Setting a Custom "401 Unauthorized" Page

When our claims based SharePoint web application cannot authenticate users (for whatever reason, e.g cannot get a Kerberos ticket), they are presented with a blank white page with the text "401 Unauthorized".
How and where can I can customise this page?
I can find lots of info on the 404 (accessed denied) page, but not this one specially.
Any ideas?
Thanks,
Richard

Hi Richard,
 Those errors would occur only when the pages
would be rendered through the /_layouts/15/start.aspx page. This specific page is responsible for loading pages from a site using the
Minimal Download Strategy (MDS), a new feature in SharePoint 2013 that improves client rendering performance and fluidity when navigating from page to page by downloading only the changes between two pages. This feature should help improve
page navigation performance. If you want to read more about Minimal Download Strategy (MDS), check out this
post<o:p></o:p>
The MDS feature is a great performance enhancement that comes along with SharePoint 2013 so it should NOT be turned off permanently! Keep it disable
for some time to debug the issue and do activate once you resolve the current issue. After that shared what page you are getting and the error displaying to come up with solution.<o:p></o:p>
Krishana Kumar http://www.mosstechnet-kk.com
Please mark the replies and Proposed as answer if they help and solve your issue

Similar Messages

  • 401 Unauthorized Page Not working in SharePoint.

    When a bad log-in is entered three times while opening a SharePoint Site, "401 Unauthorized"page is not reached but SP site returns a blank page.
    Its SP 2010 Environment with Windows Server 2008 R2 and IIS 7.
    Please share your thoughts in resolving this issue.
    Thank you. 

    Disable the authentication loopback check
    Reference: https://support.microsoft.com/kb/926642/en-us?wa=wsignin1.0
    Re-enable the behavior that exists in Windows Server 2003 by setting the DisableLoopbackCheck registry entry in the
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa registry
    subkey to 1. To set the DisableLoopbackCheck registry entry to 1, follow these steps on the client computer:
    Click Start, click Run,
    type regedit, and then click OK.
    Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
    Right-click Lsa, point to New,
    and then click DWORD Value.
    Type DisableLoopbackCheck, and then press ENTER.
    Right-click DisableLoopbackCheck, and then click Modify.
    In the Value data box, type 1,
    and then click OK.
    Exit Registry Editor.
    Restart the computer.
    Note You must restart the server for this change to take effect. By default, loopback check
    functionality is turned on in Windows Server 2003 SP1, and the DisableLoopbackCheck registry entry is set to 0 (zero). The security is reduced when you disable the authentication loopback check, and you open the Windows Server 2003 server for man-in-the-middle
    (MITM) attacks on NTLM.
    If my contribution helps you, please click Mark As Answer on that post and
    Vote as Helpful
    Thanks, ShankarSingh(MCP)

  • Error 401--Unauthorized when deployed on WL Managed server (10.3.3)

    Hi,
    I created & started a WL-Managed server on my window desktop machine. I deployed to this Managed server, an application which is running without problem on Admin Server. (The managed server is created in the same Domain as that of Admin Server)
    However, when I log on to the application on Managed server & enter the UID & PW I get the Error 401--Unauthorized page. The same security works perfectly well for Admin Server.
    Any clues what could be going wrong.
    Thanks in advance.
    Edited by: Prakash Chavan on Feb 28, 2011 4:57 PM

    Thanks Faisal,
    Here is the log after I add the 2 flags
    <Mar 1, 2011 8:59:30 AM EST> <Notice> <WebLogicServer> <BEA-000365> <Server stat
    e changed to RUNNING>
    <Mar 1, 2011 8:59:30 AM EST> <Notice> <WebLogicServer> <BEA-000360> <Server star
    ted in RUNNING mode>
    Mar 1, 2011 9:13:27 AM oracle.jbo.uicli.mom.CpxUtils$Visitor logMainApplicationC
    px
    INFO: zip:C:/JDev11g/Middleware/user_projects/domains/base_domain/servers/Svr0/t
    mp/_WL_user/TestTrackApp_V2.0/77qs7f/war/WEB-INF/lib/_wl_cls_gen.jar!/view/DataB
    indings.cpx
    [JpsAuth] Check Permission
    PolicyContext: [TestTrackApp#V2.0]
    Resource/Target: [view.pageDefs.ttsPageDef]
    Action: [view]
    Permission Class: [oracle.adf.share.security.authorization.RegionP
    ermission]
    Result: [FAILED]
    For more information on this failure, please set -Djps.auth.debug.verb
    ose=true
    I have emailed you the requested log & the config files.
    Edited by: Prakash Chavan on Mar 1, 2011 9:35 AM

