I have this sharepoint application which was running absolutely fine. The Application Pool Identity was set to configurable for this sharepoint application.
But from yesterday i have been getting the following error while trying to access the application:
Cannot connect to the configuration database.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: Microsoft.SharePoint.WebPartPages.WebPartPageUserException: Cannot connect to the configuration database.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[WebPartPageUserException: Cannot connect to the configuration database.]
Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.EnsureInitialize(HttpRequest request) +544
Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.BeginRequestHandler(Object oSender, EventArgs ea) +2347
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +68
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75
The application had the credentials of a user who has now left our organization. So i decided to key in my credentials for the same.
But i am still facing the same error !!
I have given all the rights to my user that the other user had under the user management (administrative tools).
Can someone please help !!
Whats going wrong ??
Please verify that your application pool account has "Connect" permission on the SharePoint_Config database.
Related
We have an ADFS setup completed on one of our Azure virtual machine, and we have one Sql managed Instance created in azure portal.
We have federated our domain and successfully connected with 'Sql managed Instance' via AAD-Integrated authentication from SSMS.
Our problem is that when we try to connect this Sql managed Instance from our IIS application with AAD-Integrated authentication method
(string ConnectionString = #"Data Source=XXXXXXXXX; Authentication=Active Directory Integrated; Initial Catalog=testdb;")
, we get the following error on screen:
Message - > One or more errors occurred. Inner Exception -> System.AggregateException: One or more errors occurred. ---> AdalException: MSIS7069: The specified request failed. at ADALNativeWrapper.ADALGetAccessToken(String username, IntPtr password, String stsURL, String servicePrincipalName, ValueType correlationId, String clientId, Boolean* fWindowsIntegrated, Int64& fileTime) at System.Data.SqlClient.ActiveDirectoryNativeAuthenticationProvider.<>c__DisplayClass2_0.b__0() at System.Threading.Tasks.Task`1.InnerInvoke() at System.Threading.Tasks.Task.Execute() --- End of inner exception stack trace --- at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification) at System.Data.SqlClient.SqlInternalConnectionTds.<>c__DisplayClass134_1.b__0() at System.Threading.Tasks.Task`1.InnerInvoke() at System.Threading.Tasks.Task.Execute() ---> (Inner Exception #0) AdalException: MSIS7069: The specified request failed. at ADALNativeWrapper.ADALGetAccessToken(String username, IntPtr password, String stsURL, String servicePrincipalName, ValueType correlationId, String clientId, Boolean* fWindowsIntegrated, Int64& fileTime) at System.Data.SqlClient.ActiveDirectoryNativeAuthenticationProvider.<>c__DisplayClass2_0.b__0() at System.Threading.Tasks.Task`1.InnerInvoke() at System.Threading.Tasks.Task.Execute()<---
Also we checked into ADFS logged issues and got the following error logged as follows:
Log Name: AD FS/Admin
Source: AD FS
Date: 7/29/2021 12:26:45 PM
Event ID: 111
Task Category: None
Level: Error
Keywords: AD FS
User: Domain\testuser
Computer: Name of our adfs server(Not mentioned the exact name due to sensitive data)
Description:
The Federation Service encountered an error while processing the WS-Trust request.
Request type: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
Additional Data
Exception details:
Microsoft.IdentityServer.Service.SecurityTokenService.ADAccountValidationException: MSIS3173: Active Directory account validation failed. ---> Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.AttributeStoreDSGetDCFailedException: Exception of type 'Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.AttributeStoreDSGetDCFailedException' was thrown.
Are we missing anything in the whole process?
Edit1:
I have one confusion regarding federated domain. The domain which we are using in our client machine, has to be primary domain in our Azure active directory OR can it be just in custom domain list in Azure active directory?
Edit2:
Finally, we were successful in connecting to our IIS application via AAD-Integrated authentication. We just changed our application pool's identity from ApplicationPoolIdentity(default option) to our domain user and voila, it worked like a charm. Hope somebody can get benefited from this.
I'm trying get integrated authentication working between my app, and azure SQL. The app is running on a VM that is joined to an Azure AD domain (Domain Services) on IIS.
