tag:blogger.com,1999:blog-4018181297398983593.post2634427469111806495..comments2023-02-20T06:03:53.354-05:00Comments on The Free Loder: ADFS 2.0 Event ID 248 and 364: An unsecured or incorrectly secured fault was receivedDavid Loderhttp://www.blogger.com/profile/15741815450513900329noreply@blogger.comBlogger18125tag:blogger.com,1999:blog-4018181297398983593.post-71855711354498599482016-02-08T15:08:09.709-05:002016-02-08T15:08:09.709-05:00Thanks a lot! Took me about 6 hours before I ran i...Thanks a lot! Took me about 6 hours before I ran into this solution which temporarily took down our internal users (which is why I didn't try it previously). Anonymoushttps://www.blogger.com/profile/13343301080549548268noreply@blogger.comtag:blogger.com,1999:blog-4018181297398983593.post-90616066954234192492015-09-28T11:56:11.461-04:002015-09-28T11:56:11.461-04:00This solution was so so helpful to me as well. It ...This solution was so so helpful to me as well. It took me an entire day researching until I landed on this post. Glad the issue occurred on our Development ADFS farm before making cert renewal on ADFS Production Farm and ProxiesAnonymoushttps://www.blogger.com/profile/11254728342291477123noreply@blogger.comtag:blogger.com,1999:blog-4018181297398983593.post-51195616222112732582015-04-06T08:55:09.969-04:002015-04-06T08:55:09.969-04:00Ditto here - great post! It saved our bacon. Tha...Ditto here - great post! It saved our bacon. Thanks to your article our resolution time for this mysterious issue was reduced to under an hour.<br /><br />Thanks a bunch, David!Anonymoushttps://www.blogger.com/profile/12843033588814823715noreply@blogger.comtag:blogger.com,1999:blog-4018181297398983593.post-56943314636671924252014-10-30T09:13:44.443-04:002014-10-30T09:13:44.443-04:00Same here! Spent over 8 hours troubleshooting! Thi...Same here! Spent over 8 hours troubleshooting! This article made my day!Unknownhttps://www.blogger.com/profile/10555251278376772341noreply@blogger.comtag:blogger.com,1999:blog-4018181297398983593.post-4501285179072879012014-10-21T22:43:52.211-04:002014-10-21T22:43:52.211-04:00Great post this was killing me for an entire day!Great post this was killing me for an entire day!broonsterhttps://www.blogger.com/profile/14400150087080195370noreply@blogger.comtag:blogger.com,1999:blog-4018181297398983593.post-49871194898568162782014-09-20T05:30:39.686-04:002014-09-20T05:30:39.686-04:00We had same errors on one of our proxy servers, I ...We had same errors on one of our proxy servers, I see we tried everything suggested here but still - this didnt solve our issue. What DID solve it was that we suddenly discovered a mismatch on the clock/time on this proxy server compared to the rest. It was 4 min out of sync. Corrected that and tested and everything working smoothly.Remi Kristoffersenhttps://www.blogger.com/profile/10028586718261812428noreply@blogger.comtag:blogger.com,1999:blog-4018181297398983593.post-34601334185320263022014-09-03T20:15:45.235-04:002014-09-03T20:15:45.235-04:00Me too! I sent myself a calendar invite for 3 yea...Me too! I sent myself a calendar invite for 3 years from now to reboot those ADFS Services.Anonymoushttps://www.blogger.com/profile/15189498030778891802noreply@blogger.comtag:blogger.com,1999:blog-4018181297398983593.post-66791063981515133922014-05-16T00:15:29.935-04:002014-05-16T00:15:29.935-04:00Great post mate, helped me ultimately resolve an i...Great post mate, helped me ultimately resolve an issue relating to the proxy server not communicating after a token decrypting cert change. Thanks again!!Chrishttps://www.blogger.com/profile/12980097388803141925noreply@blogger.comtag:blogger.com,1999:blog-4018181297398983593.post-16875876688866774132014-04-11T18:34:40.181-04:002014-04-11T18:34:40.181-04:001 more 'thank you' from another user with ...1 more 'thank you' from another user with the same problem, same fix.Reuben Najerahttps://www.blogger.com/profile/09752032274857759747noreply@blogger.comtag:blogger.com,1999:blog-4018181297398983593.post-51081376795636715862014-03-25T18:42:26.701-04:002014-03-25T18:42:26.701-04:00Hi, exactly same issue today, after signing certif...Hi, exactly same issue today, after signing certificate renewal. Renewing the Proxy Trusts did fix the issue during a couple of hours, but after a while, problem appears back. Restarting ADFS Services on the back end farm servers fixed also our issue. Thank you for sharing. I didn't thought about restarting adfs services on the farm members !!Olivier & Emiliehttps://www.blogger.com/profile/10571822936022054198noreply@blogger.comtag:blogger.com,1999:blog-4018181297398983593.post-76621351146118025762013-10-10T10:19:24.461-04:002013-10-10T10:19:24.461-04:00Same thing happen here as well; We had to reboot t...Same thing happen here as well; We had to reboot the services on the application servers.Yamminehttps://www.blogger.com/profile/02578401311912670861noreply@blogger.comtag:blogger.com,1999:blog-4018181297398983593.post-61438546477929008362013-08-02T09:37:23.951-04:002013-08-02T09:37:23.951-04:00Same thing happened to me with after we had to