External authentication validation failed

Similar Messages

• External Authentication failed via PHP script

  I'm not a PHP wiz - in fact I am not a backend coder so I am
  somewhat struggeling with the sample scripts - I still hope for a
  CF sample...
  I'm trying to run and log in to AFCS via the commandline
  (Terminal). I'm not sure what I'm doing wrong - here what I am
  passing:
  php -f /Applications/MAMP/htdocs/afcs.php args --debug
  --host=http://connectnow.acrobat.com,fcguru,my_login,my_pass
  The username and password I pass are correct. However I get
  this response:
  Error: exception 'AFCSError' with message '<response
  status="error">
  <error code="AUTH_FAILED">
  <msg>Authorization Failed</msg>
  </error>
  </response>
  ' in /Applications/MAMP/htdocs/afcs.php:86
  Really struggeling with this. Even once I get this working
  from the commandline I do not know how to call this from a script
  instead. I use CF on the backend, not PHP.
  Regards,
  Stefan

  I would say that your command is syntactically correct, but
  semantically incorrect :)
  Two problems:
  - there is no "args" parameter in afcs.php
  - when you use php -f file.php you have to append a -- after
  the php file to tell the interpreter to stop parsing parameters
  because they belong to the script
  So, try this:
  php -f /Applications/MAMP/htdocs/afcs.php -- --debug
  --host=http://connectnow.acrobat.com fcguru my_login my_pass
  or this:
  php /Applications/MAMP/htdocs/afcs.php --debug
  --host=http://connectnow.acrobat.com fcguru my_login my_pass
  Also, there is an example of a php web application that uses
  external authentication in the examples folder
  (ExternalAuthentication/php). Just drop the php folder somewhere in
  your webserver and try it out.

• External Authentication failed with new key

  I have a card using SCP 01 05. There is 1 keyset(3 keys) with version 01. I have added a new keyset(3 keys as well) with version 02.
  I run external authentication with keyset version 01 and it passed. I run external authentication with keyset version 02 immediately but it returned 6982. This mean "Security status not satisfied". Why can't I do authentication with other key?

  Read the INITIAL UPDATE command !!!! What is the P1/P2 ? If you inform it to use the keyset 1, then you can't possibly think that calculating with the keyset 2 will work ?
  The response data contains a bunch of information, including the keyset used to create the card cryptogram. That is the required key for calculating the off-card cryptogram. You would have seen this if you were calculating the card cryptogram properly because you would have been using the wrong key and the cryptograms wouldn't have matched.
  So, Why can't I do authentication with other key? Because you have to INITIALIZE UPDATE with that other key.

• Lync mobility and HTTP authentication test failed. Is reverse proxy required?

  I currently have the following setup.
  1 x 2013 edge server lync1.local.com
  has 3 dmz ips for external names 
  has 1 internal ip
  2 x 2013 std front end servers lync2 & lync3.local.com
  Ive read that in 2013 the mobility service is installed automatically on the front end servers and i do see it running on both.
  All my clients can connect from the windows and mac clients(internally and externally) but not from phone or windows app store client (internally or externally)
  running the exchangeconnectivity test on the website i get the following error
  Testing HTTP authentication methods for URL https://lyncdiscover.external.com/Autodiscover/AutodiscoverService.svc/root/user.
    HTTP authentication test failed.
  Additional Details
  A Web exception occurred because an HTTP 404 - NotFound response was received from Unknown.
  HTTP Response Headers:
  X-MS-Server-Fqdn: lync1.local.com
  Connection: close
  Content-Length: 64
  Content-Type: text/plain
  Server: RTC/5.0
  Elapsed Time: 427 ms.
  After some reading I notice that many people refer to a reverse proxy when dealing with mobility.
  I do not have a reverse proxy server installed. Is this required for the mobility to work correctly? I cant just use the edge server?
  Thanks in advance for any help.

  Take a look at Georg Thomas' blog: http://www.lynced.com.au/2014/04/configure-citrix-netscaler-vpx-as.html also the Citrix official documentation: http://www.citrix.com/global-partners/microsoft/netscaler.html 
  Please mark posts as answers/helpful if it answers your question.
  Blog
  Lync Validator - Used to assist in the validation and documentation of Lync Server 2013.

