Comments (5)
redhook62
commented on July 28, 2024
What do you mean with "read-only" ADFS Server ?
Can you send us detailled errorLog on the secondary server ?
We are not writing on ADFS Servers (Primary and Secondary), for example to query ExternalLockout we just perform a Get-ADFSProperties cmdlet.
The retry count, is stored in usercontext (in browser encrypted field), not on any ADFS server process.
So, for example, if the delivery Windows is elapsed, there's a direct error, no retry allowed.
Regards
from adfsmfa.
Ikke
commented on July 28, 2024
Ok, thanks for that info, read-only was not the correct expression, but not all operations work on a secondary server.
When "Invalid identification, please restart your session." shows up nothing is logged under the ADFS log on the secondary server.
When the user click OK, user gets the message "An error occurred" and in the ADFS log, Event 364 is logged with the following information:
Encountered error during federation passive request.
Additional Data
Protocol Name:
OAuthAuthorizationProtocolRelying Party:
urn:microsoft:adfs:claimsxrayException details:
Microsoft.IdentityServer.Web.Authentication.External.ExternalAuthenticationException: [email protected] :
at Neos.IdentityServer.MultiFactor.AuthenticationProvider.TryLocking(AuthenticationContext usercontext, IAuthenticationContext context, IProofData proofData, HttpListenerRequest request, Claim[]& claims)
at Neos.IdentityServer.MultiFactor.AuthenticationProvider.TryEndAuthentication(IAuthenticationContext context, IProofData proofData, HttpListenerRequest request, Claim[]& claims)
at Microsoft.IdentityServer.Web.Authentication.External.ExternalAuthenticationHandlerBase.TryEndAuthentication(IAuthenticationContext authContext, IProofData proofData, HttpListenerRequest request, Claim[]& adapterClaims)
at Microsoft.IdentityServer.Web.Authentication.External.ExternalAuthenticationHandler.Process(ProtocolContext context)
at Microsoft.IdentityServer.Web.Authentication.AuthenticationOptionsHandler.Process(ProtocolContext context)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
When we try to manually run the cmdlet on a secondary ADFS server, we get the following message:
PS C:\Windows\system32> Get-ADFSProperties
Get-ADFSProperties : PS0033: This cmdlet cannot be executed from a secondary server in a local database farm.
Hope this helps
from adfsmfa.
redhook62
commented on July 28, 2024
Hi,
Ok, we don't see the problem because this works with ADFS 2012R2, and on our 2016 platform we don't use WID (Windows Internal Database) but an SQL Server instance to prevent token replays.
We are going to broadcast the value from Primary server to all secondary servers.
Regards
from adfsmfa.
redhook62
commented on July 28, 2024
New Version 2.2.037
New Config parameter added : MaxRetries
Should work as well in ADFS 2016 Farm with multiple hosts
Regards
from adfsmfa.
Ikke
commented on July 28, 2024
Thank you for your quick handling of this issue.
from adfsmfa.
Related Issues (20)
- MFA Login is denied - Password expired HOT 2
- Disable automatic User Import HOT 11
- Fresh install breaks ADFS completely (adfssrv fails to start: error code 1067) HOT 9
- Prevent forrest wide User Lookup? (MMC and cmdlet long loading time) HOT 2
- MFA Not working on clustered ADFS with MDA HOT 5
- Unable to update e-mail Templates HOT 2
- Issue sending email - requires tls 1.2 HOT 4
- Timeouts if primary ADFS member is not online (Event ID 2011/1011) HOT 9
- MFA new domain in forest HOT 2
- MMC Crash HOT 5
- Initial MFA page shows with delay HOT 1
- PowerShell Add-MFAUsers - Error adding user not found HOT 6
- Login Password issue HOT 5
- The MFA wizard is skipped. HOT 8
- "The process cannot access the file" when trying to run Register-MFASystem HOT 4
- Register-MFASystem - BUG
- Operation Completed Successfully HOT 1
- Biometric auth - Requested value '00000000-0000-0000-0000-000000000000' was not found. HOT 7
- Email provider HOT 5
- Configuration for External Multi-Factor Provider plug HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from adfsmfa.