I'm new to Azure Biztalk Service. While creating SQL LOB in Azure BizTalk Adapter Service (localhost:8080),
I got the below errors.
Service Bus in Azure now has only SAS, What's the Issuer name of service bus in LOB Setting? I used SAS account and got the below security token error.
500
Code: '13'
Message: 'Error occurred while trying to bring up the relay service. Error Message: 'The request was aborted: The request was canceled.
Server Error in '/elainedev_orderproce~_e1ccffe4ff14482ba3578aece913d975' Application.
The request was aborted: The request was canceled.
Description:
An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details:
System.Net.WebException: The request was aborted: The request was canceled.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[WebException: The request was aborted: The request was canceled.]
System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context) +334
System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult) +21
Microsoft.ServiceBus.TokenRequestAsyncResult.<GetAsyncSteps>b__4(TokenRequestAsyncResult thisPtr, IAsyncResult r) +25
Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.EnumerateSteps(CurrentThreadType state) +881
[SecurityTokenException: The token provider was unable to provide a security token while accessing 'https://elainedev-sb.accesscontrol.windows.net/WRAPv0.9/'. Token provider returned message: 'The request was aborted: The request was canceled.'.]
Microsoft.ServiceBus.Common.AsyncResult.End(IAsyncResult result) +774
Microsoft.ServiceBus.RelayedOnewayTcpListenerClient.Connect(TimeSpan timeout) +425
Microsoft.ServiceBus.RelayedOnewayTcpClient.EnsureConnected(TimeSpan timeout, Boolean isRetry) +589
Microsoft.ServiceBus.RelayedOnewayTcpClient.OnOpen(TimeSpan timeout) +12
System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) +307
Microsoft.ServiceBus.RelayedOnewayTcpListener.OnOpen(TimeSpan timeout) +15
Microsoft.ServiceBus.Channels.RefcountedCommunicationObject.Open(TimeSpan timeout) +435
Microsoft.ServiceBus.RelayedOnewayChannelListener.OnOpen(TimeSpan timeout) +117
System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) +307
System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan timeout) +73
System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) +307
System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout) +130
System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) +307
Microsoft.ServiceBus.RelayedSocketListener.Open(TimeSpan timeout) +15
Microsoft.ServiceBus.Channels.BufferedConnectionListener.Open(TimeSpan timeout) +23
Microsoft.ServiceBus.SocketConnectionTransportManager.OnOpen(TimeSpan timeout) +584
Microsoft.ServiceBus.Channels.TransportManager.Open(TimeSpan timeout, TransportChannelListener channelListener) +572
Microsoft.ServiceBus.Channels.TransportManagerContainer.Open(TimeSpan timeout, SelectTransportManagersCallback selectTransportManagerCallback) +210
Microsoft.ServiceBus.Channels.TransportChannelListener.OnOpen(TimeSpan timeout) +104
Microsoft.ServiceBus.Channels.ConnectionOrientedTransportChannelListener.OnOpen(TimeSpan timeout) +63
Microsoft.ServiceBus.SocketConnectionChannelListener`2.OnOpen(TimeSpan timeout) +63
System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) +307
Microsoft.ServiceBus.Channels.LayeredChannelListener`1.OnOpen(TimeSpan timeout) +81
System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) +307
System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan timeout) +73
System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) +307
System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout) +130
System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) +307
System.ServiceModel.HostingManager.ActivateService(ServiceActivationInfo serviceActivationInfo, EventTraceActivity eventTraceActivity) +130
System.ServiceModel.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath, EventTraceActivity eventTraceActivity) +740
[ServiceActivationException: The service '/elainedev_orderproce~_e1ccffe4ff14482ba3578aece913d975/RuntimeService.svc' cannot be activated due to an exception during compilation. The exception message is: The token provider was unable to provide a security token while accessing 'https://elainedev-sb.accesscontrol.windows.net/WRAPv0.9/'. Token provider returned message: 'The request was aborted: The request was canceled.'..]
System.Runtime.AsyncResult.End(IAsyncResult result) +466
System.ServiceModel.ServiceHostingEnvironment.EnsureServiceAvailableFast(String relativeVirtualPath, EventTraceActivity eventTraceActivity) +100
System.ServiceModel.Activation.HostedHttpRequestAsyncResult.End(IAsyncResult result) +241
System.ServiceModel.Activation.ServiceHttpModule.EndProcessRequest(IAsyncResult ar) +39
System.Web.AsyncEventExecutionStep.OnAsyncEventCompletion(IAsyncResult ar) +166
Version Information:
Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.6.57.0'.'