• External Data Refresh Failed. We cannot locate a server to load the workbook Data Model. ThisWorkBookDataModel

  Hi All,
  I have been trying to fix this for days now. I have tried solutions in many articles but to no avail. So while the error message is something you may have seen may times, I just can't find a solution in my case.
  This is the error:
  And in text just in case the image isn't viewable:
  "External Data Refresh Failed. We cannot locate a server to load the workbook Data Model. We were unable to refresh one or more data connections in this workbook. The following connections failed to refresh: ThisWorkBookDataModel."
  What is worse is I have checked the ULS (SharePoint Trace Logs), the Event Viewer Logs and the OWA Logs and I cannot find a specific error that would help pin point the problem.
  Excel Workbook
  So what am I doing? I have an Excel 2013 workbook and I create an "SQL Server" connection to the AdventureWorksDW database, add a pivot table and a pivot chart, test in in Excel and all works fine.
  I save the Excel workbook to SharePoint 2013 and then select "Data" then "Refresh All Connections" and then I get the error in the picture above.
  Even more puzzling is I have another Excel workbook that also has pivot tables and pivot charts in the AdventureWorksDW2012Multidimensional cube database in "SQL Analysis Services" and this works fine. Hmmm.
  My Environment
  My environment is Windows 2008 R2 Server, SharePoint 2013 with the April Service Pack1 and a separate server with OWA2013 SP1. It has an SQL Server 2008 R2 database which has been upgraded to SQL Server 2012.
  Data Model Settings
  In Excel Services this is set to my server name which is "server-name". As I do not have instances all I can enter is the server name. As this works everywhere else including the workbook outside of SharePoint I do not think this is the problem.
  But I could be wrong.
  Unattended Account
  I have set this up for the PowerPivot Services App and Excel Services App.
  ODC Connections in Excel
  I have tried all 3 authentication modes, Windows, Secure Store ID and "None" which is the unattended account. I have not tried the other connection types, should I?
  Not in WOPI
  I am not in WOPI mode.
  AD Accounts
  I have added permissions in the SharePoint Services and SQL Server, and as they work in Excel outside of SharePoint, I do not think it is a permissions issue. I could be wrong of course, but the problem is in one of SharePoint, OWA, AD,
  SQL Server, Excel, and Windows Server.
  Isolate the Error
  Below is a list of errors I think are relevant but they do not tell me much. The SharePoint logs are not really giving me an error that tells me what to do and where to do it, or even why it cannot refresh, (perhaps not noticeable by the untrained eye).
  Problem with SQL Server Not Analysis Services
  So my cube database in analysis services works fine in SharePoint/OWA but not the databases in sql server. This is my best clue but I have no idea what it means. Why would it work with an Analysis Services connection but not an "SQL Server" connection?
  It Works Outside of SharePoint
  If I run the excel worksheet outside of SharePoint all works fine. When inside OWA this is where the refresh error occurs.
  Errors from Event Viewer on SharePoint Server using ULS Viewer
  "Failed to create an external connection or execute a query. Provider message: There are no servers available or actively being initialized., ConnectionName: , Workbook:"
  "Refresh failed for 'ThisWorkbookDataModel' in the workbook 'http://server...'. [Session: 1.V22.26itT0lx8piNFeqtuGVhN214.5.en-US5.en-US36.98c0e158-9113-46e9-850e-edda81d9ed1c1.A1.N User: 0#.w|ad\testuser1]"
  And an error in the ULS under the "Data Model" category:
  "--> Check Deployment Mode (server-name): Fail (Expected: SharePoint, Actual: Multidimensional)."
  This last error, as it turned out, defined the problem concisely, although I was yet to work out what it meant in some detail.

