ISE BYOD Microsoft SCEP NDES 802.1x The SCEP server returned an invalid response

Similar Messages

• IOS Mobile Device Management - The SCEP server returned an invalid response

  I am in the process of writing an open source iOS mobile device management module in Java. For this I am referring the Apple provided Ruby code at [1]. I have set this up and it works fine for me. Now I need to convert this code to Java. So far I have accomplished to do that up to PKIOperation. In the PKI operation I get "The SCEP server returned an invalid response" which I believe is due to wrong response I sent to device upon PKIOperation.
  However when I do search on the internet I get this is something to do with the "maxHttpHeaderSize" as I am using the server as Apache Tomcat. Although I increase that since still it does not get resolved.
  Here is the code I need to convert - taken from Apple provided Ruby script
  if query['operation'] == "PKIOperation"
      p7sign = OpenSSL::PKCS7::PKCS7.new(req.body)
      store = OpenSSL::X509::Store.new
      p7sign.verify(nil, store, nil, OpenSSL::PKCS7::NOVERIFY)
      signers = p7sign.signers
      p7enc = OpenSSL::PKCS7::PKCS7.new(p7sign.data)
      csr = p7enc.decrypt(@@ra_key, @@ra_cert)
      cert = issueCert(csr, 1)
      degenerate_pkcs7 = OpenSSL::PKCS7::PKCS7.new()
      degenerate_pkcs7.type="signed"
      degenerate_pkcs7.certificates=[cert]
      enc_cert = OpenSSL::PKCS7.encrypt(p7sign.certificates, degenerate_pkcs7.to_der,
          OpenSSL::Cipher::Cipher::new("des-ede3-cbc"), OpenSSL::PKCS7::BINARY)
      reply = OpenSSL::PKCS7.sign(@@ra_cert, @@ra_key, enc_cert.to_der, [], OpenSSL::PKCS7::BINARY)
      res['Content-Type'] = "application/x-pki-message"
      res.body = reply.to_der
  end
  So this is how I written this in Java using Bouncycastle library.
  X509Certificate generatedCertificate = generateCertificateFromCSR(
                  privateKeyCA, certRequest, certCA.getIssuerX500Principal()
                          .getName());
          CMSTypedData msg = new CMSProcessableByteArray(
                  generatedCertificate.getEncoded());
          CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
          edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(
                  receivedCert).setProvider(AppConfigurations.PROVIDER));
          CMSEnvelopedData envelopedData = edGen
                  .generate(
                          msg,
                          new JceCMSContentEncryptorBuilder(
                                  CMSAlgorithm.DES_EDE3_CBC).setProvider(
                                  AppConfigurations.PROVIDER).build());
          CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
          ContentSigner sha1Signer = new JcaContentSignerBuilder(
                  AppConfigurations.SIGNATUREALGO).setProvider(
                  AppConfigurations.PROVIDER).build(privateKeyRA);
          List<X509Certificate> certList = new ArrayList<X509Certificate>();
          CMSTypedData cmsByteArray = new CMSProcessableByteArray(
                  envelopedData.getEncoded());
          certList.add(certRA);
          Store certs = new JcaCertStore(certList);
          gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(
                  new JcaDigestCalculatorProviderBuilder().setProvider(
                          AppConfigurations.PROVIDER).build()).build(
                  sha1Signer, certRA));
          gen.addCertificates(certs);
          CMSSignedData sigData = gen.generate(cmsByteArray, true);
          return sigData.getEncoded();
  The returned result here will be output in to the servlet output stream with the content type "application/x-pki-message".
  It seems I get the CSR properly and I generate the X509Certificate using following code.
  public static X509Certificate generateCertificateFromCSR(
          PrivateKey privateKey, PKCS10CertificationRequest request,
          String issueSubject) throws Exception {
      Calendar targetDate1 = Calendar.getInstance();
      targetDate1.setTime(new Date());
      targetDate1.add(Calendar.DAY_OF_MONTH, -1);
      Calendar targetDate2 = Calendar.getInstance();
      targetDate2.setTime(new Date());
      targetDate2.add(Calendar.YEAR, 2);
      // yesterday
      Date validityBeginDate = targetDate1.getTime();
      // in 2 years
      Date validityEndDate = targetDate2.getTime();
      X509v3CertificateBuilder certGen = new X509v3CertificateBuilder(
              new X500Name(issueSubject), BigInteger.valueOf(System
                      .currentTimeMillis()), validityBeginDate,
              validityEndDate, request.getSubject(),
              request.getSubjectPublicKeyInfo());
      certGen.addExtension(X509Extension.keyUsage, true, new KeyUsage(
              KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
      ContentSigner sigGen = new JcaContentSignerBuilder(
              AppConfigurations.SHA256_RSA).setProvider(
              AppConfigurations.PROVIDER).build(privateKey);
      X509Certificate issuedCert = new JcaX509CertificateConverter()
              .setProvider(AppConfigurations.PROVIDER).getCertificate(
                      certGen.build(sigGen));
      return issuedCert;
  The generated certificate commonn name is,
  Common Name: mdm(88094024-2372-4c9f-9c87-fa814011c525)
  Issuer: mycompany Root CA (93a7d1a0-130b-42b8-bbd6-728f7c1837cf), None
  [1] - https://developer.apple.com/library/ios/documentation/NetworkingInternet/Concept ual/iPhoneOTAConfiguration/Introduction/Introduction.html