  • Realm enterprise-manager (401 Unauthorized)

    Oracle Application server is installed on the same machine as the infrastructure. The infrastructure install went well. Then I installed the IAS with no problems and then I configure the server to only run one instance of Apache, again without a hitch. So far, so good.
    I can get to the "Welcome to Oracle9i Application Server" page with no problem. However, when I try to access the Enterprise Manager using the correct information for userid and password for the Realm "enterprise-manager" popup. It comes up 3 times and then gives me a "401 Unauthorized" page.
    I have succesfully completed the reset password routine, but it still doesn't fix the problem.
    Any ideas?
    Thanks in advance.

    It's good to see I'm not alone! I've run into the problem four times now, on Windows 2000 Professional, and have finally pinpointed the reason, however not the solution. It happens right away when I disable the MS Loopback adapter that I used during installation of the iAS, thus running the normal network adapter.
    The result is pretty bad - I'm not at all able to find a workaround. It does not help to revert to the loopback adapter. I simply have to reinstall everything! Password resetting according to the release notes addendum at first seems to work fine, as I long as I stay at the DOS prompt. When I try to enter Enterprise Manager however the same thing happens - 401 Unauthorized. Reboot doesn't help.
    A detail that may or may bot be significant, is that I have being doing this away from the office, so that I have not been connected to the configured domain. (Another detail is that I'm starting from an Oracle employee OBI base install of Windows 2000; not just the first time, but every time)
    I wonder why not more people are getting this problem - I get it all the time. Please help.
    Thanks, Erik Hagen, +47 90631013

  • Dispatch to custom 401 page does not always happen

    hi,
    I configured custom error401.jspx page to be dispatched to if user enters invalid credentials at login page or if authenticated user attempts direct url access to a page he is not authorized to access. This works most of the time, but sometimes instead of dispatching to 401 page system dispatches to Login page (the user is already logged in so this should not happen!). When this happens Login page looks like original ADF faces page but "face" color is lost, i.e. page is all black and white and it contains message Invalid username and password.
    I configured ADF security to also dispatch to this 401 page in case of unauthorized access.
    I am using jdev 10.1.3.2.
    What is causing this behavior? It seems to happen more often on standalone than embedded oc4j. I checked web.xml and everything points to custom 401 page if unauthorized attempt. userInfo managed bean is identical to SRDemo.
    Is there a workaround?

    Hi,
    it is not loss of session as if I click Back button on browser I can proceed with application as currently logged in user.
    I reproduce this in following way:
    - I try to login as userA/roleA with wrong credentials
    => system dispatches to error401 page.....................OK
    - on error401 page I click Home button which replicates SRLogout backing bean function...OK
    => system re-renders Login page...............OK
    - I login as userA with correct credentials
    => system renders welcome page.............OK
    - I use application as userA..................OK
    - I try to access page accessible only to userB/roleB, using direct url access
    => system dispatches to error401 page...........................OK
    - On error401 page (or clicking Back button on browser to go to previous page) I, (still logged in as userA/roleA) try to direct url access page belonging to userC/roleC
    => this time oc4j immediately dispatches to Login page (instead of error401 page) with message Invalid username and password...................................NOT OK
    So it seems first time only it dispatches correctly but subsequent attempts it always go to Login page although session is not expired

  • How can I set up a custom 404 error page on OSX Server?

    I moved my web site to a local server and changed the structure drastically.  Unfortunately I am getting hits for information that was on the old server which I haven't put back yet.  I'd like to set up a custom 404 Error Page to let people know what's up.  In server.app I can set up a 500 error page but not a 404 and when I tried hand coding it into the sites .conf file I really messed things up.  It took me a while to get that all corrected!
    Thanks for any advice,
    Bill W

    Found it!
    Under the web server Advanced Setting set "Allow overrides using .htaccess" then create an .htaccess file in the root directory with the line:
    ErrorDocument 404 notfounderror.html
    Use whatever HTML/PHP/etc. document you have created.