  I finally solved this myself (or should I say with the help of several key articles).
  The refresh did not work because the database was not in "SharePoint Mode". Yes, SQL Server has modes, 3 of them in fact.
  If you installed SharePoint to the default SQL instance which would be called <servername> then you cannot use this default instance for Excel 2013 workbooks in OWA 2013 because the refresh only works if the database is in SharePoint mode.
  So what are these 3 modes? The Deployment Mode property in the msmdsrv.ini file has them as:
  0 = Multidimensional mode (the default whenever you install SQL Server normally)
  1 = PowerPivot for SharePoint mode
  2 = Tabular mode mode
  How do you know what mode you are in? That's easy, open SQL Studio Manager and connect to all your SQL database engine instances (ignore Analysis Services or SSRS as they are not database engines). If you only have the default instance then that is almost
  definately in Multidimensional mode which is the default and what SharePoint installs its databases to.
  You must have an instance called <servername>\POWERPIVOT. This instance is the "sharepoint mode" needed, and the default instance name when you install an SQL instance in this mode.
  If you don't see <servername>\POWERPIVOT in SQL server then you are not in "sharepoint mode". It is more accurate to say, you do not have an instance that is in sharepoint mode. This is because you cannot simply switch modes on an SQL server.
  You have to install a new instance in the required mode, thats the only way.
  That's easy enough. Load up the SQL Server setup CD and run setup. Install a brand new instance and select "SQL Server PowerPivot for SharePoint" when you get there in the wizard.
  Now you will have the default instance that stores all the SharePoint databases and that is in mode 0, and a new instance called <servername>\POWERPIVOT that is in mode 1. The "<servername>\POWERPIVOT" instance connection is what you
  will use for Excel 2013 when rendering in OWA 2013.
  You also need to ensure OWA 2013 is not in WOPI mode for Excel worksheets. See the last link below for more information about WOPI.
  Next you should go to the Excel Service App in CA and click Data Model Settings and add the <servername>\POWERPIVOT instance.
  Then you have to either turn off the firewall on the SQL server machine, or create an inbound rule on the Windows firewall to open the TCP port for the <servername>\POWERPIVOT instance:
  1. Start Task Manager and then click Services to get the PID of the MSOLAP$InstanceName.
  2. Run netstat –ao –p TCP from the command line to view the TCP port information for that PID.
  Finally, you can now create Excel 2013 workbooks that run in OWA without refresh errors, as long as you are connecting to the <servername>\POWERPIVOT instance. Hooray.
  REFERENCES
  Look for the string "There are no servers available or actively being initialized" in this article:
  http://blogs.msdn.com/b/analysisservices/archive/2012/08/02/verifying-the-excel-services-configuration-for-powerpivot-in-sharepoint-2013.aspx
  Determine the server mode:
  http://msdn.microsoft.com/en-au/library/gg471594(v=sql.110).aspx
  Install the SharePoint PowerPivot instance (aka SharePoint mode)
  http://msdn.microsoft.com/en-au/library/eec38696-5e26-46fa-bc83-aa776f470ce8(v=sql.110)
  Open the port for the new SQL instance:
  http://msdn.microsoft.com/en-us/library/ms174937(v=sql.110).aspx
  Turn Off WOPI for Excel OWA
  http://blogs.technet.com/b/excel_services__powerpivot_for_sharepoint_support_blog/archive/2013/01/31/powerpivot-for-sharepoint-browser-refresh-fails-data-refresh-not-supported-in-office-web-apps.aspx

• Project Server 2013 - External Data Refresh Failed

  Hi, 
  I have built  new Project Server 2013 in a 3 tier farm, with OWA, configured PWA site everything working fine except, Reports in BI Center, where i am getting - External Data Refresh Failed error
  http://Sp2013/PWA/ProjectBICenter/Sample%20Reports/Forms/AllItems.aspx
  i have stopped using Excel Web also to use Excel Services, get below error
  External Data Refresh Failed
  An error occurred while accessing application id ProjectServerApplication from Secure Store Service. The following connections failed to refresh:
  Project Server - Issue Data
  Project Server - Risk Data
  Learn
  more about data refresh
  Steps Tried:
  1.deleted Excel Services - recreated
  2.Deleted Secure store - recreated
  Built  test box without OWA still have the same issue
  Any suggestions/ Solutions greatly appreciated.
  Thanks 
  Aleem
  Alim

  Hi,
  If you are still facing the same issue follow the below steps:
  1) Access PWA from your server
  2) Download any built in report from Reports section (in your case
  Project Server - Issue Data Project
  Server - Risk Data) to your server.
  3) Open report in excel, go to Data->Connections in Workbook Connection dialog open "Project Server - Issue Data" go to properties.
  4) Here select tab 'Definition' under connection file remove tick for 'Always use connection file'
  5) Tweak your connection string & tick save password option 
  6) Excel Services: Authentication Settings (suit yourself)
  Now, save & publish on PWA, hope it works :)