I have followed this official MS document on setting up auth:
https://learn.microsoft.com/en-us/azure/sql-database/sql-database-aad-authentication-configure (Note - we are not using managed instances for SQL).
1) The admin group has been added via the portal
2) The contained database user (also part of the admin group) has been created, per the doc.
3) The IIS application pool is running as the same user as well.
Attempts to connect to the site return this error:
[AdalException: Integrated Windows authentication supported only in federation flow.]
ADALNativeWrapper.ADALGetAccessToken(String username, IntPtr password, String stsURL, String servicePrincipalName, ValueType correlationId, String clientId, Boolean* fWindowsIntegrated, Int64& fileTime) +829
System.Data.SqlClient.<>c__DisplayClass2_0.<AcquireTokenAsync>b__0() +132
System.Threading.Tasks.Task`1.InnerInvoke() +121
System.Threading.Tasks.Task.Execute() +47
[AggregateException: One or more errors occurred.]
System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions) +4323177
System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification) +12865803
System.Threading.Tasks.Task`1.get_Result() +33
System.Data.SqlClient.<>c__DisplayClass134_1.<GetFedAuthToken>b__0() +39
System.Threading.Tasks.Task`1.InnerInvoke() +121
System.Threading.Tasks.Task.Execute() +47
[AggregateException: One or more errors occurred.]
Our web.config is using this as a connection string:
name="LocalSqlServer" connectionString="Server=tcp:XXXXX;Initial Catalog=XXXXX;Persist Security Info=False;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Authentication='Active Directory Integrated';" />
We're hoping to be able to remove any mention of plain-text passwords within our web.config, and azure authentication should be able to provide that.
Any help would be appreciated!
EDIT:
In an attempt to start fresh, I migrated the application to another fresh Azure VM. This time, the process initially lead to this error:
Unable to load adalsql.dll (Authentication=ActiveDirectoryPassword). Error code: 0x2.
After installing the .dll, it then leads me to the same error I posted above. Not sure if this initial error could shed some light on the underlying problem.
The error message is "Integrated Windows authentication supported only in federation flow"
From the portal, if you select "Azure Active Directory" and then select "Custom Domain names"
Do you have a single line on the list with "Primary" Selected?
If that is the case, you could try adding a new custom domain, mark that as federated and then use a user from that domain for the integrated authentication.
Recheck if the VM is on-premise or on-cloud because if your machine is on-prem and it is a joined AD, you should see it as a device in Azure Active Directory. Otherwise, when the machine is not integrated with ADFS, you will end up with the exception message "Integrated Windows authentication supported only in federation flow".
There are two possibles solutions:
- Integrate the machine into ADFS
- Use Active Directory Password with a valid account on Azure Active Directory.
In my scenario, I couldn't move the machine so I use an AD account.
I am trying to make a simple image analysis project using AI-tools for Visual Studio. I have created an Azure Cognitive Service as a ComputerVision service. It has been more than 10 minutes since I created it so the api keys should be valid. Then I created a new project by right clicking on it. But when I run it then I get this exception:
Please input image url or locate a local image file. If input is empty, example image will be used.
No url or file specified, use the example https://oxfordportal.blob.core.windows.net/vision/Analysis/1-1.jpg
One or more errors occurred.
at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
at System.Threading.Tasks.Task`1.get_Result()
at GetImageDetailsService.Program.Main(String[] args) in C:\Users\X\Documents\Visual Studio 2017\Projects\CognitiveServiceTest\GetImageDetailsService\Program.cs:line 27
Microsoft.Azure.CognitiveServices.Vision.ComputerVision.Models.ComputerVisionErrorException: Operation returned an invalid status code 'Unauthorized'
at Microsoft.Azure.CognitiveServices.Vision.ComputerVision.ComputerVisionAPI.<DescribeImageWithHttpMessagesAsync>d__30.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Azure.CognitiveServices.Vision.ComputerVision.ComputerVisionAPIExtensions.<DescribeImageAsync>d__4.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.CognitiveServices.Samples.ComputerVisionApiExtensions.<DescribeImage>d__2.MoveNext() in C:\Users\X\Documents\Visual Studio 2017\Projects\CognitiveServiceTest\GetImageDetailsService\ComputerVisionApiExtensions.cs:line 34
Apparently I am not authorized. What can be causing this?