You can still use ACS authentication for Service Bus if you create the Service Bus namespace using Powershell. See https://msdn.microsoft.com/en-us/library/azure/dn170478.aspx.
Solution:
Go to Azure PowerShell
PS C:\> Get-AzurePublishSettingsFile
PS C:\> Import-AzurePublishSettingsFile "C:\mine.publishsettings"
PS C:\> Get-AzureSubscription
PS C:\> Select-AzureSubscription "Visual Studio Ultimate with MSDN"
PS C:\> New-AzureSBNamespace -Name elainedev1 -Location "East Asia" -CreateACSNamespace $true -NamespaceType Messaging
Notice it's only used to create a new service bus namespace, cannot create ACS account for existing service bus.
Related
I am trying to retrieve the Azure AD B2C users sign-in audit logs, but its throw below error
var signIns = await _graphClient.AuditLogs.SignIns
.Request()
.GetAsync();
fail:
Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware[1] An unhandled exception has occurred while executing the request.
Status Code: Forbidden
Microsoft.Graph.ServiceException: Code: Authentication_RequestFromNonPremiumTenantOrB2CTenant
Message: Neither tenant is B2C or tenant doesn't have premium license
Inner error:
AdditionalData:
date: 2020-10-05T10:12:34
request-id: 1740dcc7-3ffd-4d81-a721-a18e3fee0e1a
client-request-id: 1740dcc7-3ffd-4d81-a721-a18e3fee0e1a
ClientRequestId: 1740dcc7-3ffd-4d81-a721-a18e3fee0e1a
at Microsoft.Graph.HttpProvider.SendAsync(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationToken cancellationToken)
at Microsoft.Graph.BaseRequest.SendRequestAsync(Object serializableObject, CancellationToken cancellationToken, HttpCompletionOption completionOption)
at Microsoft.Graph.BaseRequest.SendAsync[T](Object serializableObject, CancellationToken cancellationToken, HttpCompletionOption completionOption)
at Microsoft.Graph.AuditLogRootSignInsCollectionRequest.GetAsync(CancellationToken cancellationToken).
Thanks in advance
This is accessing sign-in reports requires an Azure Active Directory premium 1 (P1) license.
Check it in Azure Portal Licenses.
I have a multi-tenant Azure AD application. It has been running fine for over a year. Let's say that the App is published by the "corp" Azure AD tenant. If I log into the app with an account from the "corp" tenant, the application works as expected. However, if I access the application with an account from a different tenant, I get an error saying
"Device Certificate was not found for Cert
Authorities:OU=82dbaca4-3e81-46ca-9c73-0950c1eaca97,CN=MS-Organization-Access,DC=windows,DC=net"
I found this article that looks very similar to the problem I am seeing. We recently enabled Conditional Access in the "corp" Azure AD tenant, but not specifically for this application. I tried updating ADAL to version 3.19.2 but the error persists.
The application does work in my dev environment with a test Azure AD. I think there is some sort of issue going on between ADAL on the Conditional Access Policy of my Corp AAD tenant. However, since there is no CA policy for this app in particular, I am not even sure why it would try to access a device cert to verify if the device was registered in AAD.
Error Details
Description:
An unhandled exception occurred during the execution of the current
web request. Please review the stack trace for more information about
the error and where it originated in the code.
Exception Details:
Microsoft.IdentityModel.Clients.ActiveDirectory.AdalException: Device
Certificate was not found for Cert
Authorities:OU=82dbaca4-3e81-46ca-9c73-0950c1eaca97,CN=MS-Organization-Access,DC=windows,DC=net
Full Stack Trace:
[AdalException: Device Certificate was not found for Cert Authorities:OU=82dbaca4-3e81-46ca-9c73-0950c1eaca97,CN=MS-Organization-Access,DC=windows,DC=net]
Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Platform.DeviceAuthHelper.FindCertificateByCertAuthorities(IDictionary`2 challengeData, X509Certificate2Collection certCollection) +710
Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Platform.DeviceAuthHelper.FindCertificate(IDictionary`2 challengeData) +138
Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Platform.<CreateDeviceAuthChallengeResponseAsync>d__2.MoveNext() +144
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +68
Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Http.<HandleDeviceAuthChallengeAsync>d__25`1.MoveNext() +479
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +68
Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Http.<GetResponseAsync>d__22`1.MoveNext() +3220
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +68
Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Http.<GetResponseAsync>d__21`1.MoveNext() +359
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +68
Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.<SendHttpMessageAsync>d__72.MoveNext() +401
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +68
Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.<SendTokenRequestAsync>d__69.MoveNext() +415
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +68
Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.<CheckAndAcquireTokenUsingBrokerAsync>d__59.MoveNext() +605
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +68
Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.<RunAsync>d__57.MoveNext() +4005
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +68
Microsoft.IdentityModel.Clients.ActiveDirectory.<AcquireTokenCommonAsync>d__37.MoveNext() +451
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +68
Microsoft.IdentityModel.Clients.ActiveDirectory.<AcquireTokenAsync>d__0.MoveNext() +313
[AggregateException: One or more errors occurred.]