  I am in the process of writing an open source iOS mobile device management module in Java. For this I am referring the Apple provided Ruby code at [1]. I have set this up and it works fine for me. Now I need to convert this code to Java. So far I have accomplished to do that up to PKIOperation. In the PKI operation I get "The SCEP server returned an invalid response" which I believe is due to wrong response I sent to device upon PKIOperation.
  However when I do search on the internet I get this is something to do with the "maxHttpHeaderSize" as I am using the server as Apache Tomcat. Although I increase that since still it does not get resolved.
  Here is the code I need to convert - taken from Apple provided Ruby script
  if query['operation'] == "PKIOperation"
      p7sign = OpenSSL::PKCS7::PKCS7.new(req.body)
      store = OpenSSL::X509::Store.new
      p7sign.verify(nil, store, nil, OpenSSL::PKCS7::NOVERIFY)
      signers = p7sign.signers
      p7enc = OpenSSL::PKCS7::PKCS7.new(p7sign.data)
      csr = p7enc.decrypt(@@ra_key, @@ra_cert)
      cert = issueCert(csr, 1)
      degenerate_pkcs7 = OpenSSL::PKCS7::PKCS7.new()
      degenerate_pkcs7.type="signed"
      degenerate_pkcs7.certificates=[cert]
      enc_cert = OpenSSL::PKCS7.encrypt(p7sign.certificates, degenerate_pkcs7.to_der,
          OpenSSL::Cipher::Cipher::new("des-ede3-cbc"), OpenSSL::PKCS7::BINARY)
      reply = OpenSSL::PKCS7.sign(@@ra_cert, @@ra_key, enc_cert.to_der, [], OpenSSL::PKCS7::BINARY)
      res['Content-Type'] = "application/x-pki-message"
      res.body = reply.to_der
  end
  So this is how I written this in Java using Bouncycastle library.
  X509Certificate generatedCertificate = generateCertificateFromCSR(
                  privateKeyCA, certRequest, certCA.getIssuerX500Principal()
                          .getName());
          CMSTypedData msg = new CMSProcessableByteArray(
                  generatedCertificate.getEncoded());
          CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
          edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(
                  receivedCert).setProvider(AppConfigurations.PROVIDER));
          CMSEnvelopedData envelopedData = edGen
                  .generate(
                          msg,
                          new JceCMSContentEncryptorBuilder(
                                  CMSAlgorithm.DES_EDE3_CBC).setProvider(
                                  AppConfigurations.PROVIDER).build());
          CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
          ContentSigner sha1Signer = new JcaContentSignerBuilder(
                  AppConfigurations.SIGNATUREALGO).setProvider(
                  AppConfigurations.PROVIDER).build(privateKeyRA);
          List<X509Certificate> certList = new ArrayList<X509Certificate>();
          CMSTypedData cmsByteArray = new CMSProcessableByteArray(
                  envelopedData.getEncoded());
          certList.add(certRA);
          Store certs = new JcaCertStore(certList);
          gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(
                  new JcaDigestCalculatorProviderBuilder().setProvider(
                          AppConfigurations.PROVIDER).build()).build(
                  sha1Signer, certRA));
          gen.addCertificates(certs);
          CMSSignedData sigData = gen.generate(cmsByteArray, true);
          return sigData.getEncoded();
  The returned result here will be output in to the servlet output stream with the content type "application/x-pki-message".
  It seems I get the CSR properly and I generate the X509Certificate using following code.
  public static X509Certificate generateCertificateFromCSR(
          PrivateKey privateKey, PKCS10CertificationRequest request,
          String issueSubject) throws Exception {
      Calendar targetDate1 = Calendar.getInstance();
      targetDate1.setTime(new Date());
      targetDate1.add(Calendar.DAY_OF_MONTH, -1);
      Calendar targetDate2 = Calendar.getInstance();
      targetDate2.setTime(new Date());
      targetDate2.add(Calendar.YEAR, 2);
      // yesterday
      Date validityBeginDate = targetDate1.getTime();
      // in 2 years
      Date validityEndDate = targetDate2.getTime();
      X509v3CertificateBuilder certGen = new X509v3CertificateBuilder(
              new X500Name(issueSubject), BigInteger.valueOf(System
                      .currentTimeMillis()), validityBeginDate,
              validityEndDate, request.getSubject(),
              request.getSubjectPublicKeyInfo());
      certGen.addExtension(X509Extension.keyUsage, true, new KeyUsage(
              KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
      ContentSigner sigGen = new JcaContentSignerBuilder(
              AppConfigurations.SHA256_RSA).setProvider(
              AppConfigurations.PROVIDER).build(privateKey);
      X509Certificate issuedCert = new JcaX509CertificateConverter()
              .setProvider(AppConfigurations.PROVIDER).getCertificate(
                      certGen.build(sigGen));
      return issuedCert;
  The generated certificate commonn name is,
  Common Name: mdm(88094024-2372-4c9f-9c87-fa814011c525)
  Issuer: mycompany Root CA (93a7d1a0-130b-42b8-bbd6-728f7c1837cf), None
  [1] - https://developer.apple.com/library/ios/documentation/NetworkingInternet/Concept ual/iPhoneOTAConfiguration/Introduction/Introduction.html

• The SCEP server returned an invalid response.

  Hello
  We are trying to enroll iPhone 3GS device with iOS 4.1 to be used with MDM. For SCEP server we use MSCEP in Windows Server 2008. We can't get over "Enrolling Certificate" step because it always fails with message "The SCEP server returned an invalid response.". How can we get more details? Analyzing captured HTTP stream revealed no issues.
  Thanks in advance for any help.
  frustrated Martin

