Solve JWT WAP authentication problems

Solve JWT authentication errors with ADFS and Windows Azure Pack.

John Savill

September 8, 2016

1 Min Read
Solve JWT WAP authentication problems

Q. I am receiving an error authenticating with Windows Azure Pack for the tenant and management portals with a 500 error and a JWT10329 detailed error.

A. Ensure you have an up-to-date certificate on your ADFS server. The certificates can be viewed in the ADFS management portal under Service - Certificates. If the certificate has expired request a new certificate, use the Set Service Communications Certificate action to update it and then also use PowerShell to update. The PowerShell below lists the certificates to get the thumbprint then configure it to be used by SSL

PS C:> dir cert:localmachinemyDirectory: Microsoft.PowerShell.SecurityCertificate::localmachinemyThumbprint Subject---------- -------085F0D04CEB4A3CC95232FDCDCB83BE2F16F9199 CN=savdaladfs01.savilltech.netPS C:> Set-AdfsSslCertificate -Thumbprint 085F0D04CEB4A3CC95232FDCDCB83BE2F16F9199PS C:> Get-AdfsSslCertificateHostName PortNumber CertificateHash-------- ---------- ---------------localhost 443 085F0D04CEB4A3CC95232FDCDCB83...savdaladfs01.savilltech.net 443 085F0D04CEB4A3CC95232FDCDCB83...savdaladfs01.savilltech.net 49443 085F0D04CEB4A3CC95232FDCDCB83...EnterpriseRegistration.savillt... 443 085F0D04CEB4A3CC95232FDCDCB83...

The next step is to ensure the ADFS configuration on the WAP server is correct. Change the connection string for your SQL server along with the name of your ADFS server. Running the commands below fixed the WAP authentication errors via ADFS in my environment.

Import-Module -Name MgmtSvcConfig$ConnectionString = 'Data Source=savdalsql01;Initial Catalog=Microsoft.MgmtSvc.Config;User ID=sa;Password=Pa55word'Set-MgmtSvcRelyingPartySettings -Target Tenant -MetadataEndpoint "https://savdaladfs01.savilltech.net/FederationMetadata/2007-06/FederationMetadata.xml" -ConnectionString $ConnectionString Set-MgmtSvcRelyingPartySettings -Target Admin -MetadataEndpoint 'https://savdaladfs01.savilltech.net/FederationMetadata/2007-06/FederationMetadata.xml' -ConnectionString $ConnectionStringSet-MgmtSvcIdentityProviderSettings -Target Membership -MetadataEndpoint 'https://savdaladfs01.savilltech.net/FederationMetadata/2007-06/FederationMetadata.xml' -ConnectionString $ConnectionString #-DisableCertificateValidationSet-MgmtSvcIdentityProviderSettings -Target Windows -MetadataEndpoint 'https://savdaladfs01.savilltech.net/FederationMetadata/2007-06/FederationMetadata.xml' -ConnectionString $ConnectionString #-DisableCertificateValidation

 

About the Author(s)

John Savill

John Savill

https://savilltech.net

See more from John Savill
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up

You May Also Like

Editor's Choice

cybersecurity operator or hacker works with data in dark room
IT Security
Master AI Cybersecurity: Protect and Enhance Your NetworkMaster AI Cybersecurity: Protect and Enhance Your Network
byBrien Posey
May 21, 2024
5 Min Read
business person stamping a document
IT Operations
How to Get Executive Buy-In for IT ProjectsHow to Get Executive Buy-In for IT Projects
byChristopher Tozzi
May 28, 2024
6 Min Read
yellow block stuck in between blue cog wheels
PowerShell
Using ChatGPT as a PowerShell Debugging ToolUsing ChatGPT as a PowerShell Debugging Tool
byBrien Posey
Jun 4, 2024
4 Min Read