  • Setting the custom master page through powershell is NOT working

    Hi,
     I am writing the below code to set the  custom master page through powershell.
    But its not working .when i went to site settings-->master page --> in the drodown , the  maste page set is seattle.master ONLY, though my current master page is available in the dropdown.
     Can anyone pls help, whether i am missing in the below :
          Add-PSSnapin Microsoft.SharePoint.Powershell
           $SiteURL = "http://srvr1:22307/sites/SPW5"
        $weburl= $SiteURL
        $Site= Get-SPSite $SiteURL
        $web =  $Site.OpenWeb()
    $web.CustomMasterUrl = "/_catalogs/masterpage/myMasterpage.master"
    $web.MasterUrl = "/_catalogs/masterpage/myMasterpage.master"
    $web.Update()
    Das

    Hi,
    Is it a publishing page? If yes can you try the PowerShell scripts corresponding to the following code snippet?
    var publishingWeb = PublishingWeb.GetPublishingWeb(web);
    publishingWeb.CustomMasterUrl.SetInherit(inheritFromParent, false);
    publishingWeb.CustomMasterUrl.SetValue(masterPageUrl, false);
    publishingWeb.MasterUrl.SetInherit(inheritFromParent, false);
    publishingWeb.MasterUrl.SetValue(masterPageUrl, false);
    I've noticed sometime (not sure though) that Master page doesn't get updated if the inherit property is not updated first.
    Thanks,
    Sohel Rana
    http://ranaictiu-technicalblog.blogspot.com

  • Setting a Custom Scope in a Page

    Greetings again
    i am trying to set a custom scope for my pages, i am following the example 6.3.2 Setting Scope in a Page - Create New Task Flow in the Oracle® Fusion Middleware
    Developer's Guide for Oracle WebCenter 11g Release 1 (11.1.1) E10148-06.
    i have a managed bean whose class name is AdministratorPagView and has a method called getScopeName() that returns a String. My adfc-config.xml archive looks like this
    adfc-config xmlns="http://xmlns.oracle.com/adf/controller" version="1.2">
    <managed-bean id="__3">
    <managed-bean-name id="__1">adminPagView</managed-bean-name>
    <managed-bean-class id="__2">view.AdministratorPagView</managed-bean-class>
    <managed-bean-scope id="__4">request</managed-bean-scope>
    </managed-bean>
    </adfc-config>
    then in my page definition archive called AdministratorPagPageDef.xml that corresponds to the JSPX where the create page task flow, there is a parameter for that task flow like this:
    <parameters>
    <parameter id="oracle_webcenter_page_createpage_scopename"
    value="${adminPagView.scopeName}"/>
    </parameters>
    so i try creating a page and when i finish creating it the getPateTreeITerator does not show me anything and looking into the WL Server floders for the mds, i just found a scope.xml file in a path structure like this one
    DefaultDomain/webcenter/mds-integServerRepos/<my_app_name>/oracle/webcenter/framework/scope/scopedMD/<custom_scope_name>/scope.xml, but the new folder that reference to a new scope is not being created
    is there something i am missing?
    Edited by: Luis_muxhaxho_betancourth on 24/06/2010 08:46
    Edited by: Luis_muxhaxho_betancourth on 24-jun-2010 18:54

    the pages are being placed in a diferent folder from the one used when defaultScope is set, how can i make those pages visible in the page tree for my user ?

  • How to set custom access denied pages in SharePoint 2013?

    Hi everybody,
    in SharePoint 2010 custom access denied or other error pages could be easily set by setting the new path to the webapp-properties by using webApp.UpdateMappedPage. In SharePoint 2013 this seems to be ignored. The MSDN-entry seems to be out of date and just
    copied from SharePoint 2010:
    http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.administration.spwebapplication.updatemappedpage.aspx
    A possible workaround could be writing a HttpModule that checks the requested url for accessdenied.aspx and redirects to a custom page but there must be another more best practice way to achieve this behaviour??

