I'm facing an issue when trying to send emails from SharePoint, I get one of the error messages below:
An operation failed because the following certificate has validation errors:
Subject Name: CN=mailservername
Issuer Name: CN=mailservername
Thumbprint: 645B2D4B72573478DBD162F39AAE0260B25F6582
Errors: SSL policy errors have been encountered. Error code '0x6'..
An operation failed because the following certificate has validation errors:
Subject Name: CN=mailservername
Issuer Name: CN=mailservername
Thumbprint: 645B2D4B72573478DBD162F39AAE0260B25F6582
Errors: The root of the certificate chain is not a trusted root authority..
I have a single server farm, with SharePoint server 2016
When I configured the outgoing emails with the exchange server as provided by the IT team (mail.organizationname.gov.xx) or the server IP, I get the first error message.
When I configured it with the mail server name as mentioned in the error (either as is, or with domain (FQDM)) I get the second error !
Any help would be highly appreciated
Thank you
I have received a good answer on a question I posted on sharepoint.stackexchange:
https://sharepoint.stackexchange.com/a/257970/40065
From which I learned that the actual problem (In my case) was only on PowerShell "SendEmail" method, and SharePoint itself was working fine with emails
P.S: the answer contains a link to a comprehensive Microsoft Technet blog which covers Configuring TLS encryption between SharePoint on-premise and Exchange
Related
I am trying to use an AWS single sign on script from my company to log into aws using the internal Azure Platform. When trying to log into the platform using SSO, I receive the following error messages:
Logging in to Azure AD...
Please enter your username(email address): test#company.com
Please enter your password: ********
Login failed: Authorization failed, please activate company's VPN.
The logs of the sso script show me this information:
2022-07-11 11:57:42,042 auth_with_adfs 207 | DEBUG | loginMessage: Authorization failed
2022-07-11 11:57:42,042 log_in_to_aad 174 | ERROR Login failed: Authorization failed, please activate your company's VPN.
I have activated the VPN so that is not the issue.
By looking at the internals of the files that raise those errors I found out that during the failed login process the login page for the Microsoft Office 365 Identity Platform is returned.
The login webpage tells me that I receive the following error when logging in with my credentials:
Error details: MSIS7012: An error occurred while processing the request. Contact your administrator
My POST request seems to be redirected with a 302 code and GET the login page with a 200 OK response.
So I can tell that I get stuck during the login process and according to the error message it is an authorization issue. My credentials are correct so I am wondering what needs to be changed here to get correct access? Is there some permissions missing I should have a closer look at? Do I need to make changes in AzureAD somehow?
Thanks in advance for looking into this, I know the information is sparse but I hope it is enough.
We're trying to use a client certificate to authenticate when calling an OData service in SAP S/4HANA. And we're calling from an azure APIM instance. As certificate we've created a self-signed certificate and configured SAP S/4HANA according to this blog (https://blogs.sap.com/2020/05/03/x.509-certificate-based-logon-to-odata-services/)
Then we test this from the browser it works like a charm.
But calling from azure APIM we get the following response from SAP S/4HANA:
<?xml version="1.0" encoding="utf-8"?> <error xmlns:xsi="http://www.w3.org/2001/XMLSchema-Instance">
<code>HTTP/404/E/Not Found</code>
<message> Service /sap/opu/odata/sap/xxxxyyyy/xxyyzz call was terminated because the corresponding service is not available.The termination occurred in system UFI with error code 404 and for the reason Not found. Please select a valid URL. If it is a valid URL, check whether service /sap/opu/odata/sap/xxxxyyyy/xxyyzz is active in transaction SICF. If you do not yet have a user ID, contact your system administrator. </message>
SAP S/4HANA support says that then calling from browser they can 'see' certificate in payload but then calling from APIM, the payload is 'empty'.
I've got the trace logs from the SAP S/4HANA gateway server and I've noticed this subtly difference calling from browser vs calling from APIM:
Browser call (successfull):
[Thr 140708195055360] HttpModGetDefRules: determined the defactions: COPY_CERT_TO_MPI (1)
APIM call (failed):
[Thr 140708197697280] HttpModGetDefRules: determined the defactions: NOTHING (0)
So the certificate is obviously reaching SAP S/4HANA gateway server but not the SAP S/4HANA Odata server. So somehow, for some reason it's lost on the SAP S/4HANA gateway server only then it comes from azure APIM.
I've tried to make the calls 100% identical (same headers same values) but I can't control the way the certificate is added in azure apim or can one ?
I read that one can set the certificate body using policy below:
<authentication-certificate body="#(context.Variables.GetValueOrDefault<byte[]>("byteCertificate"))" password="optional-certificate-password" />
but I can't figure out how to get a proper value for "byteCertificate".
Has anyone done this? Or has anyone had a similar issue?
We finally found the solution!
Thanks to microsoft APIM support team, thanks a lot :)
APIM acts like a reverse proxy and adds headers related to this role. The header "X-Forwarded-For" causes SAP to deny the request with the above misleading error message. We found a solution that SAP could configure:
ICM parameter "icm/HTTPS/accept_ccert_for_x_forwarded_for_requests" has to be set to "true" - per default it's set to "false".
(The header can't be deleted with a policy on APIM side.)
I'm trying to register my bot on the email channel.
I got the error "unable to save" or "Unable to validate the given credentials. iD : anId".