System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification) +116
AvanadeExternalAccess.Utils.AzureADAuthHelper.GetAuthResult() +397
AvanadeExternalAccess.Utils.InvitationManager.GetUrl(Invitation Invite) +24
AvanadeExternalAccess.Controllers.HomeController.Index() +616
lambda_method(Closure , ControllerBase , Object[] ) +87
System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) +1180
System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +1366
System.Web.Mvc.Async.AsyncControllerActionInvoker.<BeginInvokeSynchronousActionMethod>b__39(IAsyncResult asyncResult, ActionInvocation innerInvokeState) +40
System.Web.Mvc.Async.WrappedAsyncResult`2.CallEndDelegate(IAsyncResult asyncResult) +74
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +43
System.Web.Mvc.Async.AsyncInvocationWithFilters.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3d() +72
System.Web.Mvc.Async.<>c__DisplayClass46.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3f() +385
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult) +43
System.Web.Mvc.Async.<>c__DisplayClass2b.<BeginInvokeAction>b__1c() +30
System.Web.Mvc.Async.<>c__DisplayClass21.<BeginInvokeAction>b__1e(IAsyncResult asyncResult) +185
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) +39
System.Web.Mvc.Controller.<BeginExecuteCore>b__1d(IAsyncResult asyncResult, ExecuteCoreState innerState) +29
System.Web.Mvc.Async.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult) +70
System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +52
System.Web.Mvc.Async.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult) +36
System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) +39
System.Web.Mvc.MvcHandler.<BeginProcessRequest>b__5(IAsyncResult asyncResult, ProcessRequestState innerState) +43
System.Web.Mvc.Async.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult) +70
System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +39
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +649
System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) +213
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +131
That error only occurs for resources that are using Device Based Conditional in Azure A2. For example we have CA policies for Exchange Online and SharePoint Online, that for any location, the device must be either Compliant or Hybrid Azure-AD joined. However, this is where it gets complicated, any resource or application that is calling those services/applications where conditional access is applied, must also have the same or higher CA Policy to pass that header information to the resource you are accessing. That is in detail here.
This error could mean the user has conditional access enabled and requires a domain joined device. This scenario is not currently supported in ADAL at the moment. Guidance is to use only MFA and not require a domain joined device. ADAL does not have Windows 10 WAM certificate support, which would allow both domain joined devices and MFA for authentication. This is on the backlog. Vote for the issue here to help gauge impact and customer interest.
This error occurs because your VM is not joined to the Azure AD domain. If it was working before and then stopped working, it's because a new policy was implemented by your company.
I had a similar problem when running powershell scripts. I was trying to access AZ.KeyVault and Get-AzKeyVaultSecret. I also had issues when installing the On-Premises Data Gateway.
IMPORTANT: To execute the steps below, you must sign-in to the VM with an account that exists in the Azure AD, you may try using your personal account. If you are using a Service Account, it's most likely that the Service Account is not in the Azure AD.
To join the Azure AD Domain
Download Microsoft Workplace Join.
Install Workplace_x64.msi.
Open a Command Prompt (Run as Administrator), and type...
Type: cd "C:\Program Files\Microsoft Workplace Join"
Type: AutoWorkplace.exe /i
When prompted with
"This device is currently not joined to your organization's Azure AD domain.", click Join. If the VM is already joined "This device is currently Hybrid Azure AD joined to your organization's Azure AD domain for XXXXX", you can click Leave if you want to leave the domain.
Try again and it should work.