    I found a workaround to redirect to a custom access denied page but I'm not happy with it.
    I created a HttpModule which uses static method SPCustomRedirect.RegisterRedirectHandler to register a class inheriting ISPCustomRedirectHandler to the current HttpContext. In this class there is a method GetRedirectUrl that returns the path to my custom
    access denied page.
    Now at last a value must be written to the HttpRequest.Querystring named "CustomRedirect". But to add something to the QueryString-NameValueCollection I must use reflection to make it writable because it's readonly. After setting the value, I reset the property
    to readonly.
    For clearness, I post the code-snippet from the HttpModule below:
    HttpRequest request = HttpContext.Current.Request;
    NameValueCollection QS = request.QueryString;
    QS = (NameValueCollection)request.GetType().GetField("_queryString", BindingFlags.NonPublic | BindingFlags.Instance).GetValue(request);
    PropertyInfo readOnlyInfo = QS.GetType().GetProperty("IsReadOnly", BindingFlags.NonPublic | BindingFlags.Instance);
    readOnlyInfo.SetValue(QS, false, null);
    QS["CustomRedirect"] = "CustomAccessDenied";
    readOnlyInfo.SetValue(QS, true, null);
    SPCustomRedirect.RegisterRedirectHandler("CustomAccessDenied", new CustomAccessDenied());
    This is the redirectHandler-class I register in the last line:
    public class CustomAccessDenied : ISPCustomRedirectHandler
    public string GetRedirectUrl(string key)
    string serverRelativeUrl = string.Empty;
    var ctx = HttpContext.Current.Items["DefaultSPContext"];
    if (ctx != null)
    serverRelativeUrl = ((SPContext)ctx).Web.ServerRelativeUrl;
    if (serverRelativeUrl.Equals("/"))
    serverRelativeUrl = string.Empty;
    return string.Format("{0}/_layouts/15/myCode/CustomAccessDenied.aspx", serverRelativeUrl);
    This works fine but I really don't like the need to add a value to the querystring by reflection or the need to do this for every page-request...
    What's your opinion for this?

  • Get "401 Unauthorized" for secured pages when following the tutorial

    I tried to configure security for a page in JDeveloper by following the steps in 10.1.3.2 WebCenter Framework Tutorial (http://download.oracle.com/docs/cd/E12529_01/webcenter.1013/b31072/tt_security.htm).
    I copied the system-jazn-data.xml from the sample. Then followed the steps in the tutorial except that I don't have the Welcome page but only the secured Mypage.jspx which is protected as instructed in the tutorial. Then I ran Mypage.jspx. I was directed to the login page correctly. But after I entered the correct username/password for any user, it gave me "401 Unauthorized" error. I'm pretty sure the username/password is correct because it'll direct me back to the login page when they're wrong.
    I tried it a few times but it always failed with the same error. Any help is greatly appreciated.
    -- Cindy

    Hi,
    if you followed a WebCenter tutorial then it would make sense to ask the question on the WebCenter forum
    WebCenter Portal
    Frank

  • Error 401 (Unauthorized) when setting up Hybrid Search

    Hello,
    I am trying to set up Hybrid Search (one-way out-bound search) between a SharePoint 2013 on-premises farm I've got running on Windows Azure (IaaS) and a SharePoint Online trial tenant I have set up for the purpose.
    I have followed Manas Biswas' rather long guide (search for manas biswas hybrid search on Bing to find it) for setting it up and everything has gone fine -- including setting up my SharePoint 2013 farm in a demo lab on Azure, signing
    up for a SharePoint Online tenant, getting DirSync to work, etc. Actually, I hadn't bumped into any errors until the very end when I wanted to try out my setup.
    I had just set up SharePoint Online as a search result source on my SharePoint 2013 team site. I have also set up the search query rule with the result block for the SP Online results. Yet, when I try to use the Query Builder and I search for "*",
    I get the following error:
    System.Net.WebException: The remote server returned an error: (401) Unauthorized. at System.Net.HttpWebRequest.GetResponse() at Microsoft.SharePoint.Client.SPWebRequestExecutor.Execute() at Microsoft.SharePoint.Client.ClientContext.GetFormDigestInfoPrivate() at Microsoft.SharePoint.Client.ClientContext.EnsureFormDigest() at Microsoft.SharePoint.Client.ClientContext.ExecuteQuery() at Microsoft.Office.Server.Search.RemoteSharepoint.RemoteSharepointEvaluator.RemoteSharepointProducer.RetrieveDataFromRemoteServer(Object unused) at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at Microsoft.Office.Server.Search.RemoteSharepoint.RemoteSharepointEvaluator.RemoteSharepointProducer.ProcessRecordCore(IRecord record)
    Now, I don't know why this operation is rejected as "unauthorized." I am unsure of my certificates, which I have generated and set up in order for the connection to work. Out of all the steps in Biswas' guide, the certificates part is the one I
    have the least knowledge about. I am suspecting that there is something wrong in this area but I have no idea of how to troubleshoot it.
    To make it clear, I did not encounter any error messages while following the guide -- not even when firing off the fair amount of PowerShell scripts that Biswas has written.
    I would appreciate it if anybody could help me troubleshoot this problem. I am running out of ideas to try out so any suggestion will appreciated! :-)

