none
ADFS Error 364 / 111 after Windows Update KB2843639

    Question

  • Hello Technet,

    After installing the update KB2843639 that addresses vulnerabilities for ADFS Service (see MS-13066) my ADFS service is not able to authenticate anymore.

    In the event viewer I see:

    364 Errors

    Encountered error during federation passive request. 

    Additional Data 

    Exception details: 
    Microsoft.IdentityServer.Web.RequestFailedException: MSIS7012: An error occurred while processing the request. Contact your administrator for details. ---> System.ServiceModel.FaultException: MSIS3127: The specified request failed.
       at Microsoft.IdentityServer.Protocols.WSTrust.WSTrustClientManager.Issue(Message request, WCFResponseData responseData)
       at Microsoft.IdentityServer.Protocols.WSTrust.WSTrustClient.Issue(RequestSecurityToken rst, WCFResponseData responseData)
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SubmitRequest(MSISRequestSecurityToken request)
       --- End of inner exception stack trace ---
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SubmitRequest(MSISRequestSecurityToken request)
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.RequestBearerToken(MSISSignInRequestMessage signInRequest, SecurityTokenElement onBehalfOf, SecurityToken primaryAuthToken, String desiredTokenType, Uri& replyTo)
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.BuildSingleSignOnToken(SecurityToken securityToken, String issuer)
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.RedirectAdfsLsForRpTokenInSsoCase(SecurityToken securityToken, WSFederationMessage wsFederationPassiveRequestMessage, HttpRequest request, HttpResponse response)

    System.ServiceModel.FaultException: MSIS3127: The specified request failed.
       at Microsoft.IdentityServer.Protocols.WSTrust.WSTrustClientManager.Issue(Message request, WCFResponseData responseData)
       at Microsoft.IdentityServer.Protocols.WSTrust.WSTrustClient.Issue(RequestSecurityToken rst, WCFResponseData responseData)
       at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SubmitRequest(MSISRequestSecurityToken request)

    111 Errors

    The Federation Service encountered an error while processing the WS-Trust request. 
    Request type: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue 

    Additional Data 
    Exception details: 
    System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.TypeLoadException: Could not load type 'Microsoft.IdentityModel.Protocols.XmlSignature.AsymmetricSignatureOperatorsDelegate' from assembly 'Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'.
       at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService..ctor(SecurityTokenServiceConfiguration securityTokenServiceConfiguration)
       --- End of inner exception stack trace ---
       at System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
       at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
       at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
       at Microsoft.IdentityModel.Configuration.SecurityTokenServiceConfiguration.CreateSecurityTokenService()
       at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.CreateSTS()
       at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.CreateDispatchContext(Message requestMessage, String requestAction, String responseAction, String trustNamespace, WSTrustRequestSerializer requestSerializer, WSTrustResponseSerializer responseSerializer, WSTrustSerializationContext serializationContext)
       at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginProcessCore(Message requestMessage, WSTrustRequestSerializer requestSerializer, WSTrustResponseSerializer responseSerializer, String requestAction, String responseAction, String trustNamespace, AsyncCallback callback, Object state)

    System.TypeLoadException: Could not load type 'Microsoft.IdentityModel.Protocols.XmlSignature.AsymmetricSignatureOperatorsDelegate' from assembly 'Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'.
       at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService..ctor(SecurityTokenServiceConfiguration securityTokenServiceConfiguration)

    I tried setspn -a http/adfs serviceAccountName which did not solve it.

    The only solution that I found is to remove the update and hide it so it does not come back.

    I also have a second ADFS environment which was affected the same way by the update.

    Anyone had the same issue? 

    Wednesday, August 14, 2013 2:49 PM

Answers

All replies