sharepoint foundation 2013 with ADLDS as Forms auth repository ERROR
Hello i would explain the steps ive made to have Sharepoint foundation 2013 installed as follows: 1 sqlserver 2008 R2 sp1 (call: data) 1 AD domain controler with AD ldap services (call: dc1) 1 Web and App server (call: app1) a) Install sharepoint foundation with the Admin application on app1 using DOMAIN\sharepoint domain user b) install ADLDS on DC1 as follows: . unique instance . instance name: DIRECTORY . LDAP port number : 50000 and 50001 for ssl . create application partition as O=DIRECTORY, C=LOCAL . Use network service account to run the directory instance . add the user DOMAIN\sharepoint administrative rights to this directory instance . Import all Ldifs excetp the first on the list c) config ADLS DIRECTORY as follow: . create a container sharepoint in the root . inside User and Roles create user and roles with password, etc. (it doesn't matter because the error appears before we can get to auth :-( ) d) ensure your Application Pool accounts for central admin and security token service is running under DOMAIN\sharepoint to have read access to the ADLDS now modify the web.config for central admin app e) change PeoplePickerWildcards to: <PeoplePickerWildcards> <clear /> <add key="AspNetSqlMembershipProvider" value="%" /> <add key="LdapMember" value="*" /> <add key="LdapRole" value="*" /> </PeoplePickerWildcards> f) comment the actual <roleManager> and <membership> section and change with: <membership defaultProvider="i"> <providers> <clear /> <add name="Ldapmembership" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="dc1.local" port="50000" useSSL="false" userDNAttribute="distinguishedName" userNameAttribute="userPrincipalName" userContainer="CN=sharepoint,O=directory,C=local" userObjectClass="user" userFilter="(ObjectClass=user)" scope="Subtree" otherRequiredUserAttributes="cn" /> <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /> </providers> </membership> <roleManager defaultProvider="AspNetWindowsTokenRoleProvider" enabled="true" cacheRolesInCookie="false"> <providers> <clear /> <add name="Ldaprole" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="dc1.local" port="50000" useSSL="false" groupContainer="CN=sharepoint,O=directory,C=LOCAL" groupNameAttribute="cn" groupMemberAttribute="member" dnAttribute="distinguishedName" userNameAttribute="userPrincipalName" groupFilter="(ObjectClass=group)" userFilter="(ObjectClass=user)" scope="Subtree" /> <add applicationName="/" name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> </providers> </roleManager> g) now modify the securoty token service web.config file adding this: <system.web> <membership defaultProvider="i"> <providers> <clear /> <add name="LDAPmembership" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="dc1.local" port="50000" useSSL="false" userDNAttribute="distinguishedName" userNameAttribute="userPrincipalName" userContainer="CN=sharepoint,O=directory,C=local" userObjectClass="user" userFilter="(ObjectClass=user)" scope="Subtree" otherRequiredUserAttributes="cn" /> <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /> </providers> </membership> <roleManager defaultProvider="c" enabled="true"> <providers> <clear /> <add name="LDAProle" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="dc1.local" port="50000" useSSL="false" groupContainer="CN=sharepoint,O=directory,C=local" groupNameAttribute="cn" groupMemberAttribute="member" dnAttribute="distinguishedName" userNameAttribute="userPrincipalName" groupFilter="(ObjectClass=group)" userFilter="(ObjectClass=user)" scope="Subtree" /> <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /> </providers> </roleManager> </system.web> and after this try to open central admin application i have the following errors and the login window didn't appear (use ULS viewer): a) Name=Request (GET:http://app1:24751/) b) Application error when access /, Error=Common Language Runtime detect un programa no vlido. en System.Web.Security.Roles.Initialize() en System.Web.Security.RoleManagerModule.OnEnter(Object source, EventArgs eventArgs) en System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() en