If I look in the inspector I got this :
mBbZ2BiSKVEt.js?compression=gzip2:29 [Microsoft_Azure_BotService] 5:33:57 PM MsPortalFx.Base.Diagnostics.ErrorReporter 1 MsPortalFx.Base.Diagnostics.ErrorReporter: _errorData: undefined
_sourceErrorLevel: undefined
baseTypes: ["MsPortalFx.Errors.AjaxError","MsPortalFx.Errors.Error"]
code: undefined
data: {"type":"POST","requestId":"myId","sessionId":"mySessionId","status":404,"statusText":"error","duration":40.30000000074506}
errorLevel: 2
errorThrown:
extension: Microsoft_Azure_BotService
handled: undefined
innerErrors: []
jqXHR: {"readyState":4,"responseText":"Cannot POST /api/ClientTrace?defaultCloudName=azure&extensionName=Microsoft_Azure_BotService&pageVersion=1.0.0.32&l=en.en-us&trustedAuthority=portal.azure.com&cacheability=3\n","status":404,"statusText":"error"}
message: ajaxExtended call failed
name: Error
source: undefined
stack: null
textStatus: error
timestamp: 3814640.800000001
type: MsPortalFx.Errors.AjaxError
Is this related to my company network or something in azure ? What could I do ?
Thanks in advance
Edit : here is what I got with the github Eric provided :
the same problem was bothering me,
I tried,
onmicrosoft.com
#hotmail.com
#outlook.com
domains but no luck. Then I tried my company domain given by Mircosoft and it worked.
It's not a matter of a free Azure subscription, it's about the Office 365 subscription.
the error "unable to save" or "Unable to validate the given credentials
I can reproduce the issue on my side if I configure Email channel with other email services (not Office 365 email).
The Email channel currently works with Office 365 only. Please make sure you are using Office 365 email and entering valid Office 365 credentials.
Besides, similar issue is reported in this github issue:Configuring the Email Connector to Bot Framework, you can check it.
getting this error for my azure app service (using node), when doing google authentication:
PID[8116] Warning JWT validation failed: IDX10501: Signature validation failed. Key tried: 'System.IdentityModel.Tokens.RsaSecurityKey'.
Not sure where to go from here. Any help appreciated!
I noticed the same issue starting last night with an azure mobile app service on .Net:
Microsoft.Azure.AppService.Authentication Warning: 0 :
JWT validation failed: IDX10501: Signature validation failed.
Key tried: 'System.IdentityModel.Tokens.RsaSecurityKey'.
token: '{"alg":"RS256","kid":"fdcaa63240ed28eae381d1643d4cc9356dc397eb"}
I have not found a solution, but right not it seems to me, as if it is somehow related to the kid. The error (to me, currently) only seems to occur, when the kid for the id_token is the one from the error message and not one of the other 3 from here.
Can you confirm if that's the case for you too?
I try to push/sync a IIS Site from a Win2003 Server to another.
This is my command:
msdeploy -verb:sync -source:metakey=lm/w3svc/68512112 -dest:metakey=lm/w3svc/68512112,computername=backup-09,username=Administrator,password=PASSWORD -whatif > msdeploysync.log
I also tried the following
msdeploy -verb:sync -source:metakey=lm/w3svc/68512112 -dest:metakey=lm/w3svc/68512112,computername=backup-09,username=BACKUP-09\Administrator,password=PASSWORD -whatif > msdeploysync.log
I also tried
msdeploy -verb:sync -source:metakey=lm/w3svc/68512112 -dest:metakey=lm/w3svc/68512112,computername=backup-09,username=Administrator#BACKUP-09,password=PASSWORD -whatif > msdeploysync.log
This is the error:
Fatal: Request to remote agent URL 'http://backup-09/MSDEPLOYAGENTSERVICE'
failed.
Fatal: The remote server returned an error: (401) Unauthorized.
Fatal count: 1
I did run msdeploy/cmd as an
administrator.
I did try to access
http://backup-09/MSDEPLOYAGENTSERVICE,
it asked for my permissions, I
entered the credentials above, it
worked (empty site displayed).
This is Beta 2 of MSDeploy
Can anyone help me?
I now even set up a domain controller for all the servers... still the same issues, whether I'm logged in as a domain controller, supply the local accounts, all variations trigger a 401
Note that there is a bug in Web Deploy 2.0 (even the refresh) that does not allow users within the admin group to authenticate. Only domain admins and the administrator account itself can authenticate to web deploy. See the ERROR_USER_NOT_ADMIN error code on the following page: http://learn.iis.net/page.aspx/1023/web-deploy-error-codes/
Msdeploy appears to use NTLM authentication by default, even if userName and password are present. To enable the correct processing of "userName" and "password", append the following to the relevant source: or dest: parameters: ",authType=basic"
I got this error because UAC was turned on (Windows Server 2008).
Need to turn off UAC for remote connections:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy=1
This key helped me on another server (Windows Server 2012):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WebManagement\Server\WindowsAuthenticationEnabled=1
Michael12345 suggested it here: https://stackoverflow.com/a/15059759/991267
This is a really old question, but I may have found an answer.
I was getting the 401 Unauthorized error message, but still able to login using the account specified in the call to MSDeploy, as described in the question.
In my case, the problem was solved by giving the deploy account admin privileges on the machine being deployed too.
(I see that you were using an account called Administrator, so this might not be the case for you - but I had the same symptoms so wanted to post anyway).
I've just experienced a 401 and ERROR_USER_NOT_ADMIN. In my case, the problem was I was using a hostname set in my hosts file (also in the hosts file on the destination machine) for the computerName setting to the -dest: parameter. NTLM was trying to treat this host name as the domain part of the username (e.g. hostname\userName). Changing this to the IP address or or real machine name fixed the issue.
I did not have this type of error before but in Visual Studio 2015 Update 3 when create a new ASP.NET Core application the default publish profile does not work.
I did find a solution. For me adding the
<AuthType>NTLM</AuthType>
line in the .pubxml file fixed the issue.