    Hi Sebastian and Manas,
    I am trying to set up a hybrid environment and followed the blog posts. Everything was set up as per the guidelines mentioned but still I am not able to fetch any results from SharePoint Online inside my on-premise environment. 
    There are no errors coming as such. Its just that my on-premise is showing no results from SPO. However if the same user logs on into the Office 365 SPO site he is able to see SPO search results. That means there is no permission related issue specific to
    test user. 
    I am totally out of ideas now. In case you have faced similar issues while setting up the same then any pointers to troubleshoot would be very helpful.
    The link to my query that I have asked on the forums is
    https://social.msdn.microsoft.com/Forums/office/en-US/540d2629-ec6b-4905-b8e2-f6ba4e770d26/configure-one-way-outbound-hybrid-search?forum=sharepointgeneral
    Thanks,
    Geetanjali
    Geetanjali Arora | My blogs |

  • Access Exchange Service From SharePoint 2013 Custom Web part getting The request failed with HTTP status 401: Unauthorized.

    I want to Fill a drop down with Outlook Meeting of Current log-in user in SharePoint 2013 web part for default credentials I am using the following code
     ExchangeServiceBinding binding = new ExchangeServiceBinding();
                ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => true;
                binding.RequestServerVersionValue = new RequestServerVersion();
                binding.RequestServerVersionValue.Version = ExchangeVersionType.Exchange2010_SP2;
                binding.PreAuthenticate = true;
                binding.UseDefaultCredentials = true;
                binding.Credentials = CredentialCache.DefaultCredentials ; 
                string server = "https://*********/ews/Exchange.asmx";
                binding.Url = server;
    I Am Getting the Error "The request failed with HTTP status 401: Unauthorized."
    but when I Replace  the line  
    binding.Credentials = CredentialCache.DefaultCredentials ; 
    with 
     binding.Credentials = new NetworkCredential(userName, password, domain);
    Its run fine.  Is there any way I could able to use default credential.
      

    Hi,
    As this question is more relate to Exchange development, I suggest you post it to the corresponding forum, you will get more help and confirmed answers from there.
    http://social.msdn.microsoft.com/Forums/office/en-US/home?category=exchangeserver
    Best regards
    Patrick Liang
    TechNet Community Support

  • Adobe Print Form Error - Invalid Response Code: (401) Unauthorized

    Hi, I've just configured ADS on Netweaver 2004s. I've run through the config guide and everything works ok including the form generation test report FP_TEST_00 which outputs PDF without issue. I have two problems:
    -When I run a "test connection" on the RFC destination 'ADS' using the ADSUSER for the login details, I get a 403 not authorized error. Changing this user to J2EE_ADMIN resolves the issue and I get a 302 redirect. I've tried adding other permissions to the ADSUSER without any luck.
    -Running a report on the Portal under e.g. Executive Reporting and attempting to just right-click and hit "Print Version" results in a 401 error for request "http://hostXX:portXX/AdobeDocumentServices/Config?style=document" exactly as per this thread: Re: Adobe Form Creation Error - Invalid Response Code: (401) Unauthorized. However, I've double-checked all user details in Visual Administrator (ADS_AGENT) and on the ABAP stack side in su01 and sm59. I also tried changing the users to dialog with no effect. If I go directly to that URL and log in with ADSUSER I get a 403 not authorised error (using J2EE_ADMIN is again successful). I've noticed that in the http access log the HTTP protocol used is 1.1 when using the web browser and 1.0 when using the sm59 connection test. I've heard of problems with using HTTP/1.1, but when I change the options on IE8 to use HTTP/1.0, it changes for all other requests except the request for "http://hostXX:portXX/AdobeDocumentServices/Config?style=document", which is still submitted as HTTP/1.1. Conversely, in sm59 if I specify that it should use HTTP/1.1 under Special Options, I can see from the access log that it is in fact still using HTTP/1.0. Could this be related to the 401 error code that I'm seeing?
    Any help would be appreciated. Thanks,
    John