• AD External Authentication Plug-In verification issue

  We are working on a Proof of Concept instance to integrate MS AD with OID for the first time for E-Biz 11i.
  1) I completed the bulk load of all the existing users from AD to OID successfully
  2) completed enabling the syncrhonization profile
  3) Ran the txkrun.pl successfully
  4) However i wanted to check the External authentication plug-in and i get the below issue.
  How to debug ldapcompare ? Where is the logfile for ldapcompare ?
  ldapcompare -h OID_Host -p 389 -D "cn=orcladmin" -w ******* -b "cn=lastname\, firstname,ou=consultants,ou=users,ou=usaeast,dc=adadmin,dc=lps,dc=netsrv,dc=us" -a userPassword -v abcdefgh
  The value abcedefgh is not contained in the attribute userPassword in DN cn=lastname\, firstname,ou=consultants,ou=users,ou=usaeast,dc=adadmin,dc=lps,dc=netsrv,dc=us.
  An ldapbind on the same AD server is successful, but ldapcompare is failing.

  I get invalid credentials. Though the network password is correct. I feel its somewhere i messed up the 3rd party plug-in configuration. Is there a method to get debug information for ldapcompare command ?
  From metalink NOTE : 277382.1
  "When using the above command, ldapcompare binds to OID using the OID admin user (typically "cn=orclAdmin") and password. Then it provides the AD username and requests that the value supplied as AD-USER-PASSWORD be compared to whatever is stored in AD username's userPassword attribute. Because OID does not store a value in its own user entries/userPassword attributes for AD-synchronized entries, this ldapcompare call will cause OID to invoke the plug-in and verify the userPassword value in AD instead.
  If the plug-in works, the ldapcompare should return a message saying that the given password is contained in the userpassword attribute, e.g.
  "

• External authentication on Essbase 9.3.1

  I am migrating from Essbase 7.3.x on 32-bit Windows to System9 on 64-bit windows. External authentication works on both Shared Services and EAS. I have successfully registered EAS and Essbase with shared services however I do not see Essbase in "User console" of Shared Services as an application. I am able to create native authenticated users in Essbase but unable to externalise the security. I get the following error messages when trying to externalise:
  Error: 1051549: Can not convert Analytic Services to Shared Services mode when Analytic Services is not configured with Shared Services or the initialization process has failed
  On starting Essbase, I see the following error message when I use the same CSSconfig file as used by shared services:
  [Wed Jul 16 10:26:45 2008]Local/ESSBASE0///Error(1051223)
  Single Sign On function call [css_init] failed with error [getOSVersion]
  [Wed Jul 16 10:26:45 2008]Local/ESSBASE0///Info(1051198)
  Single Sign-On Initialization Failed !
  If I point to the current CSS file used in production Essbase 7, I get the following message:
  [Wed Jul 16 10:33:26 2008]Local/ESSBASE0///Error(1051223)
  Single Sign On function call [css_init] failed with error [-1]
  [Wed Jul 16 10:33:26 2008]Local/ESSBASE0///Info(1051198)
  Single Sign-On Initialization Failed !
  In either case everything except External Authentication on System9 for Essbase works.
  Both shared services and Essbase are on the same 64-bit Windows box.
  Any help in resolving this will be greatly appreciated.
  Thanks,
  Vikram.

  HI:
  I recommand following these steps:
  1. Go to the box where you have your Essbase installed
  2. Pull up the Shared Services Configuration Utility
  3. Select COmponent to be registered as Essbase
  4. Remeber to stop the essbase - i assume you are getting the error hence essbae would not have loaded.
  5. Re-register Essbase with Shared services
  6.Start essbase in Foreground
  It shuld Start :) good Luck..let me know If this failed..
  Thanks,
  Sriram