  We are testing in LAN and have configured our router to translate some domains to our local IPs. Could this be a problem? In payloads there are no IP addresses but these local domains.
  It looks CA is issued the certificate, you might seen that from cert manger console. I don't see any obvious reason why cert got rejected by iPhone. (May be some one experts from apple can find from following dump) Anyway I suggest following option to you.
  1) try with http if you are using https
  2) install CA cert to phone and try again
  3) check time between server and phone
  4) try to change default scep issue template to issue 2048 key.
  5) double check finger print(in SCEP profile) you config with ca cert.
  Followings are SCEP PKI Message dump:
  PKCS7 Message:
  CMSG_SIGNED(2)
  CMSGSIGNED_DATA_PKCS_1_5VERSION(1)
  Content Type: 1.2.840.113549.1.7.1 PKCS 7 Data
  PKCS7 Message Content:
  ================ Begin Nesting Level 1 ================
  PKCS7 Message:
  CMSG_ENVELOPED(3)
  CMSGENVELOPED_DATA_PKCS_1_5VERSION(0)
  Content Type: 1.2.840.113549.1.7.1 PKCS 7 Data
  Content Encryption Algorithm:
  Algorithm ObjectId: 1.3.14.3.2.7 des
  Algorithm Parameters:
  04 08 ed 76 05 85 cc 10 e0 71
  04 08 ed 76 05 85 cc 10 e0 71
  PKCS7 Message Content:
  0000 30 00 6d 16 ce 8c 77 04 cd e4 e0 3d 33 9c 86 84 0.m...w....=3...
  0010 36 6c 1c 4c e7 32 b1 8b ae 12 74 1d 2b bf 5a 52 6l.L.2....t.+.ZR
  0020 3d e2 34 8c e7 e5 cf 98 35 a3 fa e7 47 da 7e eb =.4.....5...G.~.
  0030 02 dd 68 23 de 37 92 c6 91 3a 1e b5 1b 61 5f 98 ..h#.7...:...a_.
  0040 50 d3 27 de b5 bf 61 93 b7 ac 54 c9 c6 16 d0 8c P.'...a...T.....
  0050 89 2e 92 ba 6d 52 d7 de 80 98 ad 2d ce b0 5e 5a ....mR.....-..^Z
  0060 79 b4 e2 6f 7b c6 e6 13 4b b7 f4 81 f5 45 d8 3d y..o{...K....E.=
  0070 c7 29 7c ca 78 34 ff 47 dc d1 fc 21 8c aa 43 3a .)|.x4.G...!..C:
  0080 29 52 15 60 fb 37 54 46 aa a9 11 98 ef af b5 58 )R.`.7TF.......X
  0090 e0 21 4d 99 10 2b 00 b3 44 df d9 fa e3 df 98 5c .!M..+..D......\
  00a0 69 06 f9 92 5c d5 a3 32 97 ed 9c 1b 19 55 be 57 i...\..2.....U.W
  00b0 85 53 df 71 87 f1 8b 62 0e b8 f7 7d 6b 47 d4 99 .S.q...b...}kG..
  00c0 c0 47 f9 bb 7e 57 76 4f 55 a8 59 de b2 77 88 cc .G..~WvOU.Y..w..
  00d0 e5 a7 02 de af 44 3c fb ab b9 0d ee 87 78 66 a4 .....D<......xf.
  00e0 aa bc 5f 3b 90 56 90 2b c9 0f de 46 05 9c ed 9b .._;.V.+...F....
  00f0 b4 a1 64 f5 5e 57 a0 d5 75 46 da 35 1e 79 d9 79 ..d.^W..uF.5.y.y
  0100 1c a9 35 d1 12 47 7a de 99 d6 cc b8 a8 71 1c 72 ..5..Gz......q.r
  0110 f3 28 a0 1f 44 62 8d 17 23 c1 8e 2c a1 19 3d 57 .(..Db..#..,..=W
  0120 4b 12 ac 81 d2 14 6f da 67 47 25 32 05 1f 2b c3 K.....o.gG%2..+.
  0130 1d 7d 2c 97 95 1b ee 6e f2 b5 36 7f 69 ea f4 c0 .},....n..6.i...
  0140 b5 88 61 f7 26 db 44 13 6c ef da 8d 78 6c bd c3 ..a.&.D.l...xl..
  0150 6e 45 41 7b 79 d3 92 c8 5e fd b0 1d 9c 0e ea ee nEA{y...^.......
  0160 98 58 6b a8 5f c3 f4 90 16 87 9a 49 c6 99 9b fe .Xk._......I....
  0170 0c d8 0a 45 ce 4e 28 59 cf 43 b1 f9 c4 d5 3b e2 ...E.N(Y.C....;.
  0180 70 69 c8 ca 0e 16 2f ff 7a 3e 76 d6 dd 7e e9 86 pi..../.z>v..~..
  0190 13 a3 8b 66 f8 92 6e f1 84 9b 2d 8c 89 ab d7 3a ...f..n...-....:
  01a0 e9 ca 08 2a 68 76 ed f3 70 ac 52 e7 e6 7e b1 28 ...*hv..p.R..~.(
  01b0 9e 0b 5d 8b 09 54 a7 60 9b 7c 4b 0d 94 76 55 0e ..]..T.`.|K..vU.
  No Signer
  Recipient Count: 1
  Recipient Info[0]:
  CMSGKEY_TRANSRECIPIENT(1)
  CERTID_ISSUER_SERIALNUMBER(1)
  Serial Number: 61047aca000000000003
  Issuer:
  CN=WIN2008SCEP-CA
  No Certificates
  No CRLs
  ---------------- End Nesting Level 1 ----------------
  Signer Count: 1
  Signing Certificate Index: 0
  dwFlags = CAVERIFY_FLAGS_CONSOLETRACE (0x20000000)
  dwFlags = CAVERIFY_FLAGS_DUMPCHAIN (0x40000000)
  ChainFlags = CERTCHAIN_REVOCATION_CHECK_CHAIN_EXCLUDEROOT (0x40000000)
  HCCELOCALMACHINE
  CERTCHAIN_POLICYBASE
  -------- CERTCHAINCONTEXT --------
  ChainContext.dwInfoStatus = CERTTRUST_HAS_PREFERREDISSUER (0x100)
  ChainContext.dwErrorStatus = CERTTRUST_IS_UNTRUSTEDROOT (0x20)
  SimpleChain.dwInfoStatus = CERTTRUST_HAS_PREFERREDISSUER (0x100)
  SimpleChain.dwErrorStatus = CERTTRUST_IS_UNTRUSTEDROOT (0x20)
  CertContext[0][0]: dwInfoStatus=10c dwErrorStatus=20
  Issuer: CN=14EED8E8-BD0C-4CD9-990D-44A99B7DC6BC
  NotBefore: 10/26/2010 1:14 AM
  NotAfter: 10/26/2011 1:14 AM
  Subject: CN=14EED8E8-BD0C-4CD9-990D-44A99B7DC6BC
  Serial: 01
  11 b2 27 ec d3 e5 81 d7 35 f4 a2 fd 82 24 7e a4 c2 e3 3b 9c
  Element.dwInfoStatus = CERTTRUST_HAS_NAME_MATCHISSUER (0x4)
  Element.dwInfoStatus = CERTTRUST_IS_SELFSIGNED (0x8)
  Element.dwInfoStatus = CERTTRUST_HAS_PREFERREDISSUER (0x100)
  Element.dwErrorStatus = CERTTRUST_IS_UNTRUSTEDROOT (0x20)
  Exclude leaf cert:
  da 39 a3 ee 5e 6b 4b 0d 32 55 bf ef 95 60 18 90 af d8 07 09
  Full chain:
  11 b2 27 ec d3 e5 81 d7 35 f4 a2 fd 82 24 7e a4 c2 e3 3b 9c
  Issuer: CN=14EED8E8-BD0C-4CD9-990D-44A99B7DC6BC
  NotBefore: 10/26/2010 1:14 AM
  NotAfter: 10/26/2011 1:14 AM
  Subject: CN=14EED8E8-BD0C-4CD9-990D-44A99B7DC6BC
  Serial: 01
  11 b2 27 ec d3 e5 81 d7 35 f4 a2 fd 82 24 7e a4 c2 e3 3b 9c
  A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 0x800b01
  09 (-2146762487)
  Verifies against UNTRUSTED root
  Signer Info[0]:
  Signature matches Public Key
  CMSGSIGNER_INFO_PKCS_1_5VERSION(1)
  CERTID_ISSUER_SERIALNUMBER(1)
  Serial Number: 01
  Issuer:
  CN=14EED8E8-BD0C-4CD9-990D-44A99B7DC6BC
  Subject:
  CN=14EED8E8-BD0C-4CD9-990D-44A99B7DC6BC
  Hash Algorithm:
  Algorithm ObjectId: 1.2.840.113549.2.5 md5 (md5NoSign)
  Algorithm Parameters: NULL
  Encrypted Hash Algorithm:
  Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA
  Algorithm Parameters: NULL
  Encrypted Hash:
  0000 2a 49 b0 b9 6e a0 0b f3 db 14 7d 0d f9 fd 89 25
  0010 b1 fe ad 44 6b 79 c5 31 1a 70 a0 71 d3 bf 22 07
  0020 b5 e3 5b 37 cd ee 63 9a 5b ed 85 d5 d8 fb 44 51
  0030 5c 80 a4 cf 53 78 f0 b4 b7 63 57 fa f1 f9 9d 5d