    I think I've ruled out the HTTP protocol version as being an issue here. However I may have found more useful information on the actual issue.
    In the security log under usr\sap\<SID>\DVEBMGS00\j2ee\cluster\server0\log\system I see a different message for the unsuccessful report PDF generation attempt to that of a direct query to the same URL with the same web browser, as below. The unsuccessful attempt appears to forget the ADSUSER credentials and resort to the default J2EE_GUEST which has no authorisations and therefore fails. The direct query doesn't lose the ADSUSER credentials and I think this is because it prompts for the user/password when needed. Does anyone know why this happens for a direct query to this URL but not for the PDF generation attempt?
    Resulting logs from unsuccessful PDF generation attempt:
    #1.5 #005056AF1EB300750000002D0000142000048B4D2208F055#1279063306899#/System/Security/WS/SecurityProtocol#sap.com/irj#com.sap.security.core.client.ws.AuthenticationContext.setDestination#AICL0001#622##<host>_<sid>_3576650#AICL0001#4c1a62608ed511dfbe2a005056af1eb3#SAPEngine_Application_Thread[impl:3]_5##0#0#Info#1#com.sap.security.core.client.ws.AuthenticationContext#Java###An destination was set with the following properties:
    {0}.#1#{PROXY_ENABLED=false, CLIENT_AUTHENTICATION_KEYSTORE_VIEW=, SAP_SID=, SLD_URL=, USERNAME=ADSUSER, SLD_WS_NAME=, URL=http://<host>:50000/AdobeDocumentServices/Config?style=document, PROXY_URL=, SSL_SERVER_AUTHENTICATION=IGNORE, SLD_WS_SYSTEM_NAME=, PASSWORD=XXX, SLD_WS_PORT=, SAP_CLIENT=, DEFAULT_URL=http://localhost:50000/AdobeDocumentServices/Config?style=document, Authentication=BASIC, CLIENT_AUTHENTICATION_KEYSTORE_CERTIFICATE=, URL_CHOICE=Custom, SAP_LANGUAGE=}#
    #1.5 #005056AF1EB30072000000250000142000048B4D220A12ED#1279063306977#/System/Security/Authentication##com.sap.engine.services.security.authentication.logincontext#J2EE_GUEST#0##<host>_<sid>_3576650#Guest#4c1a62608ed511dfbe2a005056af1eb3#SAPEngine_Application_Thread[impl:3]_24##0#0#Info#1#com.sap.engine.services.security.authentication.logincontext#Plain###LOGIN.FAILED
    User: N/A
    Authentication Stack: com.adobe/AdobeDocumentServices*AdobeDocumentServices_Config
    Login Module                                                               Flag        Initialize  Login      Commit     Abort      Details
    1. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule   SUFFICIENT  ok          exception             true       Authentication did not succeed.#
    Successful direct access of URL http://<host>:50000/AdobeDocumentServices/Config?style=document (click on rpData test and manually log in as ADSUSER):
    #1.5 #005056AF1EB30070000000250000142000048B4D3E260016#1279063778670#/System/Security/Authentication##com.sap.engine.services.security.authentication.logincontext#ADSUSER#675##<host>_<sid>_3576650#Guest#812f72008ed611dfa62d005056af1eb3#SAPEngine_Application_Thread[impl:3]_14##0#0#Info#1#com.sap.engine.services.security.authentication.logincontext#Plain###LOGIN.OK
    User: ADSUSER
    Authentication Stack: com.adobe/AdobeDocumentServices*AdobeDocumentServices_Config
    Login Module                                                               Flag        Initialize  Login      Commit     Abort      Details
    1. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule   SUFFICIENT  ok          true       true                 
    Central Checks                                                                                true                  #
    #1.5 #005056AF1EB30070000000260000142000048B4D3E2666A6#1279063778702#/System/Security/Audit/J2EE##com.sap.engine.services.security.roles.audit#ADSUSER#675##<host>_<sid>_3576650#ADSUSER#812f72008ed611dfa62d005056af1eb3#SAPEngine_Application_Thread[impl:3]_14##0#0#Info#1#com.sap.engine.services.security.roles.audit#Java###{0}: Authorization check for caller assignment to J2EE security role [{1} : {2}].#3#ACCESS.OK#SAP-J2EE-Engine#all#