cre...Same thing happened to me with after we had to create a new token signing certificate for Office 365. The sad thing is I did restart the ADFS primary server after creating the certificate, but I think the problem happened as it auto rolled to using the newly created as primary a week later. Guess I should have set it to primary right away. <br /><br />Much thanks from me as well for posting this solution. Nathan R.https://www.blogger.com/profile/04897696944766878928noreply@blogger.comtag:blogger.com,1999:blog-4018181297398983593.post-92017667799361791462013-07-30T11:02:29.027-04:002013-07-30T11:02:29.027-04:00I had the same fault occur in my environment (two ...I had the same fault occur in my environment (two STS, two proxies). Same resolution. Frustrating, because we were using auto-rollover. This was not a manual certificate change. I had expected automatic rollover to obviate the need for a service restart at the time of certificate promotion. Why have "automatic" rollover if you need to intervene manually to restart the STS services?Tom K.https://www.blogger.com/profile/16629269890127917716noreply@blogger.comtag:blogger.com,1999:blog-4018181297398983593.post-14329340207233775332013-06-20T12:46:49.407-04:002013-06-20T12:46:49.407-04:00We also had a customer with this issue... updated ...We also had a customer with this issue... updated the communication and signing certificates, and left the original certs as secondaries. To fix I revoked all proxies, re-ran the proxy configuration wizard, and restarted the ADFS windows service on both ADFS internal and proxy servers. It wouldn't work without the ADFS service restarts... Event ID 284.<br /><br />David, thanks so much for posting the solution.Anonymoushttps://www.blogger.com/profile/12506131074496309209noreply@blogger.comtag:blogger.com,1999:blog-4018181297398983593.post-57305122068217999112013-01-26T10:25:25.909-05:002013-01-26T10:25:25.909-05:00Thanks for the reply Adam. Unfortunately our outa...Thanks for the reply Adam. Unfortunately our outage shows that documented behavior is not correct as we did not remove a certificate. We only promoted a new signing certificate to primary, and yet the fault occurred. We are actually still waiting to hear back on root cause analysis from our PFE.David Loderhttps://www.blogger.com/profile/15741815450513900329noreply@blogger.comtag:blogger.com,1999:blog-4018181297398983593.post-24246272510263405762013-01-25T15:32:43.125-05:002013-01-25T15:32:43.125-05:00Hi David,
We noticed that you updated the 'ho...Hi David,<br /><br />We noticed that you updated the 'how-to' article on the TechNet Wiki regarding proxy trust issues. This behavior is actually by design, and a service restart is not required if the steps are followed correctly. Here's why:<br /><br />1. Proxy trust is simply a SAML assertion that is signed and encrypted using the AD FS signing and decryption certs<br />2. If you replace either the signing, the decryption, or both certificates, you must leave the OLD certificates in place as Secondary certificates until you are sure of two things:<br /> a. All users' SSO sessions signed and/or encrypted using the OLD certs have ended<br /> b. All FS proxy servers have renewed their trust and received a new trust token which is signed and encrypted based on the NEW certs.<br />3. If you remove the OLD certs completely from the AD FS MMC, then the proxy cannot service proxy requests since you've taken away its means of authenticating against the internal FS.<br /><br />The article states: <br />Leave the old certificate as secondary for rollover purposes. You should plan to remove the old certificate once you are confident it is no longer needed for rollover, or when the certificate has expired.<br /><br />I will remove the additions you made to the article, and update the above sentences to show that this affects SSO users as well as proxy trust.<br /><br />Thank you,<br />Adam Conkle - MSFTAnonymoushttps://www.blogger.com/profile/02986650632794111524noreply@blogger.comtag:blogger.com,1999:blog-4018181297398983593.post-86912486893780556572012-11-29T16:51:10.810-05:002012-11-29T16:51:10.810-05:00Me too, and the same fix helped me. Had googled fo...Me too, and the same fix helped me. Had googled for hours on other solutions. Thanks for sharing. Ghttps://www.blogger.com/profile/03077508926889959675noreply@blogger.comtag:blogger.com,1999:blog-4018181297398983593.post-12744312391072909422012-11-06T17:26:41.851-05:002012-11-06T17:26:41.851-05:00Hello,
Our organization had the EXACT same thing...Hello,<br /><br /> Our organization had the EXACT same thing just happen to us, I was working with an MS escalation engineer on this and they at no time directed in restarting of the services on the non proxy farm members (Primary/Secondary ADFS servers). This looks to have had the same impact as it had for you at the time of your posting, were there any further notes from MS regarding your case or instructions to be performed that made this permanent?<br /><br />Nick M.Nick M.https://www.blogger.com/profile/02966315950748423547noreply@blogger.com