Cheers
I'm facing a problem with Azure Service Bus WCF Relay Service where the WCF client fails to get any result from the on-premise service that is behind a customer's firewall through WCF Relay. The WCF client is running on Azure as an Azure Cloud Service. The error message reported by the WCF client is:
System.ServiceModel.FaultException: 50200: None of the connected listeners accepted the connection within the allowed timeout. TrackingId:f11c6747-8628-44b3-9080-706e1a9122d5_G7, SystemTracker:xxxxxxxx.servicebus.windows.net:abc, Timestamp:2/21/2018 7:44:59 PM, Resource:sb://xxxxxxxx.servicebus.windows.net/abc
Server stack trace:
at
System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Client.RemoteService.Call(String parameter1, String parameter2)
...
From the on-premise WCF Service log file, there was no indication that the request ever made it.
I have the same WCF service running on different Azure WCF Relay Services behind other customers' firewalls. The others are working. This leads me to believe the problem is specific to the network environment behind this customer's firewall.
I searched for this type of problem with this specific error message but I couldn't find any. Similar dicussions are related to the 502 error code, but not 50200. Those discussions hinted around the proxy server setting. I have tried to set BasicHttpRelayBinding.UseDefaultWebProxy to false on the WCF Service. But that didn't solve the problem.
Here's the WCF Server side code:
ServiceBusEnvironment.SystemConnectivity.Mode = ConnectivityMode.Https;
var serviceAddress = ServiceBusEnvironment.CreateServiceUri("https",
"xxxxxxxx.servicebus.windows.net", "abc");
BasicHttpRelayBinding basicHttpRelayBinding = new BasicHttpRelayBinding();
basicHttpRelayBinding.UseDefaultWebProxy = false;
ServiceHost serverHost = new ServiceHost(typeof(MyService));
ServiceEndpoint serviceEndpoint = serverHost.AddServiceEndpoint(typeof(IMyService),
basicHttpRelayBinding, serviceAddress);
IEndpointBehavior endpointBehavior = new TransportClientEndpointBehavior
{
TokenProvider = TokenProvider.CreateSharedAccessSignatureTokenProvider(keyName,
keyValue)
};
serviceEndpoint.Behaviors.Add(endpointBehavior);
serverHost.Open();
Here's the WCF Client side code:
BasicHttpRelayBinding basicHttpRelayBinding = new BasicHttpRelayBinding();
basicHttpRelayBinding.UseDefaultWebProxy = false;
var cf = new ChannelFactory<T>(basicHttpRelayBinding,
new EndpointAddress(ServiceBusEnvironment.CreateServiceUri(
"https", "xxxxxxxx", "abc")));
IEndpointBehavior endpointBehavior = new TransportClientEndpointBehavior
{
TokenProvider = TokenProvider.CreateSharedAccessSignatureTokenProvider(keyName,
keyValue)
};
cf.Endpoint.Behaviors.Add(endpointBehavior);
var ch = cf.CreateChannel();
var response = ch.Call(parameter1, parameter2);
My questions are:
Has anyone run into a problem like this?
Given that I have no direct control over the network configuration behind the customer's firewall. What's the best way to diagnose problems like this? I can ask for help from the customer, but I need to tell them what to look for.
I'm trying to get the Azure Let's encrypt site plug in working for one of my Azure websites following the instructions at:
https://gooroo.io/GoorooTHINK/Article/16420/Lets-Encrypt-Azure-Web-Apps-the-Free-and-Easy-Way/20047#.VxUIbKgrKUl
but I'm getting an authorization error when I run it. I have no idea where to start looking to try and solve this and any help would be more than welcome.
The error is as follows:
Microsoft.Rest.Azure.CloudException: The client '{id}' with object id '{same id here??}' does not have authorization to perform action
'Microsoft.Web/sites/read' over scope '/subscriptions/{subscription id} /resourceGroups/Default-Web-NorthEurope/providers/Microsoft.Web/sites/{sitename}'.
at Microsoft.Azure.Management.WebSites.SitesOperations.d__29.MoveNext()
Update
It was an issue with the principles access to the web app.
I decided to follow through troy hunts walkthrough here:
https://www.troyhunt.com/everything-you-need-to-know-about-loading-a-free-lets-encrypt-certificate-into-an-azure-website/
Which is pretty good - he uses the old azure portal to set up the active directory which I found a bit more useful as I could actually see what was going on.
Anyway I've got all the way through the process right up to the actual certificate request and now I am getting a 403 server error returned:
The remote server returned an error: (403) Forbidden.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Net.WebException: The remote server returned an error: (403) Forbidden.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[WebException: The remote server returned an error: (403) Forbidden.]