  0040 fb 4f 22 c7 f4 fb 34 65 1a e2 b1 cd ea b0 45 ab
  0050 af ca 09 bf da 92 ea eb 10 3f 04 e5 2c a3 ae 34
  0060 9a a1 50 67 27 a0 c5 aa d5 29 45 71 40 d1 73 cb
  0070 53 69 5d fa 14 1d db b8 df a2 13 20 e6 da 7a 16
  Authenticated Attributes[0]:
  6 attributes:
  Attribute[0]: 2.16.840.1.113733.1.9.2
  Value[0][0]:
  Unknown Attribute type
  0000 13 02 31 39 ..19
  0000: 13 02 ; PRINTABLE_STRING (2 Bytes)
  0002: 31 39 ; 19
  ; "19"
  Attribute[1]: 1.2.840.113549.1.9.3 (Content Type)
  Value[1][0]:
  Unknown Attribute type
  1.2.840.113549.1.7.1 PKCS 7 Data
  0000 06 09 2a 86 48 86 f7 0d 01 07 01 ..*.H......
  0000: 06 09 ; OBJECT_ID (9 Bytes)
  0002: 2a 86 48 86 f7 0d 01 07 01
  ; 1.2.840.113549.1.7.1 PKCS 7 Data
  Attribute[2]: 1.2.840.113549.1.9.5 (Signing Time)
  Value[2][0]:
  Unknown Attribute type
  Signing Time: 10/26/2010 1:14 AM
  0000 17 0d 31 30 31 30 32 36 30 38 31 34 32 39 5a ..101026081429Z
  0000: 17 0d ; UTC_TIME (d Bytes)
  0002: 31 30 31 30 32 36 30 38 31 34 32 39 5a ; 101026081429Z
  ; 10/26/2010 1:14 AM
  Attribute[3]: 1.2.840.113549.1.9.4 (Message Digest)
  Value[3][0]:
  Unknown Attribute type
  Message Digest:
  c3 01 9e 56 65 b3 08 20 d4 22 f3 73 1a 3a 06 b7
  0000 04 10 c3 01 9e 56 65 b3 08 20 d4 22 f3 73 1a 3a .....Ve.. .".s.:
  0010 06 b7 ..
  0000: 04 10 ; OCTET_STRING (10 Bytes)
  0002: c3 01 9e 56 65 b3 08 20 d4 22 f3 73 1a 3a 06 b7 ; ...Ve.. .".s.:..
  Attribute[4]: 2.16.840.1.113733.1.9.5
  Value[4][0]:
  Unknown Attribute type
  0000 04 10 91 73 92 a0 d5 02 e3 89 2c 2c ab 31 dc 35 ...s......,,.1.5
  0010 78 69 xi
  0000: 04 10 ; OCTET_STRING (10 Bytes)
  0002: 91 73 92 a0 d5 02 e3 89 2c 2c ab 31 dc 35 78 69 ; .s......,,.1.5xi
  Attribute[5]: 2.16.840.1.113733.1.9.7
  Value[5][0]:
  Unknown Attribute type
  0000 13 28 30 38 34 34 36 44 45 31 44 45 37 42 31 41 .(08446DE1DE7B1A
  0010 32 45 38 36 30 33 44 36 43 33 45 42 38 44 33 43 2E8603D6C3EB8D3C
  0020 38 30 44 41 36 30 31 38 31 30 80DA601810
  0000: 13 28 ; PRINTABLE_STRING (28 Bytes)
  0002: 30 38 34 34 36 44 45 31 44 45 37 42 31 41 32 45 ; 08446DE1DE7B1A2E
  0012: 38 36 30 33 44 36 43 33 45 42 38 44 33 43 38 30 ; 8603D6C3EB8D3C80
  0022: 44 41 36 30 31 38 31 30 ; DA601810
  ; "08446DE1DE7B1A2E8603D6C3EB8D3C80DA601810"
  Unauthenticated Attributes[0]:
  0 attributes:
  Computed Hash: 24 92 3c f9 15 fb 4d ad f8 dc f9 08 d3 6c 7d 79
  No Recipient
  Certificates:
  ================ Begin Nesting Level 1 ================
  Element 0:
  X509 Certificate:
  Version: 3
  Serial Number: 01
  01
  Signature Algorithm:
  Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA
  Algorithm Parameters:
  05 00
  Issuer:
  CN=14EED8E8-BD0C-4CD9-990D-44A99B7DC6BC
  [0,0]: CERTRDN_PRINTABLESTRING, Length = 36 (36/64 Characters)
  2.5.4.3 Common Name (CN)="14EED8E8-BD0C-4CD9-990D-44A99B7DC6BC"
  31 34 45 45 44 38 45 38 2d 42 44 30 43 2d 34 43 14EED8E8-BD0C-4C
  44 39 2d 39 39 30 44 2d 34 34 41 39 39 42 37 44 D9-990D-44A99B7D
  43 36 42 43 C6BC
  31 00 34 00 45 00 45 00 44 00 38 00 45 00 38 00 1.4.E.E.D.8.E.8.
  2d 00 42 00 44 00 30 00 43 00 2d 00 34 00 43 00 -.B.D.0.C.-.4.C.
  44 00 39 00 2d 00 39 00 39 00 30 00 44 00 2d 00 D.9.-.9.9.0.D.-.
  34 00 34 00 41 00 39 00 39 00 42 00 37 00 44 00 4.4.A.9.9.B.7.D.
  43 00 36 00 42 00 43 00 C.6.B.C.
  NotBefore: 10/26/2010 1:14 AM
  NotAfter: 10/26/2011 1:14 AM
  Subject:
  CN=14EED8E8-BD0C-4CD9-990D-44A99B7DC6BC
  [0,0]: CERTRDN_PRINTABLESTRING, Length = 36 (36/64 Characters)
  2.5.4.3 Common Name (CN)="14EED8E8-BD0C-4CD9-990D-44A99B7DC6BC"
  31 34 45 45 44 38 45 38 2d 42 44 30 43 2d 34 43 14EED8E8-BD0C-4C
  44 39 2d 39 39 30 44 2d 34 34 41 39 39 42 37 44 D9-990D-44A99B7D
  43 36 42 43 C6BC
  31 00 34 00 45 00 45 00 44 00 38 00 45 00 38 00 1.4.E.E.D.8.E.8.
  2d 00 42 00 44 00 30 00 43 00 2d 00 34 00 43 00 -.B.D.0.C.-.4.C.
  44 00 39 00 2d 00 39 00 39 00 30 00 44 00 2d 00 D.9.-.9.9.0.D.-.
  34 00 34 00 41 00 39 00 39 00 42 00 37 00 44 00 4.4.A.9.9.B.7.D.
  43 00 36 00 42 00 43 00 C.6.B.C.
  Public Key Algorithm:
  Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA (RSA_SIGN)
  Algorithm Parameters:
  05 00
  Public Key Length: 1024 bits
  Public Key: UnusedBits = 0
  0000 30 81 88 02 81 80 7c 9f 78 02 50 de 9c 86 88 5b
  0010 9d 4e af cb 70 5e c9 a8 a9 7b 53 c6 29 7b ae 90
  0020 28 92 10 9a af 03 09 da b7 01 a1 15 19 ee 22 35
  0030 f4 45 5d 5a 5b 60 7c ef 98 5b 2d 47 b9 d7 78 c0
  0040 cd 78 1c 63 dd 81 4a b7 d9 6e 2e e8 f4 9d 52 2c
  0050 3a c5 fb c3 d8 9a 6b ef 49 5c fa 53 07 88 c0 e3
  0060 98 a7 88 18 79 41 da f4 33 08 3c 57 a6 f0 5e 4e
  0070 04 c6 8c e6 25 56 70 17 ae 38 49 c2 fd 37 7a 2b
  0080 78 1f 7d 35 12 19 02 03 01 00 01
  Certificate Extensions: 1
  2.5.29.15: Flags = 1(Critical), Length = 4
  Key Usage
  Digital Signature, Key Encipherment (a0)
  0000 03 02 05 a0 ....
  0000: 03 02 ; BIT_STRING (2 Bytes)
  0002: 05
  0003: a0
  Signature Algorithm:
  Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA
  Algorithm Parameters:
  05 00
  Signature: UnusedBits=0
  0000 40 c0 34 02 4c 6d 59 4d 43 21 90 d4 43 e0 69 3b
  0010 83 dc e8 5d b0 9b c9 4f 50 6e 7c a3 8c fb e9 0b
  0020 99 21 40 27 e8 99 f6 83 2d 6a 79 03 c5 a7 2c 0b
  0030 f3 d7 5a 7c 45 2c 7d af 13 a1 02 e7 3a d4 0c 41
  0040 4f b6 42 b9 c9 d3 ec f0 33 a9 92 cf 0b ba d4 46
  0050 b0 04 b6 99 a4 c1 92 c2 3b 3c 1e d9 e4 ed 09 ca
  0060 27 c3 74 ba 68 93 a9 65 a3 7a 1a 4e c3 a5 51 f6
  0070 8e 06 94 76 b4 c3 af 55 0f 7b b5 05 36 55 fd 1e
  Signature matches Public Key
  Root Certificate: Subject matches Issuer
  Key Id Hash(rfc-sha1): 08 44 6d e1 de 7b 1a 2e 86 03 d6 c3 eb 8d 3c 80 da 60 18 10
  Key Id Hash(sha1): 21 cd df fe 7c 70 f9 0d 38 cd f5 30 e9 62 3f 7d 8a 7c bf 8b
  Cert Hash(md5): 6e 8e c8 90 f7 e5 a6 0d a4 e3 4c 4f 38 28 75 1b
  Cert Hash(sha1): 11 b2 27 ec d3 e5 81 d7 35 f4 a2 fd 82 24 7e a4 c2 e3 3b 9c
  ---------------- End Nesting Level 1 ----------------
  No CRLs

• Changed setting to no proxy but not solved problem Proxy Error The proxy server received an invalid response from an upstream server. The proxy server could not handle the request GET /iam/services/setContext. Reason: Error reading from remote server

  This problem only happens with one website when I try to follow hyperlinks to other pages. They have directed me to Firefox troubleshooting section. I have followed the advice there but it has not solved my problem.

  I haven't been able to go on line since 7.01 and up. I have to use ieexplorer. are you idiots or what. I can't even contact you because i have to be in your latest version but i can't get the internet with the latest version. good bye for good

• "The OCSP server returned unexpected/invalid HTTP data"

  In april I posted about this, but the issue still exists. About one in 10 times visits to archlinux.org I get this error in Firefox. The strange thing is that it only happens when I visit archlinux.org not any other site. Could it be some kind of misconfiguration on this site?

  Northrop wrote:As far as I know it's a problem with CACert's OCSP server. They've had a few issues these past days, I keep on getting 403 Unauthorized errors when requesting OCSP. But it's strange only 1 in 10 visits gives you an error, since FF only checks OCSP once per session.
  1 in 10 was just an estimate. It could be that it coincides with the first visit after starting the browser. I sometimes keep the browser open for days, sometimes only minutes so I wasn't sure.

• The remote server returned an error: (401) Unauthorized error while using Microsoft.SharePoint.Client.dll

  I have access to sharepoint site and I have tested this by manually creating the lists and announcements in the sharepoint site.
  now the same thing when I try to do it through the c#.net code it always gives me the following :
  "An unhandled exception of type 'System.Net.WebException' occurred in
  Microsoft.SharePoint.Client.dll Additional information: The remote server returned an error:
  (401) Unauthorized."
  My code looks like below:
  string userName = "[email protected]";
  SecureString password = new SecureString();
  foreach (char c in "abc123".ToCharArray()) password.AppendChar(c);
  using (var context = new ClientContext("https://sharepoint.partners.extranet.adlabs.com/sites/UniTest"))
  context.Credentials = new SharePointOnlineCredentials(userName, password);
  context.Load(context.Web, w => w.Title);
  context.ExecuteQuery();
  Krrishna

  Hi Krrishna,
  You code is used to access SharePoint Online, if you are use SharePoint 2007, we can use SharePoint web service or custom web service to achieve your requirement. 
  Lists Web Service
  http://msdn.microsoft.com/en-us/library/lists(v=office.12).aspx
  Creating a Custom Web Service
  http://msdn.microsoft.com/en-us/library/ms464040(v=office.12).aspx
  About SharePoint 2007(MOSS 2007), you can also post it to the forum below, you will get more help and confirmed answers there.
  https://social.technet.microsoft.com/Forums/en-US/home?forum=sharepointdevelopmentlegacy
  Thanks,
  Dennis Guo
  TechNet Community Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Dennis Guo
  TechNet Community Support

• Provider-hosted Apps debug error: The remote server returned an error: (401) unauthorised

  Hi,
  Any help appreciated!!
  I'm getting this error: "The remote server returned an error: (401) unauthorised when I debug a provider-hosted app.  I get the error on this line:  
  HttpWebResponse response = (HttpWebResponse)request.GetResponse();
  See code below
  I created a high trust development environment following the instructions provided here:
  http://msdn.microsoft.com/en-us/library/office/fp179901(v=office.15).aspx and
  http://msdn.microsoft.com/library/office/fp179923
  I created a provider-hosted app with the intent to:
  create a SharePoint list in the appweb
  Use self-signed certificate, tokenhepler.cs and sharepointcontext.cs to retrieve current user context and access on SharePoint.  (No changes were made to tokenhelper.cs and sharepointcontext.cs)
  retrieve list items from the SharePoint list in a button click event handler on a default.aspx of the remote web
  What happens:
  The app is deployed successfully to the Dev site
  The SharePoint feature is deployed and activated
  The default.aspx page of the remote web loads
  The error (see image) is returned on clicking of the button
  My environment is an on-premise SharePoint 2013 with AD and my dev box is standalone windows 8.1 running Visual Studio Professional 2013 Update 3.
  The code block below is a copy of the default.aspx code-behind
  using System;
  using System.Collections.Generic;
  using System.Linq;
  using System.Web;
  using System.Web.UI;
  using System.Web.UI.WebControls;
  using Microsoft.SharePoint.Client;
  using Microsoft.IdentityModel.S2S.Tokens;
  using System.Net;
  using System.IO;
  using System.Xml;
  using System.Data;
  using System.Xml.Linq;
  using System.Xml.XPath;
  namespace Idea.GeneratorWeb
  public partial class Default : System.Web.UI.Page
  SharePointContextToken contextToken;
  string accessToken;
  Uri sharepointUrl;
  protected void Page_PreInit(object sender, EventArgs e)
  Uri redirectUrl;
  switch (SharePointContextProvider.CheckRedirectionStatus(Context, out redirectUrl))
  case RedirectionStatus.Ok:
  return;
  case RedirectionStatus.ShouldRedirect:
  Response.Redirect(redirectUrl.AbsoluteUri, endResponse: true);
  break;
  case RedirectionStatus.CanNotRedirect:
  Response.Write("An error occurred while processing your request.");
  Response.End();
  break;
  protected void Page_Load(object sender, EventArgs e)
  //// The following code gets the client context and Title property by using TokenHelper.
  //// To access other properties, the app may need to request permissions on the host web.
  var spContext = SharePointContextProvider.Current.GetSharePointContext(Context);
  //var spContext = new ClientContext("MySPDevInstance");
  //spContext.Credentials = new NetworkCredential("username", "password");
  //using (var clientContext = spContext.CreateUserClientContextForSPHost())
  // clientContext.Load(clientContext.Web, web => web.Title);
  // clientContext.ExecuteQuery();
  // Response.Write(clientContext.Web.Title);
  string contextTokenString = TokenHelper.GetContextTokenFromRequest(Request);
  if (contextTokenString != null)
  // Get context token
  contextToken = TokenHelper.ReadAndValidateContextToken(contextTokenString, Request.Url.Authority);
  // Get access token
  sharepointUrl = new Uri(Request.QueryString["SPAppWebUrl"]);
  accessToken = TokenHelper.GetAccessToken(contextToken, sharepointUrl.Authority).AccessToken;
  // Pass the access token to the button event handler.
  Button1.CommandArgument = accessToken;
  protected void Button1_Click(object sender, EventArgs e)
  // Retrieve the access token that the Page_Load method stored
  // in the button's command argument.
  string accessToken = ((Button)sender).CommandArgument;
  if (IsPostBack)
  sharepointUrl = new Uri(Request.QueryString["SPAppWebUrl"]);
  // REST/OData URL section
  string oDataUrl = "/_api/Web/lists/getbytitle('Diagrams In Idea Generator')/items?$select=Title,Diagram,SharingStatus";
  // HTTP Request and Response construction section
  HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(sharepointUrl.ToString() + oDataUrl);
  request.Method = "GET";
  request.Accept = "application/atom+xml";
  request.ContentType = "application/atom+xml;type=entry";
  request.Headers.Add("Authorization", "Bearer " + accessToken);
  HttpWebResponse response = (HttpWebResponse)request.GetResponse();
  // Response markup parsing section
  XDocument oDataXML = XDocument.Load(response.GetResponseStream(), LoadOptions.None);
  XNamespace atom = "http://www.w3.org/2005/Atom";
  XNamespace d = "http://schemas.microsoft.com/ado/2007/08/dataservices";
  XNamespace m = "http://schemas.microsoft.com/ado/2007/08/dataservices/metadata";
  List<XElement> entries = oDataXML.Descendants(atom + "entry")
  .Elements(atom + "content")
  .Elements(m + "properties")
  .ToList();
  var entryFieldValues = from entry in entries
  select new
  Character = entry.Element(d + "Title").Value,
  Actor = entry.Element(d + "Diagram").Value,
  CastingStatus = entry.Element(d + "SharingStatus").Value
  GridView1.DataSource = entryFieldValues;
  GridView1.DataBind();
  Any ideas what I might be doing wrong

  Hi ,
  Use the below code
  Public string GetAccessToken(){
  string sharePointSiteUrlHost =  Page.Request["SPHostUrl"].Tostring();
  string AccessToken = tokenHelper.GetS2SAccessTokenWithWindowsIdentity(sharePointSiteUrlHost, Request.LogonUserIdentity);
  return accessToken;
  Than initialize the ClientCOntext with the below Method
   private static ClientContext GetClientContextWithAccessTokenString(string targetUrl, object accessToken)
              ClientContext clientContext = new ClientContext(targetUrl);
              clientContext.AuthenticationMode = ClientAuthenticationMode.Anonymous;
              clientContext.FormDigestHandlingEnabled = false;
              clientContext.ExecutingWebRequest +=
                  delegate(object oSender, WebRequestEventArgs webRequestEventArgs)
                      webRequestEventArgs.WebRequestExecutor.WebRequest.UserAgent = "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)";
                      webRequestEventArgs.WebRequestExecutor.RequestHeaders["Authorization"] =
                          "Bearer " + accessToken;
              return clientContext;
  use this clientCOntext and it will work.
  Do not use
  SharePointContextProvider
  Whenever you see a reply and if you think is helpful,Vote As Helpful! And whenever you see a reply being an answer to the question of the thread, click Mark As Answer

• Getting "The remote server returned an error 503 server unavailable" in azure web jobs

  I have created one web
  job - on demand schedule under azure web site.  This web jobs contains .execmd(i.e.)
  Console Application.
  I am retrieving the data from SQL Azure database and uploaded the data in sharepoint online lists. (i.e.)I have uploaded the data to several(7) lists in each subsites. I have 3 subsites. 
  I am getting this error "The remote server returned an error 503 server unavailable", while uploaded the data into lists. 
  Full Error Message:
  Message - The remote server returned an error 503 server unavailable.
  StackTrace -    at System.Net.HttpWebRequest.GetResponse()
  > cc525c: INFO]    at Microsoft.SharePoint.Client.SPWebRequestExecutor.Execute()
  > cc525c: INFO]    at Microsoft.SharePoint.Client.ClientRequest.ExecuteQueryToServer(ChunkStringBuilder sb)
  > cc525c: INFO]    at Microsoft.SharePoint.Client.ClientRequest.ExecuteQuery()
  > cc525c: INFO]    at Microsoft.SharePoint.Client.ClientRuntimeContext.ExecuteQuery()
  > cc525c: INFO]    at Microsoft.SharePoint.Client.ClientContext.ExecuteQuery()
  This is not occur every time. Some time i didn't get any error data successfully uploaded in share point online list.
  Totally 4 hours taken uploaded the data into list for completed all 3 subsites. 
  If anyone know how to resolve this.
  Thanks,
  A.Ramu

  Hi,
  Per my understanding, there is an issue when uploading data from SQL Azure database to a SharePoint list in Online environment.
  For narrowing down the issue, I suggest you create a Console Application in Visual Studio without accessing the SQL Azure database and upload some sample data to the same SharePoint
  list to see if the issue still occurs intermittently.
  Thanks
  Patrick Liang
  TechNet Community Support
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
  [email protected]

• Powershell Error for SharePoint Online -"The remote server returned an error: (407) Proxy Authentication Required."

  I am trying to call sharepoint online from powershell. Below is the code. I get 
  Exception calling "ExecuteQuery" with "0" argument(s): "The remote server returned an error: (407) Proxy Authentication Required."
  $loadInfo1 = [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client")
  $loadInfo2 = [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client.Runtime")
  $webUrl = "ZZZZ"
  $username = "XXX"
  $password = "YYYY"
  $ctx = New-Object Microsoft.SharePoint.Client.ClientContext($webUrl) 
  $ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($username, $password)
  $web = $ctx.Web
  $lists = $web.Lists 
  $ctx.Load($lists)
  $ctx.ExecuteQuery()
  $lists| select -Property Title
  Raj-Shpt

  Hi,
  About how to access SharePoint online site using PowerShell, the blog below would be helpful:
  http://social.technet.microsoft.com/wiki/contents/articles/29518.csom-sharepoint-powershell-reference-and-example-codes.aspx
  Another two demos for your reference:
  http://www.hartsteve.com/2013/06/sharepoint-online-powershell/
  http://www.sharepointnutsandbolts.com/2013/12/Using-CSOM-in-PowerShell-scripts-with-Office365.html
  Thanks
  TechNet Community Support
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
  [email protected]

• The remote server returned an error: (503) Server Unavailable in search service

  Hi
  I got this error message: when applying toplogy to search service
  I am applying admin component : SPINDEX Server
  crawl component-0 to : same index server spindex server
  in sharepoint farm has
  1 applicationserver
  1 index server
  1 wfe server
  1 db server
  I prepared like this try to configure search service on index server
  Microsoft.Office.Server.Search.Administration.SearchConfigWizard+SearchConfigWizardException: Topology provisioning failed due to an error.Object reference not set to an instance of an object. at Microsoft.Office.Server.Search.Administration.SearchConfigWizard.WaitForTopologyTimerJobToFinish()
  at Microsoft.Office.Server.Search.Administration.SearchConfigWizard.UpdateSearchApp() at Microsoft.Office.Server.Search.Administration.SearchConfigWizard.ProvisionSearchServiceApplication() at Microsoft.Office.Server.Search.Administration.SearchConfigurationJobDefinition.ExecuteTimerJob()
  in the event viewer I get this error
  Application Server Administration job failed for service instance Microsoft.Office.Server.Search.Administration.SearchServiceInstance (e8ab042b-f884-4957-b328-631ba8bcb4a1).
  Reason: The remote server returned an error: (503) Server Unavailable.
  Technical Support Details:
  System.Net.WebException: The remote server returned an error: (503) Server Unavailable.
     at Microsoft.Office.Server.Search.Administration.SearchServiceInstance.Synchronize()
     at Microsoft.Office.Server.Administration.ApplicationServerJob.ProvisionLocalSharedServiceInstances(Boolean isAdministrationServiceJob)
  adil

  Hi
  when  i set  crawl component,administration component to local computer  search service working properly
  but when i scale out search service application
  change above components  to diffrent server i get following error
  Errors were encountered during the
  configuration of the Search Service Application.
  Microsoft.Office.Server.Search.Administration.SearchConfigWizard+SearchConfigWizardException:
  Topology provisioning failed due to an error.Object reference not set to an
  instance of an object. at
  Microsoft.Office.Server.Search.Administration.SearchConfigWizard.WaitForTopologyTimerJobToFinish()
  at
  Microsoft.Office.Server.Search.Administration.SearchConfigWizard.UpdateSearchApp()
  at
  Microsoft.Office.Server.Search.Administration.SearchConfigWizard.ProvisionSearchServiceApplication()
  at
  Microsoft.Office.Server.Search.Administration.SearchConfigurationJobDefinition.ExecuteTimerJob()
  3/23/2014
  10:32:20 AM
  and in event viewer
  Application Server Administration job failed for service instance Microsoft.Office.Server.Search.Administration.SearchServiceInstance (e8ab042b-f884-4957-b328-631ba8bcb4a1).
  Reason: The remote server returned an error: (503) Server Unavailable.
  Technical Support Details:
  System.Net.WebException: The remote server returned an error: (503) Server Unavailable.
     at Microsoft.Office.Server.Search.Administration.SearchServiceInstance.Synchronize()
     at Microsoft.Office.Server.Administration.ApplicationServerJob.ProvisionLocalSharedServiceInstances(Boolean isAdministrationServiceJob)
  adil

• Error occurred in deployment step 'Uninstall app for SharePoint': The remote server returned an error: (502) Bad Gateway.

  Installed SP 2013 Foundation in my Hyper-V machine
  Created and done all the steps mentioned here http://blogs.msdn.com/b/shariq/archive/2013/05/07/how-to-set-up-high-trust-apps-for-sharepoint-2013-amp-troubleshooting-tips.aspx && http://msdn.microsoft.com/en-us/library/office/fp179901%28v=office.15%29.aspx
  for self signed certificate
  copied those two certificates in my local machine(base machine) D drive
  (D:\Cert)
  Both VM and base machine are in same domain
  Installed VS 2013 in my base machine and create a Provided hosted app with the copied certificates, (For creation i followed the above mentioned URL)
  Just created and hit F5 to run in my base machine, but getting this error
  Error occurred in deployment step 'Uninstall app for SharePoint': The remote server returned an error: (502) Bad Gateway.
  Please help me to resolve this issue, trying to figure out from last 2 days
  Thanks in Advance
  Arun

  Hi Harminder,
  This happens because an app has already been deployed and you are deploying it again using the same version.
  Resolution:
  Open the AppManifest.xml file and change the version.
  Vivek Jagga - MCTS SharePoint
  SharePointExcellence

• The remote server returned an error: (503) Server Unavailable In SharePoint 2010.

  I created a web app with claims based authentication ,
  basiclly i follwe this blog
  http://donalconlon.wordpress.com/2010/02/23/configuring-forms-base-authentication-for-sharepoint-2010-using-iis7/
  but when i login it throws 503 error
  Server Error in '/' Application.
  The remote server returned an error: (503) Server Unavailable.
  Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
  Exception Details: System.Net.WebException: The remote server returned an error: (503) Server Unavailable.
  Source Error:
  An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
  Stack Trace:
  [WebException: The remote server returned an error: (503) Server Unavailable.]
  System.Net.HttpWebRequest.GetResponse() +1126
  System.ServiceModel.Channels.HttpChannelRequest.WaitForReply(TimeSpan timeout) +81
  [ServerTooBusyException: The HTTP service located at http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc is too busy. ]
  System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) +10258154
  System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) +539
  Microsoft.IdentityModel.Protocols.WSTrust.IWSTrustContract.Issue(Message message) +0
  Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr) +61
  Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst) +36
  Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo) +26062081
  Microsoft.SharePoint.SPSecurityContext.SecurityTokenForLegacyLogin() +270
  Microsoft.SharePoint.IdentityModel.SPWindowsClaimsAuthenticationHttpModule.GetSecurityTokenFromWindowsIdentity(WindowsIdentity windowsIdentity, HttpContext httpContext) +21
  Microsoft.SharePoint.IdentityModel.SPWindowsClaimsAuthenticationHttpModule.AuthenticateRequest(Object sender, EventArgs e) +1176
  System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +80
  System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +171
  any thoughts?
  thanks in advance!
  Share Knowledge and Spread Love!

  Hi ,
  I was also facing the same issue on changing my credentials. This effects the ServiceTokenApplicationPool and other pools related to the Web applications
  To resolve this  follow these :
  1. Open IIS Manager , under Connection section you can see the Name of your site collection(as
  siteCollectionName(Username))
  2. Open SiteCollection , select Application Pools. A new window with your Web application pool names would open.
  3. Right click on web app, select Advance Setting... , under Process Model select Identity 
  4. check for Custom account , click set and enter your Credentials and click
  OK
  Atlast Refresh the IIS manager.
  Thank you.
  Under application pools Do select the ServiceTokenApplicationPool  also and follow steps 3 and 4

• Urgent help On as2 error The remote server returned an error: (500) Internal Server Error.

  hi,
  im configured the as2 partner setup as per this http://msdn.microsoft.com/en-us/library/bb246129(BTS.20).aspx.
  but when im process file , then file try hit partner url goes dyhradated state,then failed. then i got below error.
  The remote server returned an error: (500) Internal Server Error.
  please any help..
  Thanks

  500 server error could be due to anyone of the following reasons:
  Party configuration is wrong. Party properties/configurations have  to be discussed upfront with the source/destination system and have to be in-line with
  them.
  Certificates have to be deployed in correct folders based on      certificate types like private/public/signed etc.
  Firewall (or network components) has to be opened accordingly for parties(systems) to interact. This change has to be done at the both the levels, source and destination.
  If you receive it through HTTPReceive.dll (may uses this for AS2), you have to check its configurations.
  Also 500 error, could occur even if your BizTalk artifacts has not been configured/deployed/enabled properly.
  If this answers your question please mark it accordingly. If this post is helpful, please vote as helpful by clicking the upward arrow mark next to my reply.

• Test-ActiveSyncConnectivity fails with The remote server returned an error: (400) Bad Request.

  Hi all,
  I'm on the process of transition from Exchange 2003 to 2010, everything is going perfectly alright however ActiveSync is bugging me!
  when I try to test activesync I get the following error:
  [PS] C:\>Test-ActiveSyncConnectivity -MailboxCredential $user -TrustAnySSLCertificate |FL
  RunspaceId                  : 136b8f68-26ec-4e29-a5bb-cf5ee816e04b
  LocalSite                   : SITE
  SecureAccess                : True
  VirtualDirectoryName        :
  Url                         :
  UrlType                     : Unknown
  Port                        : 0
  ConnectionType              : Plaintext
  ClientAccessServerShortName : cas01
  LocalSiteShortName          : SITE
  ClientAccessServer          : CASSERVERNAME
  Scenario                    : Options
  ScenarioDescription         : Issue an HTTP OPTIONS command to retrieve the Exchange ActiveSync protocol version.
  PerformanceCounterName      :
  Result                      : Success
  Error                       :
  UserName                    : user1
  StartTime                   : 12/12/2012 1:02:23 PM
  Latency                     : 00:00:00.0312496
  EventType                   : Success
  LatencyInMillisecondsString : 31.25
  Identity                    :
  IsValid                     : True
  RunspaceId                  : 136b8f68-26ec-4e29-a5bb-cf5ee816e04b
  LocalSite                   : Reckon_NS
  SecureAccess                : True
  VirtualDirectoryName        :
  Url                         :
  UrlType                     : Unknown
  Port                        : 0
  ConnectionType              : Plaintext
  ClientAccessServerShortName : CASSERVERNAME
  LocalSiteShortName          : SITE
  ClientAccessServer          : CASSERVERNAME
  Scenario                    : FolderSync
  ScenarioDescription         : Issue a FolderSync command to retrieve the folder hierarchy.
  PerformanceCounterName      : DirectPush Latency
  Result                      : Failure
  Error                       : [System.Net.WebException]: The remote server returned an error: (400) Bad Request.
                                HTTP response headers:
                                MS-Server-ActiveSync: 6.5.7638.1
                                Content-Length: 46
                                Cache-Control: private
                                Content-Type: text/html
                                Date: Wed, 12 Dec 2012 02:02:23 GMT
                                Server: Microsoft-IIS/7.5
                                X-AspNet-Version: 2.0.50727
                                X-Powered-By: ASP.NET
  UserName                    : user1
  StartTime                   : 12/12/2012 1:02:23 PM
  Latency                     : -00:00:01
  EventType                   : Error
  LatencyInMillisecondsString :
  Identity                    :
  IsValid                     : True
  environment: 
  Ex 2003 'Exchange' virtual directory permission: Integrated Windows Authentication, Basic 
  Ex 2003 'OMA' permission: Basic Authentication
  Ex 2003 'ActiveSync' permission: Integrated, Basic
  Ex 2010 successfully redirects users from 2010 to 2003 webmail if you login to OWA with a mailbox on 2003

  Yes Martina,
  It has been done through ESM 
  I cannot test using testexchangeconnectivity.com since I cannot put the 2010 one into production, I will get into trouble if I change the DNS record to the new mail server!
  Yes, EAS works perfectly fine with 2010 mailboxes.
  OK.
  It might be that it's not possible to run Test-ActiveSyncConnectivity against a mailbox stored in Exchange 2003.
  Installing KB937031 and enabling Windows Authentication is really all that needs to be done in EX03, in order for Exchange 2010 to proxy the EAS requests.
  Martina Miskovic

• The remote server returned an error :(401) unauthorized in Provider hosted app deployment

  Hi,
  We are trying to deploy the provider hosted app in server environment . we are getting the "The remote server returned an error :(401) unauthorized" error after deploy the app in server.
  stack Trace:
  [webException:Te remote server returned an error:(401) UnAuthorized.]
  System.Net.HeepWebRequest.GetResponse().
  Followed the same MSDN steps , but sill same error. We have attached the certificate and using the same issuer ID in the app web.config.
  Verified the IIS setting and still getting the same error when we call the "Clientcontext.ExecuteQuery()" method.
  Same code is working fine in my Local dev environment.
  If anyone have idea about this issue, please let me know.
  Thank you,
  Mylsamy

  Hi ,Thank you for your response. We have tried all the options and everything is same (Client ID,Issuer ID...etc) and finally figured out the issue.The below link saved my day.http://msdn.microsoft.com/en-us/library/office/dn762439(v=office.15).aspxIn "TokenHelper.cs" GetRealmFromTargetUrl method always return null andWhen we analyze the issue we found some variable name assigned for "Realm" Instead of GUID in SP server.Power shell command to get the Realm in SP server:  Get-SPAuthenticationRealmWe have followed below article to generate the new GUID for realm.http://technet.microsoft.com/en-us/library/jj219756(v=office.15).aspx$c =Get-SPServiceContext -Site "http://<websiteurl>"Set-SPAuthenticationRealm -ServiceContext $c -Realm "a686d436-9f16-42db-09b7-cb578e110ccd".
  Thankyou,Mylsamy