  • SharePoint Provider Hosted App (401) Unauthorized Microsoft.SharePoint.SPException: The Azure Access Control service is unavailable

    Hello,
    I'm attempting to get a SharePoint 2013 Provider Hosted Application working in a brand new SharePoint environment.  I've created snapshots of both my dev and the sharepoint environments along the way and have meticulously documented every step of the
    way.  I've followed these instructions (among many other resources found along this journey) :
    http://msdn.microsoft.com/en-us/library/fp179923(office.15).aspx
    http://technet.microsoft.com/en-us/library/fp161236(office.15).aspx
    http://msdn.microsoft.com/library/office/fp179901%28v=office.15%29
    Upon package and publish of my application to SharePoint, I get a 401 Unauthorized error.  I use Fiddler to obtain the SPErrorCorrelationID to ultimately obtain the following ULS Viewer Output.  Please explain how to fix if you're able.
    Please Note:  I was under the impression that a Provider Hosted Application does not use the Azure Access Control service, so I'm confused as to why my system is attempting to make this connection?
    Also Note:  I've used a self signed and godday obtained certificate to successfully f5 debug my basic web.title (out of the visual studio 2012 box) sharepoint provider hosted application... so I know my certs are good.
    Here's my ULS output:
    03/24/2014 08:54:47.83    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    Logging Correlation Data    xmnv    Medium    Name=Request (GET:http://portal.cltenet.com/_layouts/15/appredirect.aspx?instance_id=22d5252f%2D392c%2D4f68%2Db820%2Da3053b9d4f24)  
     306c809c-66a1-d0d5-d8e2-89d3631ce1bf
    03/24/2014 08:54:47.83    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    Authentication Authorization    agb9s    Medium    Non-OAuth request.
    IsAuthenticated=True, UserIdentityName=0#.w|cltenet\sp.apps, ClaimsCount=25    306c809c-66a1-d0d5-d8e2-89d3631ce1bf
    03/24/2014 08:54:47.83    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    Logging Correlation Data    xmnv    Medium    Site=/    306c809c-66a1-d0d5-d8e2-89d3631ce1bf
    03/24/2014 08:54:47.84    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    App Deployment    acjjg    Medium    The current user has System.Threading.Thread.CurrentPrincipal.Identity.Name
    = 0#.w|cltenet\sp.apps, System.Security.Principal.WindowsIdentity.GetCurrent().Name = NT AUTHORITY\IUSR, System.Web.HttpContext.Current.User.Identity.Name = 0#.w|cltenet\sp.apps.    306c809c-66a1-d0d5-d8e2-89d3631ce1bf
    03/24/2014 08:54:47.84    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    App Auth    ajsrv    Medium    redirectLaunUrl after getting it from query
    string, web or app instance: https://hightrust31.cltenetapps.com/Pages/Default.aspx?{StandardTokens}    306c809c-66a1-d0d5-d8e2-89d3631ce1bf
    03/24/2014 08:54:47.85    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    General    aib0n    High    trying to get app tokens for site: 888b71f7-51ee-40f5-8344-8de4869d37d0
    Unable to load app tokens from appInstanceId: 22d5252f-392c-4f68-b820-a3053b9d4f24    306c809c-66a1-d0d5-d8e2-89d3631ce1bf
    03/24/2014 08:54:47.85    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    App Auth    ajsrw    Medium    redirectLaunUrl after getting token replacement:
    https://hightrust31.cltenetapps.com/Pages/Default.aspx?SPHostUrl=http%3A%2F%2Fportal%2Ecltenet%2Ecom&SPLanguage=en%2DUS&SPClientTag=0&SPProductNumber=15%2E0%2E4420%2E1017    306c809c-66a1-d0d5-d8e2-89d3631ce1bf
    03/24/2014 08:54:47.85    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    App Auth    ajsry    Medium    m_oauthAppId after NormalizeAppIdentifier()
    i:0i.t|ms.sp.ext|[email protected]8df36d5d.  Now getting app principal info.    306c809c-66a1-d0d5-d8e2-89d3631ce1bf
    03/24/2014 08:54:47.85    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    App Auth    ajsr0    Medium    decided that we need to do a POST to the
    app.    306c809c-66a1-d0d5-d8e2-89d3631ce1bf
    03/24/2014 08:54:47.85    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    App Auth    ajsr1    Medium    m_redirectMessage: EndpointAuthorityMatches  
