Comments (9)
Have more informations ? we can't reproduce this problem.
from adfsmfa.
I am not sure, but the console is not stable, especially changing the "Security configuration".
RNG mode is no problem, but when I tried to use RSA mode and press "new certificate" button, the console will be no response for a moment and then an exception message has been popped up. I also tried to input the cert thumbprint manually but cannot save successfully.
This also happen when I execute Register-MFASystem cmdlet, below screenshots and attachments is for your reference.
Environment:
Windows 2016 with latest patches, ADFS
Locale & datetime format: Chinese (MACAU SAR)
latest version of MFA, I have installed 2.0.1.112 before and already follow the instruction to uninstalled.
PS C:\Users\administrator.ADFSUAT> $cfg=Get-MFAConfig
PS C:\Users\administrator.ADFSUAT> $cfg |format-list
RefreshScan : 3000
DeliveryWindow : 300
TOTPShadows : 2
MailEnabled : True
SMSEnabled : True
AppsEnabled : True
Algorithm : SHA1
Issuer : MFA
UseActiveDirectory : False
CustomUpdatePassword : True
DefaultCountryCode : us
AdminContact : [email protected]
UserFeatures : AllowUnRegistered, AllowDisabled, AllowChangePassword, AllowManageOptions
AdvertisingDays : Neos.IdentityServer.MultiFactor.ConfigAdvertising
PS C:\Users\administrator.ADFSUAT> $cfg=Get-MFAConfigMails
Get-MFAConfigMails : Object reference not set to an instance of an object.
At line:1 char:6
- $cfg=Get-MFAConfigMails
-
~~~~~~~~~~~~~~~~~~
- CategoryInfo : OperationStopped: (Neos.IdentitySe...tMFAConfigMails:GetMFAConfigMails) [Get-MFAConfigMa
ils], NullReferenceException - FullyQualifiedErrorId : 3021,Neos.IdentityServer.MultiFactor.Administration.GetMFAConfigMails
- CategoryInfo : OperationStopped: (Neos.IdentitySe...tMFAConfigMails:GetMFAConfigMails) [Get-MFAConfigMa
from adfsmfa.
Strange !
- Confirm that you are using SQL configuration (UseActiveDirectory = false) ? so, have you created the Database ?
- The account that you use for cmdlet commands or console operation have sufficent rights to write configuration ? must be an admin or Inside the delegated admin group in ADFS Properties.
- Error 3021 occurs when MFA configuration cannot be retreived from ADFS configuration.
- Please, register a new configuration or use PowerShell or Console with admin rights.
Let us know
from adfsmfa.
I have tried to remove MFA and ADFS role and reinstall them. Same error still happened, it will pop up an error when start the MFA notification hub service, but the service is still running. I can use MFA in SSO login without problem.
I use another domain account to run ADFS service and the account is not local admin.
I use enterprise admin account (who is also local admin) to login ADFS server and with admin rights to do the installation and config tasks.
ADFS is running fine and can log in successfully without problem.
If I try to use backup configure file in register-mfasystem command, it will show the error below and registration is failed (without configure file, it is okay):
PS C:\Users\administrator.ADFSUAT> register-mfasystem -Activate -RestartFarm -AllowUpgrade -BackupFilePath C:\temp\myconfig.xml
Confirm
Are you sure you want to perform this action?
Performing the operation "Changing Keyformat invalidate all users keys ! When choosing CUSTOM
KeyFormat, additional steps are required (Set-MFAConfigkeys and New-MFASecretKeysDatabase)" on target "Register-MFASystem".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"):
register-mfasystem : Object reference not set to an instance of an object.
At line:1 char:1
+ register-mfasystem -Activate -RestartFarm -AllowUpgrade -BackupFilePa ...
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (Neos.IdentitySe...gisterMFASystem:RegisterMFASystem) [Register-MFASystem], NullReferenceException
+ FullyQualifiedErrorId : 3012,Neos.IdentityServer.MultiFactor.Administration.RegisterMFASystem
-
Confirm that you are using SQL configuration (UseActiveDirectory = false) ? so, have you created the Database ?