• External Authentication won't correctly set USER name or Role

  I am using JAVA under Google App Engine for my backend and attempting to log a user into a room using external authentication. I can connect and get into the room just fine my issue is with the user infomation once I am logged in. The user has a null username and ID (possibly generated) and thier role is set to zero (or at least not high enough to publish). If the room is set to auto-Promote then I do have the ability to publish (this is what I would expect) but still I needed the user to have a role of owner (so they can create nodes).
  Here is a little of the java on the back end (I removed my shared secret):
  public String getRoomToken(String roomID, String userName, String userID, int userRole)      {
             try {               
                           Session session = am.getSession(roomID);
               return session.getAuthenticationToken(..., "Bob", "TestID", 100);               
                           //return session.getAuthenticationToken(..., userName, userID, userRole);          
                        } catch (Exception e) {
                 // TODO Auto-generated catch block
                                 e.printStackTrace();
                      return null;
  getAuthenticationToken is hardely changed from what is in the AFCS.java in the examples folder but here it is in any case
  /**      * get an external authentication token      */
  public String getAuthenticationToken(String accountSecret, String name, String id, int role) throws Exception
       if (role < UserRole.NONE || role > UserRole.OWNER)
           throw new Error("invalid-role");
          String token = "x:" + name + "::" + this.account
           + ":" + id + ":" + this.room + ":"+ Integer.toString(role);
          String signed = token + ":" + sign(accountSecret, token);
          // unencoded      
                 //String ext = "ext=" + signed;       
                 // encoded
         String ext = "exx=" + Utils.base64(signed);
         return ext;
  This should work. My Shared secret is removed above but I doubt that is the problem as my app does authenticate just fine it just throws an exception telling me I don't have the required permissions to publish when I try to do anything. while observing from the DevConsole I see a user in the room but they are marked as null. Note that non-external authentication works just fine. If I hardcode my login creds in AdobeHSAuthenticator I can get in just fine with no issue. Also if the room I get an authenticationToken for does not match the roomURL I connect to with ConnectSessionContainer I will fail to login correctly like I would expect. So I know my credentials are getting to the AFCS and being decrypted correctly (as I can only authenticate for the room I send in that credential token) but for some reason it simply won't set my role and username/userid correctly.  Any help would be great, this has caused me a great deal of grief for days now...
  Thanks guys...
  Ves

  Well this is wierd I was trying to set this up so that I could get the log output on that run and I ended up changing
  <rtc:AdobeHSAuthenticator id="auth" authenticationKey="{Application.application.parameters['token'] as String}"/>
  to
  <rtc:AdobeHSAuthenticator id="auth" authenticationKey="{token}"/>
  and adding a preinitialize function of:
  protected function preInit():void
              templateID = Application.application.parameters['room'];
               token = Application.application.parameters['token'];
  oddly enough it now works like a charm now. It is still disconcerting that I was able to actually enter the room even though my token was somehow corrupted (that probably isn't intened behavior). If this shows up agian I will try and track down the particulars and send you guys an email as an FYI. thanks for the help....
  Ves

• External Authentication Solution?

  I am looking for an external authentication solution for Web AS (ABAP Specifically but the whole AS would be preferable)
  i.e. Our External Authetication system sits in front of SAP that does Auth then passes username in a HTTP Header to SAP..
  So far we have these previous solutions
  1. SAP WAS Java -> Using Header Authenticaion Module
  2. SAP Netweaver -> Using ITS Standalone configured for PAS and SNC
  So For SAP Web AS We need to do this for the ABAP side of things and I from what I can gather from the documentation the only mechanism to do this is to either :
  a) use ITS Standalone in front of the SAP Web AS ABAP or,
  b) use the current J2EE solution using Header Authentication Module.???
  Now we cannot install ITS Standalone so that is out it is then up to the J2ee solution.
  My question is : The documentation refers to Integrated Java -> Does this mean that the Java is installed by default? or does it have to be installed separately?
  I have installed the Web AS Preview Installation (ABAP) 2004s  but I've put it in this forum as it's more general type concept question
  Ideally we'd like to have an ICM SSO solution so that we just deal with one point but I don't know if this is possible?

  Raff,
  Thank you for your reply.  We checked with our server configuration and it does appear to have OpenSSL enabled.
  extension=openssl.so
  Apache Version
  Apache/2.2.11 (Unix) PHP/5.2.9 with Suhosin-Patch mod_ssl/2.2.11 OpenSSL/0.9.7m mod_apreq2-20051231/2.6.0 mod_perl/2.0.3 Perl/v5.8.7
  Other than the original apache error log message, we are not  getting any error messages in the php error log to indicate a problem.  I am making the call from an https://URL  with a valid certificate.  I get the same error message as before. 

• Trouble With External Authentication!