System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously c) System.InvalidProgramException: Common Language Runtime detect un programa no vlido. en System.Web.Security.Roles.Initialize() en System.Web.Security.RoleManagerModule.OnEnter(Object source, EventArgs eventArgs) en System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() en System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) d) Getting Error Message for Exception System.InvalidProgramException: Common Language Runtime detect un programa no vlido. en System.Web.Security.Roles.Initialize() en System.Web.Security.RoleManagerModule.OnEnter(Object source, EventArgs eventArgs) en System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() en System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) e) Non-OAuth request. IsAuthenticated=True, UserIdentityName=, ClaimsCount=0 f) Site=/ g) Leaving Monitored Scope (Request (GET:http://app1:24751/)). Tiempo de ejecucin=19,4282 Thank you for your help in advance
November 11th, 2012 7:03am

Hello, I am experiencing similar issues with SP2013 and FBA with AD LDS. This currently works in our 2010 environment and I followed the exact same procedure for setting up the 2013 environment. I enabled both Windows and FBA in the web application authentication providers section. I then added the ad-lds provider information to both the web app and SecurityTokenServiceApplication web.config files. The service account has read (even provided admin) rights on AD-LDS instance. I could successfully connect and bind to AD-LDS instance from the server using ldp.exe with the service account. When I search for AD-LDS users from people-picker, I get no results found message. There is no error, but it cannot locate any of the AD-LDS users. It can find AD users without any issues. Might not be related, but one thing I noticed in IIS 7.5 is that there is no 'Providers' section in a site. Its available at server level but not at site level. This was available in II7 and I could see the FBA provider information in that section. Again, this might be an IIS 7.5 feature that needs to be enabled, but I wanted to just mention that. Any idea if I am missing something here? My config entries and uls logs are below. Thanks in advance. Hey JLSF, I see that you have reference to version 14.0.0.0 in your config entries. Try pointing to 15 and see if it makes a difference. Web application's web.config provider entry: <membership defaultProvider="i"> <providers> <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /> <add name="ProviderName" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="Server_Name" port="389" useSSL="false" userDNAttribute="distinguishedName" userNameAttribute="cn" userContainer="OU=AAA,DC=BBB,DC=com" userObjectClass="person" userFilter="(&amp;(ObjectClass=person))" scope="Subtree" otherRequiredUserAttributes="cn" /> </providers> </membership> <roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false"> <providers> <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" /> </providers> </roleManager> SecurityToken ServiceApplication's web.config provider entry: <system.web> <membership defaultProvider="MyProviderName"> <providers> <add name="MyProviderName" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="Server_Name" port="389" useSSL="false" userDNAttribute="distinguishedName" userNameAttribute="cn" userContainer="OU=AAA,DC=BBB,DC=com" userObjectClass="person" userFilter="(&amp;(ObjectClass=person))" scope="Subtree" otherRequiredUserAttributes="cn" /> </providers> </membership> </system.web> ---------- ULS Log exception: 11/12/2012 14:08:59.28 w3wp.exe (0x1EFC) 0x1508 SharePoint Server Shared Services olgr Exception System.DirectoryServices.DirectoryServicesCOMException (0x80072020): An operations error occurred. at System.DirectoryServices.SearchResultCollection.ResultsEnumerator.MoveNext() at System.DirectoryServices.DirectorySearcher.FindOne() at Microsoft.Office.Server.Security.LDAP.FindOneObject(DirectoryEntry searchRoot, String filter, SearchScope scope, String[] propertiesToLoad, ResultPropertyCollection& entryProperties) at