Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error after upgrade to 2.2.0.1000 #48

Closed
anorstrom opened this issue Dec 28, 2018 · 4 comments
Closed

Error after upgrade to 2.2.0.1000 #48

anorstrom opened this issue Dec 28, 2018 · 4 comments
Labels
bug

Comments

@anorstrom
Copy link

Hi,
We upgraded from 2.2.0.41 to 2.2.0.1000 in our lab environment, but ran into an issue.
(We've upgraded to newer versions several times before, and followed the same procedure, but it didn't work this time. )

Logging in with an already enrolled user does not work.
Enroll a new user does not work. Add-MFAUsers gives the error

Error adding user "User" \r User "User" not found !

Get-MFAUsers does not work, but gives the error

The user name or password is incorrect.

All these events gives in the event log the error (Application Event Log):

Source: ADFS MFA DataService
Event ID: 5000
Message: The user name or password is incorrect.

We have the following settings:
Active Directory mode
RSA 1024
ADFS service account is member of Domain Admins
The account we install with and are running PS commands with is member of Domain Admins

We upgraded in the following way:

  1. Uninstall 2.2.0.41
  2. Install 2.2.0.1000
  3. Restart ADFS service

We've done the following troubleshooting:

  1. Unregister-MFASystem
  2. Uninstall 2.2.0.1000
  3. Install 2.2.0.1000
  4. Register-MFASystem -Activate -RestartFarm -KeysFormat RSA -RSACertificateDuration 25 -Verbose
  5. Tried Add-MFAUsers, but same error.
  6. Changed certificate to the previous by running the code below. After that restart ADFS service.
  7. Tried Add-MFAUsers and Get-MFAUsers, but same error.
$keys = Get-MFAConfigKeys
$keys.CertificateThumbprint = "<Thumbprint>"
Set-MFAConfigKeys $keys

Do you know what the problem could be?

Kind Regards,
Andreas
@redhook62
Copy link
Member

Hi @anorstrom

Have you put a domain address, username and password in your ADDS configuration ?
In this case your domain address must be like this : LDAP://mydomain.com (LDAP in uppercase).

Yes, there's a little mistake in our code, we will provide an update.
Prefixing with LDAP: // will no longer be the norm, only the domain name or IP address will be required.

Kind Regards

@redhook62
Copy link
Member

New release 2.2.0.1001

Regards

@redhook62 redhook62 added the bug label Dec 29, 2018
@anorstrom
Copy link
Author

I had AD domain address and user/pwd empty.
Installed 2.2.0.1001 and with AD user/pwd empty it still didn't work, but after adding the ADFS service account for the AD access it worked.

Thanks for your help!

@redhook62
Copy link
Member

there was a bug in MMC snapin, Password was not well saved.
So, you can put nothing in domain, user and password. in this case the adfs account is user by default.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@anorstrom @redhook62