SharePoint 2013: Error: ID3204: WS-Federation SignIn request must specify a ‘wtrealm’ or ‘wreply’

As you may know, I work with Microsoft products, SharePoint specifically lately. I ran into an issue with the setup of utilizing ADFS as a claim token provider for authentication on a specific URL.

The issue was…

Error: ID3204: WS-Federation SignIn request must specify a ‘wtrealm’ or ‘wreply’

There was more to this with custom errrors on. I like it when I get the full spiel from .NET.

While I care very much for wreply in my situation, I didn’t get initially what was broken… the setup of a token issuer is quite simple, especially ADFS, it’s less fuss and a Microsoft product. Plus my scripts usually don’t fail me much.

After a quick working environment comparison and running a few powershell scripts, I saw that my realm providers did not have the URN attached.

Key                                        Value
—-                                      —–
https://URL1/
https://URL2/
https://URL3/
https://URL4/
https://URL5/
https://URL6/
https://URL7/

Bah Humbug…

A quick clear, of the values.

$ap = Get-SPTrustedIdentityTokenIssuer
$ap.ProviderRealms.Clear()
$ap.Update()

And re-run my script… and voila…

Key                                        Value
—-                                      —–
https://URL1/                     urn:fancy1:fancy1
https://URL2/                     urn:fancy1:fancy1
https://URL3/                     urn:fancy1:fancy1
https://URL4/                     urn:fancy1:fancy1
https://URL5/                     urn:fancy1:fancy1
https://URL6/                     urn:fancy1:fancy1
https://URL7/                    urn:fancy1:fancy1

The urn:fancy1:fancy1 provider realm matches the ADFS relying party I had setup before. Now my site works…

 

 

 

 

Advertisements

SharePoint 2016 RTM Install

While I am generally excited about SharePoint 2016, going through an RTM build of any Microsoft product is not without issues. Going through the install, I will list out any issues that I find to mitigate troubleshooting for the next lost soul or any major differences.

In lieu of the Windows Server, active directory and SQL (Maybe?) install, just focusing on SharePoint for this one. Think single server… maybe because I am lazy, also due to the fact this won’t be anything but a playground for a few months.

//////////////////////////////////////////////////////////////////////////////////

Prerequisite Install
Error: Update for Microsoft .NET Framework to disable RC4 in Transport Layer Security (KB2898850): Installation error

2015-10-06 12:38:36 – Check whether the following prerequisite is installed:
2015-10-06 12:38:36 – Update for Microsoft .NET Framework to disable RC4 in Transport Layer Security (KB2898850)
2015-10-06 12:38:36 – The following file does not exist:
2015-10-06 12:38:36 – C:\Windows\servicing\Packages\Package_41_for_KB2898850~31bf3856ad364e35~amd64~~6.3.1.2.cat

Result: Missing file. Download (Link). Installed manually. Ran the prerequisite installer, completed successfully.

//////////////////////////////////////////////////////////////////////////////////

Default folder is 16.0

C:\Program Files\Microsoft Office Servers\16.0\Data

//////////////////////////////////////////////////////////////////////////////////

Still have the 14, 15 and 16 folder

SP2016_Folders

//////////////////////////////////////////////////////////////////////////////////

Database Access Account.. previously the account executing psconfig.exe was used to access the server and create databases and apply access. Now the account is specified inside the wizard.

And yes, using SQL Alias here, SQL is pointing to the local machine.

SP2016_SQL_New_Farm

//////////////////////////////////////////////////////////////////////////////////

MinRole Options

SP2016_MinRole

I choose custom, mostly because I want to see what I get from it. Without listing what MinRole provides for the other options.

As I suspected, there were no additional options in the PSConfig wizard. Most of you should be selecting custom to get the most out of server infrastructure. However, for you medium to large organizations that may have dedicated Search or DistCache servers, my hats off to you.

//////////////////////////////////////////////////////////////////////////////////

Same old story… Microsoft, please let us name our databases. You let us for some, not all, if inconsistency is what your looking for, you win. DBA Fail.

SP2016_Admin_DB

//////////////////////////////////////////////////////////////////////////////////

After install, admin DB needs an upgrade. Ran PSConfig, no change. Look into this later…

SP2016_Admin_DB_Compatible

Yup, needs upgrade.

SharePoint_AdminContent_9d149a75-48fd-4d01-b14e-78fe5414b515
Microsoft.SharePoint.Administration.SPContentDatabase
5
Needs Upgrade

//////////////////////////////////////////////////////////////////////////////////

Role conversation, back to the initial install, choose wisely.

Central Admin > System Settings > Servers (Section) > Convert Server Role in this Farm

SP2016_Server_Role_Convert

/////////////////////////////////////////////////////////////////////////////////

They added port specification and SSL to outgoing SMTP

SP2016_SMTP

/////////////////////////////////////////////////////////////////////////////////

Servers in compliance. Whew!

SP2016_Compliance

/////////////////////////////////////////////////////////////////////////////////

No default content sources.

SP2016_Search_Sources

/////////////////////////////////////////////////////////////////////////////////

I am not seeing any major changes in the UI. I have more investigation to do on the backend services which will likely be a separate post.