I am logged into my Azure subscription and I have funds (I am using F0 tier). I have also checked that the region is correct and that the api key matches.
Edit: When I change the api key to something different in the application call then I still get an unauthorized exception.
Edit2: Added code that calls the api.
var client = new ComputerVisionApiExtensions(ComputerVisionSubscriptionKey, ComputerVisionRegion, null);
var result = client.DescribeImage(imagePath).Result;
I was getting the same thing and thought it would be worthwhile to submit an issue. I got a response for a fix, tested it, and it all worked!
To solve the issue, just put this.AzureRegion = GetRegion(region); inside the constructor in the ComputerVisionApiExtensions.cs file.
For the Computer Vision API type of Azure Cognitive Services, the request for analyzing an image would look like as follows:
POST https://{location-of-your-Computer-Vision-API}.api.cognitive.microsoft.com/vision/v1.0/analyze?visualFeatures=Categories&language=en
Host: {location-of-your-Computer-Vision-API}.api.cognitive.microsoft.com
Content-Type: application/json
Ocp-Apim-Subscription-Key: {subscription-key-under-the-same-region-of-your-Computer-Vision-API}
{"url":"https://oxfordportal.blob.core.windows.net/vision/Analysis/1-1.jpg"}
Note: You must use the same region in your REST call as you used to
get your subscription keys. For example, if you got your
subscription keys from westus, replace "westcentralus" in the URL
below with "westus".
If your Azure Cognitive Services is under East Asia, while you use the subscription key to request westcentralus.api.cognitive.microsoft.com instead of eastasia.api.cognitive.microsoft.com, then you could get 401 Access Denied and the following response:
{
"statusCode": 401,
"message": "Access denied due to invalid subscription key. Make sure to provide a valid key for an active subscription."
}
You could use fiddler to capture the network traces when running your application to narrow this issue. Also, you could follow the detailed tutorials under "RESOURCE MANAGEMENT > Quick start" of your Cognitive Services via Azure Portal.
I have a old application and the other developer was using connection string like this
<add key="test" value="Data Source=Serzero;Database=NijaDatabase;trusted_connection=true;Connect Timeout=360"/>
My question is that the application is ruining perfectly on the local server access remote database when i am using VS2010 but when i am hosting this my application on the IIS on my machine getting error ...Locally applicaiton working fine login logout everything but on IIS getting this error when try to log in
Login failed for user
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: Login failed for user .
Source Error:
You need to either add Integrated Security=False;User Id=userid;Password=password to your connection string.
After publishing an ASP.NET MVC 3 application to Windows Azure websites, I receive the following error message when attempting to load the site. The site works as expected on my development server.
What steps can I take to rectify this issue?
Server Error in '/' Application.
--------------------------------------------------------------------------------
The current identity (IIS APPPOOL\myapp) does not have write access to 'C:\DWASFiles\Sites\myapp\Temporary ASP.NET Files'.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Web.HttpException: The current identity (IIS APPPOOL\myapp) does not have write access to 'C:\DWASFiles\Sites\myapp\Temporary ASP.NET Files'.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[HttpException (0x80004005): The current identity (IIS APPPOOL\myapp) does not have write access to 'C:\DWASFiles\Sites\myapp\Temporary ASP.NET Files'.]
System.Web.HttpRuntime.SetUpCodegenDirectory(CompilationSection compilationSection) +9899906
System.Web.HttpRuntime.HostingInit(HostingEnvironmentFlags hostingFlags, PolicyLevel policyLevel, Exception appDomainCreationException) +199
[HttpException (0x80004005): The current identity (IIS APPPOOL\myapp) does not have write access to 'C:\DWASFiles\Sites\myapp\Temporary ASP.NET Files'.]
System.Web.HttpRuntime.FirstRequestInit(HttpContext context) +9877804
System.Web.HttpRuntime.EnsureFirstRequestInit(HttpContext context) +101
System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context) +254
--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.19064
From the Azure management portal try performing a full STOP on the website, wait a minute and then START.
We were having this exact same issue and although a quick 'restart' had no effect (although I tried multiple times) I decided to take David Ebbo's suggestion a bit further and that worked for us.