Microsoft.Office.Server.Security.LdapMembershipProvider.GetUser(String valueToMatch, String propertyToMatch) StackTrace: at Microsoft.Office.Server.Native.dll: (sig=91259f48-8267-47c3-b9e2-db848841d13b|2|microsoft.office.server.native.pdb, offset=1357A) at Microsoft.Office.Server.Native.dll: (offset=21EF1) a186e09b-0d41-f046-f371-a5eb8551ea83 11/12/2012 14:08:59.28 w3wp.exe (0x1EFC) 0x1508 SharePoint Server Unified Logging Service c91s Monitorable Watson bucket parameters: SharePoint Server 2013 Preview, ULSException14, 044806dd "sharepoint server", 0f001020 "15.0.4128.0", 86d43aa7 "system.directoryservices", 0400766f "4.0.30319.0", 4ffa5bdb "sun jul 08 23:19:39 2012", 0000066a "0000066a", 0000006f "0000006f", 3c07a33a "directoryservicescomexception:80072020", 6f6c6772 "olgr" a186e09b-0d41-f046-f371-a5eb8551ea83 11/12/2012 14:08:59.28 w3wp.exe (0x1EFC) 0x1508 SharePoint Foundation Performance ftq2 High [Forced due to logging gap, cached @ 11/12/2012 14:08:59.26, Original Level: Verbose] SearchFromGC name = {0}. returned. Result count = {1} a186e09b-0d41-f046-f371-a5eb8551ea83 11/12/2012 14:08:59.28 w3wp.exe (0x1EFC) 0x1508 SharePoint Foundation Claims Authentication f8qh High Error searching for XYZ from membership provider MyProviderName: Microsoft.Office.Server.Security.LdapProviderException: Unexpected exception occurred, please contact administrator to resolve this issue. at Microsoft.Office.Server.Security.LdapMembershipProvider.GetUser(String valueToMatch, String propertyToMatch) at Microsoft.Office.Server.Security.LdapMembershipProvider.GetUser(String name, Boolean userIsOnline) at Microsoft.SharePoint.Utilities.SPMembershipProviderPrincipalResolver.ResolvePrincipal(String input, Boolean inputIsEmailOnly, SPPrincipalType scopes, SPPrincipalSource sources, SPUserCollection usersContainer) at Microsoft.SharePoint.Utilities.SPMembershipProviderPrincipalResolver.SearchPrincipals(String input, SPPrincipalType scopes, SPPrincipalSource sou... a186e09b-0d41-f046-f371-a5eb8551ea83 11/12/2012 14:08:59.28* w3wp.exe (0x1EFC) 0x1508 SharePoint Foundation Claims Authentication f8qh High ...rces, SPUserCollection usersContainer, Int32 maxCount, Boolean& bReachMaxCount) at Microsoft.SharePoint.Administration.Claims.SPFormsClaimProvider.Search(SPPrincipalResolver resolver, SPPrincipalSource pricipalSource, SPPrincipalType pricipalType, String searchPattern, Int32 maxCount, List`1 resolved) at Microsoft.SharePoint.Administration.Claims.SPFormsClaimProvider.FillSearch(Uri context, Boolean allZones, String[] entityTypes, String searchPattern, Int32 maxCount, SPProviderHierarchyTree searchTree) a186e09b-0d41-f046-f371-a5eb8551ea83 11/12/2012 14:08:59.29 w3wp.exe (0x1EFC) 0x1508 SharePoint Foundation Monitoring b4ly High Leaving Monitored Scope (Microsoft.SharePoint.ApplicationPages.ClientPickerQuery.ClientPeoplePickerWebServiceInterface.ClientPeoplePickerSearchUser). Execution Time=69.9467390408557 a186e09b-0d41-f046-f371-a5eb8551ea83 11/12/2012 14:08:59.29 w3wp.exe (0x1EFC) 0x1508 SharePoint Portal Server Microfeeds aizmj High serviceHost_RequestExecuted a186e09b-0d41-f046-f371-a5eb8551ea83 11/12/2012 14:08:59.47 w3wp.exe (0x1EFC) 0x1508 SharePoint Portal Server Microfeeds aizmk High serviceHost_RequestExecuting a186e09b-2d54-f046-f371-a1473b51d492 11/12/2012 14:08:59.61 w3wp.exe (0x1EFC) 0x1508 SharePoint Foundation Performance ftq1 High [Forced due to logging gap, cached @ 11/12/2012 14:08:59.48, Original Level: Verbose] SearchFromGC name = {0}. start ... a186e09b-2d54-f046-f371-a1473b51d492 11/12/2012 14:08:59.61 w3wp.exe (0x1EFC) 0x1508 SharePoint Foundation Performance ftq2 High [Forced due to logging gap, Original Level: Verbose] SearchFromGC name = {0}. returned. Result count = {1} a186e09b-2d54-f046-f371-a1473b51d492 11/12/2012 14:08:59.61 w3wp.exe (0x1EFC) 0x1508 SharePoint Foundation Monitoring b4ly High Leaving Monitored Scope (SPClaimProvider.FillSearch()). Execution Time=127.59659398052 a186e09b-2d54-f046-f371-a1473b51d492 --------------
Free Windows Admin Tool Kit Click here and download it now
November 12th, 2012 3:34pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics