MFA User Portal Issue

Recently downloaded and installed the Multi-Factor Authentication server software on an on premises Windows 2012 R2 server.  I also installed the User Portal into IIS.  When I access the website for the user portal I am prompted with this error:
Error communicating with the local Multi-Factor Authentication service. Please contact your administrator.
I have looked everywhere for a solution but have not had much luck.  The MFA service is running under the Server Services and I have linked to our AD and synced under Directory Integration.  The user name and password fields are ghosted out so
I can't type in these fields.  Anyone run across this?  IS it an IIS 8 or Windows 2012 R2 issue?  Am I the first person ever to experience this issue?  Any help would be appreciated.

I found a solution for my installation, now it works fine. 
1. Install User Portal
2. Install SDK
3. Create a certificate (I used from a domain root ca) and bind it to the Pages Portal and SDK
4. Configure the web.config
    <add key="USE_WEB_SERVICE_SDK" value="true"/>     <add key="WEB_SERVICE_SDK_AUTHENTICATION_USERNAME"
value="domain\user"/>     <add key="WEB_SERVICE_SDK_AUTHENTICATION_PASSWORD" value="PW"/>
4. Install Windows Authentication on IIS
5. For the Website SDK disable anonymous authentication and enable Windows Authentication 

Similar Messages

  • Azure MFA User Portal - Cannot Connect

    The issue that I am having is that after installing the User Portal, I receive this error message:
    Error communicating with the local Multi-Factor Authentication service. Please contact your administrator.
    I found a recent MSDN forum question titled "MFA User Portal Issue" (I can't link it because I'm still not verified) where another user has a similar issue. In this post, a helpful
    Moderator explains that if the MFA server and the User Portal are installed on the same server, RPC will be utilized. If they are installed on different servers, the Web SDK will need to be configured by editing the Web.Config file. Currently, we have
    only one server which has everything relating to this project installed: an RD Web Portal, the MFA server using IIS, and the User Portal.
    The same error is present on the server itself as well as when I attempt to connect from my workstation. I would like to utilize RPC for the User Portal, if possible.
    I attempted to configure the SDK settings as outlined in the previous linked post, but I am not sure I feel comfortable putting a domain credential with password in plain text. We don't current have a reliable CA, it needs to be rebuilt before we can really
    issue more certs - long story short, it don't work right now.

    If the User Portal can't communicate with the MultiFactorAuth service on the same server via RPC, it is likely a permissions issue. The MultiFactorAuth service only allows identities to communicate with it that either have administrative rights on that server
    or are members of the "PhoneFactor Admins" security group. Installing the User Portal through the MFA Server UX would have tried to create that security group in AD, create a user called pfup_<machine_name>  and assign that user to the
    group. It would have then configured that user as the identity of the MultiFactorAuthUserPortal app pool. If you weren't a domain admin when performing the install, it wouldn't have been able to do all of those steps. They can be performed manually though
    by creating a service account that is a member of a security group called "PhoneFactor Admins". Make that account the Identity of the application pool in Advanced Settings-->Process Model.
    On servers that aren't joined to a domain, the security group and identity are created on the local server instead of in AD.
    One other possibility is that a bug was discovered in v6.3.0 installers that put the User Portal and other web service applications into the DefaultAppPool instead of the appropriate app pools. v6.3.1 was just released last week which addresses this issue and
    puts everything into the correct app pools.
    Since I couldn't even connect to the User Portal with my domain admin account from the server itself, I was pretty sure it was not a permissions issue. After uninstalling the User Portal, installing the 6.3.1 update, and reinstalling the User Portal, it
    suddenly works.
    Glad the bug was fixed!

  • MFA Server - User portal and mobile app web server should be installed where?

    Hi. We are in the process of testing the Multi-Factor Auth server and are currently using it for two-factor authentication to RDS for a couple of users. At the moment we are only using the phone call/text options but I'd like to get the mobile app portion
    working to test.  Also still need to implement the user self-service portal for testing.
    Currently I have a vm that was dedicated to MFA where the Multi-Factor Authentication Server software was installed.  Now though I'm a bit confused as to if its safe to install the user portal and mobile app web service portion on this same machine
    or if they should go on a different server(s)?  Currently the box is internal but I'm guessing if it has also act as the web server we would stick it behind the TMG for external inbound access.  Is external access to the primary MFA server ok? 
    What's the best practice for separation of the MFA roles; or is there none and its fine to just put it altogether? 
    Thanks.

    Hello Col. Forbin,
    Thanks for posting here!
    You have a dedicated MFA server and if you install User Portal on the same server as the MFA Server, it uses RPC to communicate with the MultiFactorAuth service locally.
    If the User Portal is installed on a different server, it must connect via the Web Service SDK. You can use either a username/password of a service account that is a member of the PhoneFactor
    Admins security group, or you can configure client certificates. If using the username/password, you can encrypt the appSettings section of the web.config file if desired.
    Under Inetpub\wwwroot\MultiFactorAuth when you edit the web.config file you need to make sure these values are set.
    USE_WEB_SERVICE_SDK:
    true
    WEB_SERVICE_SDK_AUTHENTICATION_USERNAME: domain\user
    WEB_SERVICE_SDK_AUTHENTICATION_PASSWORD:
    password
    OVERRIDE_PHONE_APP_WEB_SERVICE_URL: 
    You might want to refer this thread link:
    https://social.msdn.microsoft.com/Forums/en-US/ad1f6fc1-ab3f-482d-a435-e4fd6665f640/mfa-user-portal-issue?forum=windowsazureactiveauthentication
    Additional reference links:
    https://technet.microsoft.com/en-us/library/dn376347.aspx#multifactor
    https://pfweb.phonefactor.net/install/6.2.1.16387/release_notes.txt
    Let me know if you have any further questions!
    Regards,
    Sadiqh Ahmed

  • Mode not available on user portal

    If we setup the default for users to be OTP how do they change to OTP+pin and set a PIN?
    I turned all the users options on for the portal but the MODE option did not show up
    If I set myself up as an admin then I get a mode option for the user I searched for
    Thanks
    -chuck

    Mode is dictated by the admin. Users can't choose for themselves whether to require PIN or not. Users can be set to PIN mode in the MFA Server or through the User Portal Admin functionality in the User Portal.

  • TMS User Portal: The connection was reset. TMS 14.6.0 + TMSPE 1.4.0.8

    Hello,
    I am building a small CMR setup in my lab for a customer demo.
    The problem is that TMS User Portal is not accessible and shows "The connection was reset". Everything else works fine.
    I struggle to find any reference on similar issues. Can somebody please suggest where to start looking?
    The setup details:
    Windows Server 2012 Std, x64
    SQL Server 2008 R2
    Thank you in advance,
    Best regards,
    Dmitry.

    I have installed jre-7u51-windows-x64.exe form the Java site. Installation went well, Java console shows 'enabled'. However, if I start TMS locally (127.0.0.1) and navigate to the Conference Control Center - it says:
    "Java support has not been detected. This page requires Java to be installed and enabled in your browser. Java may not be installed, or may be disabled in your browser due to configuration or security settings."
    What am I missing?

  • User portal file browsing

    So I'm feeling out my user portal and I want a way for my people to download software.  I had previously set up a Sharepoint library and made an iFrame for users to view it on.  Works great in that the sharepoint frame recognizes their AD account so no additional login.  I have the issue of duplication of files.  I already have a share with all my software neatly organized and to duplicate this on a sharepoint library seems a waste.
    I could just list all my software and then link each name to the file but that seems inefficient especially since I'll update software regularly.  Not to mention I want to do the same thing with some 
    So can anyone suggest a way for a normal user to browse the available folder/file structure and download said files? 
    This topic first appeared in the Spiceworks Community

    I use File Manager, and although it does not supot FTP its a pretty good manager. With several cloud options. 
    https://itunes.apple.com/us/app/file-manager-free/id479295290?mt=8
    However, a quick google search of the App store revealed this:
    iUnarchive Lite - Archive and File Manager with support for Dropbox, Box, Skydrive, SugarSync, WebDAV en FTP
    https://itunes.apple.com/us/app/iunarchive-lite-archive-file/id380663019?mt=8

  • Allow Other Users To Edit The User Portal

    HI all,
    Is it possible to allow another user to modify my User Portal without making them a full Admin?
    Out HR Dept. would like a tab for their content and would like to edit it themselves.
    I'm not keen as they would probably hose the entire site.
    Any ideas if this can done?
    Regards
    Colin
    This topic first appeared in the Spiceworks Community

    Hi - I believe the issue is related to java versions. I experienced the exact same problem, and the issue was removed.
    Several small issues in Java Report Panel with unintended behavior is very often related to too old java versions.
    BR
    Jess

  • 3rd Party End User Portal Offerings

    Just wondering if anyone is aware of any 3rd party end user portal offerings.
    The out of the box one does not provide the look & feel we are after (too "industrial" & IT-like) for our clients, so I was interested in any 3rd party off the shelf offerings that may available. We are a small, non-Sharepoint IT environment,
    so customising the out-of-box version would not be the preferred option. We would be greatly interested in a more "client friendly" offering as delivered by many of the other service management tool vendors. We would also prefer to have a non-Sharepoint
    version if one exists.
    Another key feature that we would be after is for the incident/service logging to be integrated with the knowledgebase so suggestions are presented as the client enters the title of their issue. I've seen this in the client portal offering of a number of
    other service management products and it is a great feature. Effectively can provide an answer to the client without them having to log a ticket.
    Any advice or suggestions would be greatly appreciated.