System.Net.HttpWebRequest.GetResponse() +1390
ACMESharp.AcmeClient.RequestHttpPost(Uri uri, Object message) +642
[AcmeWebException: Unexpected error]
ACMESharp.AcmeClient.AuthorizeIdentifier(String dnsIdentifier) +435
LetsEncrypt.SiteExtension.Core.CertificateManager.Authorize(Target target) in c:\Projects\LetsEncrypt-SiteExtension\LetsEncrypt-SiteExtension\LetsEncrypt.SiteExtension.Core\CertificateManager.cs:518
LetsEncrypt.SiteExtension.Core.CertificateManager.Auto(Target binding) in c:\Projects\LetsEncrypt-SiteExtension\LetsEncrypt-SiteExtension\LetsEncrypt.SiteExtension.Core\CertificateManager.cs:441
LetsEncrypt.SiteExtension.Core.CertificateManager.RequestAndInstallInternal(Target target) in c:\Projects\LetsEncrypt-SiteExtension\LetsEncrypt-SiteExtension\LetsEncrypt.SiteExtension.Core\CertificateManager.cs:244
LetsEncrypt.SiteExtension.Controllers.HomeController.Install(RequestAndInstallModel model) +604
lambda_method(Closure , ControllerBase , Object[] ) +104
System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +14
System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) +169
System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +27
System.Web.Mvc.Async.AsyncControllerActionInvoker.<BeginInvokeSynchronousActionMethod>b__39(IAsyncResult asyncResult, ActionInvocation innerInvokeState) +22
System.Web.Mvc.Async.WrappedAsyncResult`2.CallEndDelegate(IAsyncResult asyncResult) +29
System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32
System.Web.Mvc.Async.AsyncInvocationWithFilters.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3d() +50
System.Web.Mvc.Async.<>c__DisplayClass46.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3f() +225
System.Web.Mvc.Async.<>c__DisplayClass33.<BeginInvokeActionMethodWithFilters>b__32(IAsyncResult asyncResult) +10
System.Web.Mvc.Async.WrappedAsyncResult`1.CallEndDelegate(IAsyncResult asyncResult) +10
System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult) +34
System.Web.Mvc.Async.<>c__DisplayClass2b.<BeginInvokeAction>b__1c() +26
System.Web.Mvc.Async.<>c__DisplayClass21.<BeginInvokeAction>b__1e(IAsyncResult asyncResult) +100
System.Web.Mvc.Async.WrappedAsyncResult`1.CallEndDelegate(IAsyncResult asyncResult) +10
System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) +27
System.Web.Mvc.Controller.<BeginExecuteCore>b__1d(IAsyncResult asyncResult, ExecuteCoreState innerState) +13
System.Web.Mvc.Async.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult) +29
System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49
System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +36
System.Web.Mvc.Controller.<BeginExecute>b__15(IAsyncResult asyncResult, Controller controller) +12
System.Web.Mvc.Async.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult) +22
System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49
System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) +26
System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.EndExecute(IAsyncResult asyncResult) +10
System.Web.Mvc.MvcHandler.<BeginProcessRequest>b__5(IAsyncResult asyncResult, ProcessRequestState innerState) +21
System.Web.Mvc.Async.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult) +29
System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49
System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +28
System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result) +9
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +9644037
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +155
After adding the App Registration, it is necessary to add it as a Role Assignment to the Resource Group with the role "Contributer".
If you forget this, you will get the above error message.
After doing this, please restart the App Service before trying to run Lets encrypt extension again.
For me, this problem came up when my ResourceGroup was not the same as my ServicePlanResourceGroup.
So if those are not equal, you need to add the App registration you created (The clientId you created the secret key for) to the ServicePlanResourceGroup in addition to the ResourceGroup.
I ran into the exact same exception and followed these steps to resolve it
Navigate to Subscriptions in Azure Portal
Select the subscription in which the App Service is hosted
Select Access Control (IAM)
Add a new entity
Select the role Contributor
Search after the Service Principal
Add the user
This immediately resolved the exception of insufficient access rights
Update Following the steps (5. Register Service Principal) be sure that you are signed in to the correct subscription. In my case I created the service principal in the wrong subscription hence the principal wasn't assigned correctly to the App Service in use
I ran into the same issue for a new Azure App Service. Turned out I had to actually deploy a web app before running the Let's Encrypt wizard. When the default Azure App Service landing page for an empty site is the content, the wizard isn't able to do its job.
it is the problem with the access. Please check 5. Register a Service Principal part of the article you mentioned. Do you have the same ApplicationId when that part was done with the ApplicationId on the LetsEncrypt page? The same secret? Check it, because it looks like something wrong with that step.