I think it doesn't relate to db...As the register-mfasystem command does not have options to config to use ADDS or DB, this setting is configured after executed register-mfasystem command. Even though I set to use DB, error still happened. -
The account that you use for cmdlet commands or console operation have sufficent rights to write configuration ? must be an admin or Inside the delegated admin group in ADFS Properties.
as said above.
Even though I set the domain account as local admin, check "Allow local system account for service administration" in ADFS Ferderation Service Properties, it doesn't solve the problem. -
Error 3021 occurs when MFA configuration cannot be retreived from ADFS configuration.
-
Please, register a new configuration or use PowerShell or Console with admin rights.
as said above.
from adfsmfa.
Hi,
Sorry, we where very busy today.
We're going to test tomorrow with the informations you have posted
Thanks
from adfsmfa.
- Bug correction in version 2.0.2.964 for Register-MFASystem (see comments on releases)
- The console, perhaps, is not very stable, but in our tests with your configuration as example we didn't find the problems you experienced.
- For example, to create a certificate (RSA), everythings is OK with the console or cmdlet Install-MFACertificate.
Let us know, if it's better after installing the las t version
from adfsmfa.
Happy new year, thanks for your great work.
The register command and the backup/restore configure file is okay.
The RSA still got problem when click "New cert" button, it will popup an .net exception, although I see the cert is created in cert store.
The exception still occurs when starting MFA service.
I tried to reinstall Windows and everything but still has exception, don't know why.
Perhaps if you don't mind, could you remote to my servers and take a look so that you can get more detail?
Thanks.
from adfsmfa.
Hi,
Yes, if you want i could remote your server, but it's a very sensitive operation.
First, can you check that you have all the needed Eventlog entries (as below), let me know.
After, can you prepare an RDP file with credentials stored Inside, verify that it's working.
You can create a temporary user on your ADDS (standard rights), and make this account Local Admin.
With this access, i could remote your server.
I have set your github account as a collaborator, so with this, i think (not sure) we can communicate privately.
After remoting, you can safely delete or disable the account used.
Lest me know i you have a better idea ?
Regards
from adfsmfa.
After debugging remotely, the problem was the jit debugger of visual studio.
The error occurs in Microsoft.IdentityServer.ServiceHost.exe.
We can reproduce the problem on our Platform.
if you experience this problem, in emergency you can run this command : vsjitdebugger.exe /unregserver.
By default, never install development Tools on Servers, and also never on ADFS servers.
If you want to debug ADFS or your extension, you must use "VS Remote Debugger"
As source of the problem, a Debugger Break was is our code :
Debugger.Launch(); Debugger.Break();
A new version released 2.0.2.965
Thanks to @unchannam
from adfsmfa.
Related Issues (20)
- Error: The referenced component 'Microsoft.IdentityServer.Aad.Sas' could not be found HOT 3
- Error: the type or namespace 'Public' does not exist in Microsoft.IdentityServer HOT 2
- MFA fails to retrieve security descriptors - causes error "must be executed with ADFS administration rights granted" HOT 10
- Missing servers in GUI HOT 3
- Temporary error upon first time TOTP registration HOT 6
- Error decrypting - Crytographic error for user HOT 6
- MFA Registration Error HOT 9
- MFA registration error HOT 4
- MFA Self registration error HOT 1
- Login error HOT 7
- Self-registration for MFA was denied. HOT 2
- Adfs wap issue HOT 34
- MFA Login is denied - Password expired HOT 2
- Disable automatic User Import HOT 11
- Fresh install breaks ADFS completely (adfssrv fails to start: error code 1067) HOT 9
- Prevent forrest wide User Lookup? (MMC and cmdlet long loading time) HOT 2
- MFA Not working on clustered ADFS with MDA HOT 5
- Unable to update e-mail Templates HOT 2
- Issue sending email - requires tls 1.2 HOT 4
- Timeouts if primary ADFS member is not online (Event ID 2011/1011) HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from adfsmfa.