    The master pages of the SharePoint are locked by Microsoft, so I kind of doubt anyone has any custom portals for you.
    However you can obviously easilly change the colours, title and image logo etc via Site Actions \ Site Settings. I'm not a SharePoint expert but this is very little effort and any IT person can manage that. But if you say wanted to move the menu
    to a top frame menu, you cant.
    To remove that Need Help bit and replace it, refer to this easy to follow blog post by the SCSM engineering team:
    http://blogs.technet.com/b/servicemanager/archive/2012/02/06/customizing-the-scsm-2012-self-service-portal-how-do-i-change-the-need-help-or-description-text.aspx
    I think your entering Title functionality with Help Article suggestions would be a great future, same as here on the Technet forums, but I cannot see that anyone would have been able to create that functionality in SCSM with the portal. Maybe in future versions,
    but I wouldnt hold my breath.
    SCSM 2012 is not a quick out of the box product that you just install and off you go in a day, it takes a fair bit of configuring for the portal, ROs, SLAs etc. If you are a small IT counsultancy with small to medium businesses as your market, I might go
    so far as to say this is not the product for you. But that is just my personal opinion.

  • Unable to view pdf created in Live Cycle Designer ES2-initially thought to be a user/OS issue

    Unable to view pdf created in Live Cycle Designer ES2.  I initially thought this was a user / OS issue when I created a document for someone who is new to a MAC laptop.  She could not view the document through email.  Unfortunately, I began seeing the same error in my own document folders when searching for another document showing as icons instead of a list.  I can open the file without a problem although I see the error she sees only while viewing the icons in my folder.  I am using a Windows 7 PC. Now, I also know that if the document is downloaded, it can be viewed.
    Other notes:
    If trying to access the form via the internet, the same error is seen through Chrome, Firefox, and Mozilla but NOT through IE
    Everyone seems to have the latest or a very recent READER
    The form is compatible with Reader versions 7 and up
    Again, downloading from the internet to the computer appears to allow the file to open properly
    Document cannot be viewed on the Galaxy Tab 2 via Chrome or the pre-installed Internet Browser, nor can it be viewed through the Reader after download to tablet. I did not try on an Apple iPad.
    All parties involved are up-to-date with virus protection.
    Below is a link to the exact message received when trying to open the document.
    https://www.dropbox.com/s/wmjqzwyriovg9vi/Adobe%20Error.pdf

    You're on to something KJ!  Yes the form was created in LiveCycle Designer ES2 which came bundled with my Adobe X Pro.  I began creating a new form yesterday and found that I could not preview the form, rendering this same "error" instead.  I ran a repair on my Adobe and at first it seemed to fix the issue but after making some changes to the form I tried to preview again and couldn't.  Here is what I get when I try to preview my forms in Designer ES2: 
    When I click the OK button, it then gives me that single static page as mentioned above in previous posts.
    I searched Adobe yesterday trying to figure out how I could repair the LiveCycle Designer or if there was some sort of patch that I haven't gotten but was not able to find anything.
    (Sorry for the delay in response, I've been on vacation.)
    Message was edited by: AngelaC

  • Unable to view pdf - initially thought to be user / OS issue for new user to MAC.

    Unable to view pdf created in Live Cycle Designer ES2.  I initially thought this was a user / OS issue when I created a document for someone who is new to a MAC laptop.  She could not view the document through email.  Unfortunately, I began seeing the same error in my own document folders when searching for another document showing as icons instead of a list.  I can open the file without a problem although I see the error she sees only while viewing the icons in my folder.  I am using a Windows 7 PC. Now, I also know that if the document is downloaded, it can be viewed. 
    Other notes: 
    If trying to access the form via the internet, the same error is seen through Chrome, Firefox, and Mozilla but NOT through IE
    Everyone seems to have the latest or a very recent READER
    The form is compatible with Reader versions 7 and up
    Again, downloading from the internet to the computer appears to allow the file to open properly
    Document cannot be viewed on the Galaxy Tab 2 via Chrome or the pre-installed Internet Browser, nor can it be viewed through the Reader after download to tablet. I did not try on an Apple iPad.
    All parties involved are up-to-date with virus protection.
    Below is a link to the exact message received when trying to open the document.
    https://www.dropbox.com/s/wmjqzwyriovg9vi/Adobe%20Error.pdf

    Sorry, this is a user to user forum and we're just customers who help out when we can, so things don't always happen right away.
    Reader, Regardless of OS or device, is as the name implies, only a Reader.  There are different mail settings between Mac Mail Outlook and Thunderbird as well as Andsroid's mail app, whose name escpoaes me.
    Have you checked in the Live Cycle Forum? There are people there with FAR more experience using LC developed forms. It's part of my Creative Suite, but I've never even opened it myself.