  Hello all!
  I have been trying to experiment with external authentication with PHP using the samples provided with the LCCS SDK Navigator.
  I have changed the "index.php" page to include all my account info. and have double checked it!  However, when I upload it to my server, I keep getting the following error(s) whenever I click the submit button on the form:
  Warning: fopen() [function.fopen]: URL file-access is disabled in the server configuration in /home/tueslcom/public_html/LoginTest2/lccs.php on line 690
  Warning: fopen(https://collaboration.adobelivecycle.com/myusername?mode=xml&accountonly=true&) [function.fopen]: failed to open stream: no suitable wrapper could be found in/home/tueslcom/public_html/LoginTest2/lccs.php on line 690
  Fatal error: Uncaught exception 'RTCError' with message 'connection-failed' in /home/tueslcom/public_html/LoginTest2/lccs.php:695 Stack trace: #0 /home/tueslcom/public_html/LoginTest2/lccs.php(587): RTC::http_get('https://collabo...', Array) #1 /home/tueslcom/public_html/LoginTest2/lccs.php(254): RTCAccount->do_initialize() #2 /home/tueslcom/public_html/LoginTest2/index.php(33): RTCAccount->__construct('https://collabo...') #3 {main} thrown in /home/tueslcom/public_html/LoginTest2/lccs.php on line 695
  I have a bit of experience with PHP, however, going through lccs.php and trying to reverse engineer everything to find out what`s going on is a little beyond my skill level!  Any idea what might be happening/missing here?  This seems like it should be a no-brainer!
  Thanks in advance for any help anyone can give.
  Matt

  Raff,
  Thanks for your quick reply!
  I called phpinfo() and it appears that OpenSSL is working:
  OpenSSL Support - enabled
  OpenSSL Support - OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
  Is SSL needed for encrypted communications between the browser and the LCCS server?  When it comes to ports, security, and all the headaches that go with it, I am pretty much a NOOB (by choice)!
  Also, the forum search doesn`t seem to be working (at least it`s not returning anything for me).  Any hints as to what other modules are needed?
  btw - Is it "http://connectnow.acrobat.com" or "https://collaboration.adobelivecycle.com"?
  And it seems that "lccs.php" had been renamed from "afcs.php" along with "RTCAccount", which used to be "AFCSAccount".  The code examples have not been updated to reflect this, and although I fixed this in some of the code, could there still be problems inside "lccs.php"?
  Thanks again,
  Matt

• Non-SysAdmins get error 18456 Severity 14 State 11 Login Failed for user _ Reason Token-based server access validation failed with an infrastructure error.

  I have a SQL 2008 R2 system (10.50.4000) where I'm having problems connecting any user that is not a SysAdmin.  Example: I setup a new SQL Login to use Windows Authentication and grant that user db_datareader on the target database.  The user attempts
  to connect using Excel client or Access or SQL Management Studio and receives Error 18456.  The SQL Server Logs shows Error 18456 Severity 14 State 11 Login Failed for user _ Reason Token-based server access validation failed with an infrastructure error.
  The strange part is that if I temporarily grant the user the sysadmin server role then the user can connect successfully and retrieve data.  But, if I take away that sysadmin server role then the user can no longer connect but again receives the Error
  18456 Severity 14 State 11 Login Failed for user _ Reason Token-based server access validation failed with an infrastructure error.
  We've turned off UAC on the client machine to see if that was the problem, but no change.
  I have dropped and re-added the user's SQL Login (and the related database user login info).  No success.
  The Ring Buffers output shows:
  The Calling API Name: LookupAccountSidInternal
  API Name: LookupAccountSid
  Error Code: 0x534
  Thanks for any help.
  -Walt

  Yes, you understand correctly.  The user is logging onto a workstation (not the server) with a Windows Authenticated id.  The user is using either Excel or Access or SSMS and connecting to the server using a Windows Authenticated SQL Login account.
   If the account has sysadmin role (which is only for testing) then the connection is successful.  If I take away sysadmin role from the account then the connection is unsuccessful and the SQL Server Log shows Error
  18456 Severity 14 State 11 Login Failed for user _ Reason Token-based server access validation failed with an infrastructure error.
  (SQL Authentication is not an option here.  I must use Windows Authentication).
  Any other troubleshooting assistance you can offer would be appreciated.  Thanks.
  -Walt 

• BCS - Message from External System : 'Login failed for user 'NT AUTHORITY\IUSR'.'.

