
     

    Regards,

    Ethan Hua


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact  tnmff@microsoft.com  

    Tuesday, December 29, 2015 6:49 AM