P.S. I have just checked that walkthrough without the error you mentioned.
I ran into the same problem.
I solved it by not specifying the custom domain (e.g. lybecker.com) in the Azure Let's Encrypt site extension configuration, but using full lybecker.onmicrosoft.com
I recently managed to get Office Web apps configured with my sharepoint dev environment and am having this issue with just excel documents.
When I create or edit an excel document in the browser, I get the error:
"We're not able to contact the server. It might not be responding, or your internet connection may have been interrupted. Please try again."
Vague I know. Looking at the error from the event viewer below, does anyone have an idea as to what is causing it?
This is the error in the event viewer:
Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 9/29/2015 3:03:19 PM
Event time (UTC): 9/29/2015 10:03:19 PM
Event ID: 65630219f0764564b0a4e52ee555ec99
Event sequence: 6
Event occurrence: 1
Event detail code: 0
Application information:
Application domain: /LM/W3SVC/2/ROOT/x-1-130880377864550895
Trust level: Full
Application Virtual Path: /x
Application Path: C:\Program Files\Microsoft Office Web Apps\ExcelServicesWfe\
Machine name: OWASRV01
Process information:
Process ID: 13108
Process name: w3wp.exe
Account name: NT AUTHORITY\NETWORK SERVICE
Exception information:
Exception type: InvalidOperationException
Exception message: Request format is unrecognized for URL unexpectedly ending in '/GetRangeContent'.
at System.Web.Services.Protocols.WebServiceHandlerFactory.CoreGetHandler(Type type, HttpContext context, HttpRequest request, HttpResponse response)
at System.Web.Services.Protocols.WebServiceHandlerFactory.GetHandler(HttpContext context, String verb, String url, String filePath)
at System.Web.Script.Services.ScriptHandlerFactory.GetHandler(HttpContext context, String requestType, String url, String pathTranslated)
at System.Web.HttpApplication.MaterializeHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Request information:
Request URL: http://owa.jacos.com/x/_vti_bin/DynamicGridContent.json/GetRangeContent?context={"SessionId":"32.2063a84ba0ce4808b8b7b98ee4328ce51.D86.1.V22.49w26ovr5nZhddfeEjwQWL14.5.en-US5.en-US32.39b9de68102e4682b580c274004a6a841.S1.N","TransientEditSessionToken":null,"PermissionFlags":786367,"Configurations":1585936,"CompleteResponseTimeout":0,"CollaborationParameter":{"CollaborationState":{}},"ExcelFeatures":1515932864734,"WorkbookMetadataParameter":{"WorkbookMetadataState":{"MetadataVersion":0,"ServerEventVersion":0}},"MachineCluster":null,"AjaxOptions":0}&ewaControlId="m_excelWebRenderer_ewaCtl_m_ewa"¤tObject="Sheet1"&namedObjectViewData={"Mode":1,"Settings":2}&row=28&column=30&rowCount=28&columnCount=30&blockX=1&blockY=1&revision=1&renderingOptions=0
Request path: /x/_vti_bin/DynamicGridContent.json/GetRangeContent
User host address: 10.22.250.153
User:
Is authenticated: False
Authentication Type:
Thread account name: NT AUTHORITY\NETWORK SERVICE
Thread information:
Thread ID: 7
Thread account name: NT AUTHORITY\NETWORK SERVICE
Is impersonating: False
Stack trace: at System.Web.Services.Protocols.WebServiceHandlerFactory.CoreGetHandler(Type type, HttpContext context, HttpRequest request, HttpResponse response)
at System.Web.Services.Protocols.WebServiceHandlerFactory.GetHandler(HttpContext context, String verb, String url, String filePath)
at System.Web.Script.Services.ScriptHandlerFactory.GetHandler(HttpContext context, String requestType, String url, String pathTranslated)
at System.Web.HttpApplication.MaterializeHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
This is an error related to the service account of the Excel Web service App not set properly. Set/Configure the service account for the office Excel web service app and recycle the app pools in your dev farm. The current settings is using "NT AUTHORITY\NETWORK SERVICE" account.