  • Portal issue in shopping cart

    Hi  ,
    I am facing portal issue in shopping cart. If I click shop , homepage is displaying again. Since I am new to this , Kindly guide me where can I check to resolve this issue.please help me how to proceed on this. Find below screenshot. Thanks in Advance.

    Hi Sugan,
    Try publishing the services using report W3_PUBLISH_SERVICES.
    Also trx SIAC_PUBLISH_ALL_INT.
    It should work after config and republishing.
    Best Regards
    Ale

  • How to create User Portal in OID programmatically in JSP

    Hi.
    I want to create User Portal programmatically in JSP (if posible) or have to use procedure.
    I check with package wwsec_api, it just have 'function
    add_portal_user', but it say we must have "the user must already exist in OID before this function is called."
    So, i checked for 'how to create User in OID'. What i got (in metalink)just methods that 'Create manually Portal Users in to OID' by LDAP or PL/SQL coding (with list of user in flat files).
    What i want to do is, How to create User POrtal in OID by JSP? What are the procedure/table/method involved?
    Do anybody have any samples?..
    Thanks.

    I had to write my own because I could not find one anywhere. Here is an addUser() method that seems to work pretty well.
    import oracle.ldap.util.jndi.ConnectionUtil;
    import javax.naming.directory.*;
    import javax.naming.*;
    public class LdapUser
    public LdapUser(){}
    public void addUser(String pUsername, String pPassword, String pFirstName, String pLastName, String pEmail)
    try
    InitialDirContext ctx = ConnectionUtil.getDefaultDirCtx("host", "port", "orcladmin", "pwd");
    BasicAttributes attrs = new BasicAttributes();
    BasicAttribute oc = new BasicAttribute("objectclass");
    oc.add("top");
    oc.add("person");
    oc.add("inetOrgPerson");
    oc.add("organizationalPerson");
    oc.add("orclUser");
    oc.add("orclUserV2");
    attrs.put(oc);
    BasicAttribute gn = new BasicAttribute("givenName", pFirstName);
    attrs.put(gn);
    BasicAttribute sn = new BasicAttribute("sn", pLastName);
    attrs.put(sn);
    BasicAttribute cn = new BasicAttribute("mail", pEmail);
    attrs.put(cn);
    BasicAttribute pwd = new BasicAttribute("userpassword", pPassword);
    attrs.put(pwd);
    // Etcetera, etcetera...
    ctx.createSubcontext("cn="+pUsername+",cn=users,dc=whatever,dc=com", attrs);
    ctx.close();
    System.out.println("Success!!");
    catch (NameAlreadyBoundException nabe)
    System.out.println("Username is already in use. Please choose another.");
    catch (NamingException ne)
    System.out.println("NamingException: " + ne);
    catch (Exception e)
    System.out.println("User account was not created.");
    }

  • User Lock issue when processing IDOCS

    Hi Folks,
    We are pushing the data into SAP using IDOCS.During this process some IDOCS are getting failed due to User Lock on shipment header.Anyone here can share their experience in dealing with User Lock issues.
    Thanks,
    Kiran.

    Kiran,
    Only one can edit the document, it's standard fucntion. I think No note can resolve this. I can suggest you to run a back ground job very frequently ,which picks these status 51 IDOCs and reprocess. Report is :RBDMANi2
    We can use Message class & error message number on selection screen, so that we can make sure that only those idocs which were failed due to Lock problem are taken by the job.
    Reddy

  • Does the UC540 include or support a web based user portal?

    One last question because I can't find this for the life of me.  When looking at Avaya IP Office they include a web based portal that is installed on a server or on their server module for the system.  Does the UC540 include that or allow that function at all?  Basically I'm trying to find out if it includes or supports even via add on a user portal where users can log in, see their call history, listen to voice mails, possibly see who is on the phone, and if possible change their call flows from there.  So for example set that they are working from home vs the office.  Is that built in or supported or anything at all?  Thanks so much!