  Hello,
   I have create a an external content type .
   I Choose "Connect with user's Identity".
   I create a external list that uses the ExternalContentType.
   When I try open the external list from browser by User "TestUser" . I get the following error "Message from External System : 'Login failed for user 'NT AUTHORITY\IUSR'.'"
     My Question :
         I need to know why pass the credential "NT AUTHORITY\IUSR" to connect to the data base not the
          current log in"TestUser" ?  How Can I solve it ?
          Thanks
           Hema
  ASk

  Hi,
  did you configure Kerberos delegation?
  NTLM fails when you try to open external list from client computer, because SharePoint cannot pass user's identity - "Double Hop" issue.
  Take a look at confguring Kerberos for SharePoint 2010 white paper
  Download Configuring Kerberos Authentication for Microsoft SharePoint 2010 Products from Official Microsoft Download Center
  http://www.microsoft.com/en-us/download/details.aspx?id=23176
  Robi MCT Kompas Xnet d.o.o. Ljubljana | blog: http://xblogs.kompas-xnet.si | website: http://www.kompas-xnet.si
  Slovenia
  Please vote if you find reply useful or mark it as answer.
  Thank you

• WSDL Validation Failed (Web Services)

  I want to create a Web Service-Based Application in LabVIEW and I'm
  trying to go through the steps in the tutorial
  http://zone.ni.com/devzone/cda/tut/p/id/4728.
  I tried the following web services, but I always get the same error.
  http://coeservice.en.kku.ac.th:8080/TemperatureConvertor/TemperatureConvertorService?WSDL
  http://www.ecubicle.net/iptocountry.asmx?wsdl
  Error:
  WSDL Validation Failed.
  Validation failed. The URL is not formatted correctly and should be in the folowing form: http://localhost/test/good.asmx?WSDL
  I defined a proxy server with authentication. Without doing, that I get another error:
  Validation Failed.
  Possible Reasons are:
  1. The URL does not exist or the WSDL is bad.
  2. Authentication is not correct.
  3. Proxy information is not correct.
  So it seems that the proxy information is ok. But the web service I want to access isn't located on the localhost - I want to access a service in the internet. Can somebody give me a hint? I already tried to change some settings of the LabVIEW webserver. But it didn't help anything.
  David
  Solved!
  Go to Solution.

  In my browser I don't need to define a proxy (the proxy is detected automatically). But I still tried to define a proxy for the webservice - I got the informations from our IT department.
  I attached 3 screenshots of the webservice wizard with the error message...
  Attachments:
  ImportWebService1.gif ‏19 KB
  ImportWebService2.gif ‏22 KB
  ImportWebService3.gif ‏6 KB

• Token-based server access validation failed with an infrastructure error

  Hi
  We have a new Win 2008 Enterprise x64 server running SQL 2008
  When we try to connect to the server using Windows Authentication, from a user account which is a domain administrator, we get the following message:
  "Token-based server access validation failed with an infrastructure error"
  What needs to be configured here for this to work ?
  Thanks
  Bruce

  Hi,
  I am encountering the same error message but it is more around the login, this problem happens only on one server but it is fine on another three, my investigation show it is a ghost SID associated with AD user account
  Background
      1- An Active Directory (AD) account was created for a user [Domain\UserA]
      2- A SQL login was created for the account above and then granted access to a number of databases
      3- The AD account was renamed/modified to [Domain\UserB]
      At this stage the user would encounter an error when connecting to the server
      The sql log show this error message
      Error: 18456, Severity: 14, State: 11.
      Message
      Login failed for user 'domain\user'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors.     [CLIENT: xxx]
  Action on Server 1 SQL (the one with the problem)
      1- Dropped the user from the databases
      2- Re-Created the login from the windows account [Domain\UserB]
      3- Created the user in the respective databases
      But the user still unable to connect to the server
  Investigation
      On server 1, the SID of the user in SYSUSERS was Matching SYSLOGINS and matches with result of SUSER_SID(Domain\UserA)
      But it does not match the SID in the AD
      The rest of the servers all have the correct SIDs
      When I use SUSER_SNAME(Incorrect-Sid) and SUSER_SNAME(Correct-Sid) on this server they both return [Domain\UserB]
      The problematic server is always returning the incorrect SID when recreating the user login and when using SUSER_SID(Domain\UserA) as if it is cached somewhere.
  I can't specify the SID when creating the SQL login because it is using the Windows account
  Your ideas on how to fix this problem are much appreciated
  Regards,
  DGL