    The thing I'm just not clear on is what the UC540 includes, as I'm comparing it to Avaya IP Office which seems easier to understand.  A user portal isn't that big of a requirement but I'm more wondering how it works for teleworkers or mobile twinning as Avaya calls it.
    For example, one place says buy the UC540 for $1899.  Just using it as an example, lets say I was to buy that.
    Am I able to set it so that:
    1) If working remotely, calls ring on my desk and mobile at the same time, like Avaya's mobile twinning?  And if so, is it something users can enable or disable easily, either from their phone, or a web portal etc?
    2) If I am on the road, Avaya has the one-x iPhone application, where you launch it, dial a number, it calls into the Avaya PBX, and makes an outbound call showing it's my office calling.  So basically DISA.  I don't need an application for that, but does the UC540 support calling into it and dialing out so it shows the office line calling?
    3) Last and most importantly, does it include built in any ability for a softphone so that a user can work from home one day, launch the softphone on their laptop with a USB headset and then make calls and have incoming calls ring there as well?
    We use Asterisk, so we can do the above right now but it's not really pretty.  Like option 1 above is possible and easy to do.  Option 2 is so so, it's def not as easy as the one-x app by Avaya.  Instead users have to call our main line, dial a code at the IVR and then get an outbound line that shows their caller ID.  So each user needs that manually set up in the system, it's not a built in feature.  Then option 3 is possible but also not ideal as the soft phone needs its own extension and then ring groups are needed to ring their line to all their extensions etc.
    Just comparing the Avaya to Cisco and I'd REALLY prefer the Cisco it's just the Avaya seems to handle the above better which is our main features we want so just trying to determine if the UC540 can do this out of box and if not what I'd need to enable it.   Thanks!

  • Windows 7 RAC user equivalence issue

    Hi,
    I m setting up a RAC 11gR2 on windows 7. following these instructions
    http://www.oracle-base.com/articles/11g/OracleDB11gR2RACInstallationOnWindows2008UsingVirtualBox.php
    Getting close to the end, but I get error:
    [INS-40913] The following nodes cannot be clustered due to user equivalence issue: w2008-112-rac2
    when trying to configure the cluster. Is there anything I missed?
    Both users have the same rights since I used a clone (administrator)
    Regards

    Hi,
    I have deletd ~/.ssh (rm -fr) directory which contained dsa,rsa,dsa.pub,rsa.pub and known_hosts. Yes i'm using vmware server 1.02.
    I have configured RAC earlier using same vmware and os version.
    key creation
    =========
    *both nodes
    mkdir -p ~/.ssh
    chmod 700 ~/.ssh
    /usr/bin/ssh-keygen -t dsa
    /usr/bin/ssh-keygen -t rsa
    mkdir ~/.ssh/authorized_keys
    from node 1
    ssh node1 cat ~/.ssh/dsa.pub >> ~/.ssh/authorized_keys
    ssh node1 cat ~/.ssh/rsa.pub >> ~/.ssh/authorized_keys
    ssh node2 cat ~/.ssh/dsa.pub >> ~/.ssh/authorized_keys
    ssh node2 cat ~/.ssh/rsa.pub >> ~/.ssh/authorized_keys
    scp ~/.ssh/authorized_keys node2:.ssh/authorized_keys
    exec /usr/bin/ssh-agent $SHELL
    /usr/bin/ssh-add
    Please let me know if i missed out any step
    regards,
    Shaan
    Edited by: Shaan_dmp on Sep 14, 2009 2:56 PM

Maybe you are looking for

  • Hp dj 2510 how to print on a A9 envelope

    Hi,  I have a HP DJ 2510 as a utility printer - on the advanced setting there is no A9 envelope listing, but lots of weird japanese speciality settings. First, do I have the correct software? If so, how do I get it to print on a fairly common sized A

  • Check box Select All

    Hi all, I have created a Report with select EMP_no, EMP_name, Sal, apex_item.checkbox(2,EMP_no) CHK from emp Order by 1 where I want have the Select All check box on th etop of the CHK Column for that i used <input type="checkbox" onclick="$f_CheckFi

  • Surface Pro Installation

    Hello all and it's good to be back. I haven't used Arch in a few years or linux for that fact as everything at work required OSX or Windows. Things have changed and I've been able to switch back to Linux. I've been running Ubuntu on my Surface Pro (k

  • How to scale objects in a layer while keeping each object in the same position

    I have a map with symbols on it, placed precisely where they need to be. Is there a way to scale all of the objects in a layer or group so that they are larger, but without treating them as a layer that is stretched out to scale proportionately? Basi

  • HT201335 Apple TV AirPlay mirroring

    Why couldn't we use mirroring on the new iPod as it is the main gaming device for apple and it would be great to go round to mates houses and show them the game u just bought on the tv