     306c809c-66a1-d0d5-d8e2-89d3631ce1bf
    03/24/2014 08:54:47.85    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    App Auth    ajsr2    Medium    realm matched attempting to get app token
    using GetAccessToken()    306c809c-66a1-d0d5-d8e2-89d3631ce1bf
    03/24/2014 08:54:47.85    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    App Auth    advzm    High    Error when get token for app i:0i.t|ms.sp.ext|[email protected]8df36d5d,
    exception: Microsoft.SharePoint.SPException: The Azure Access Control service is unavailable.     at Microsoft.SharePoint.ApplicationServices.SPApplicationContext.GetApplicationSecurityTokenServicesUri(SPServiceContext serviceContext)    
    at Microsoft.SharePoint.ApplicationServices.SPApplicationContext..ctor(SPServiceContext serviceContext, SPIdentityContext userIdentity, OAuth2EndpointIdentity applicationEndPoint)     at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForApplicationContext(SPIdentityContext
    userIdentityContext, String applicationId, Uri applicationRealm, SPApplicationContextAccessTokenType applicationTokenType, SPApplicationDelegationConsentType consentValue)     at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenPrivate(SPServiceContext
    serviceContext, String appId, Uri appEndpointUrl, SPAppPrincipalInfo appPrincipal, SPApplicationContextAccessTokenType tokenType, Boolean useThreadIdentity, SPUserToken userToken)    306c809c-66a1-d0d5-d8e2-89d3631ce1bf
    03/24/2014 08:54:47.85    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    App Auth    ajsr3    High    App token requested from appredirect.aspx
    for site: 888b71f7-51ee-40f5-8344-8de4869d37d0 but there was an error in generating it.  This may be a case when we do not need a token or when the app principal was not properly set up.  LaunchUrl:https://hightrust31.cltenetapps.com/Pages/Default.aspx?SPHostUrl=http://portal.cltenet.com&SPLanguage=en-US&SPClientTag=0&SPProductNumber=15.0.4420.1017
    Exception Message:The Azure Access Control service is unavailable.  Stacktrace:    at Microsoft.SharePoint.ApplicationServices.SPApplicationContext.GetApplicationSecurityTokenServicesUri(SPServiceContext serviceContext)    
    at Microsoft.SharePoint.ApplicationServices.SPApplicationContext..ctor(SPServiceContext serviceContext, SPIdentityContext userIdentity, OAuth2EndpointIdentity applicationEndPoint)     at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForApplicationContext(SPIdentityContext
    userIdentityContext, String applicationId, Uri applicationRealm, SPApplicationContextAccessTokenType applicationTokenType, SPApplicationDelegationConsentType consentValue)     at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenPrivate(SPServiceContext
    serviceContext, String appId, Uri appEndpointUrl, SPAppPrincipalInfo appPrincipal, SPApplicationContextAccessTokenType tokenType, Boolean useThreadIdentity, SPUserToken userToken)     at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenFromThreadIdentityOrUserToken(SPServiceContext
    serviceContext, String appId, Uri appEndpointUrl, SPApplicationContextAccessTokenType tokenType, SPAppPrincipalInfo appPrincipal, Boolean useThreadIdentity, SPUserToken userToken)     at Microsoft.SharePoint.ApplicationPages.AppRedirectPage.ValidateAndProcessRequest(). 
    Since this is a nonfatal error, it will be sanitized and posted to the app as part of the app launch.    306c809c-66a1-d0d5-d8e2-89d3631ce1bf
    03/24/2014 08:54:47.85    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    General    ajlz0    High    Getting Error Message for Exception Microsoft.SharePoint.SPException:
    The Azure Access Control service is unavailable.     at Microsoft.SharePoint.ApplicationServices.SPApplicationContext.GetApplicationSecurityTokenServicesUri(SPServiceContext serviceContext)     at Microsoft.SharePoint.ApplicationServices.SPApplicationContext..ctor(SPServiceContext
    serviceContext, SPIdentityContext userIdentity, OAuth2EndpointIdentity applicationEndPoint)     at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForApplicationContext(SPIdentityContext userIdentityContext, String applicationId, Uri
    applicationRealm, SPApplicationContextAccessTokenType applicationTokenType, SPApplicationDelegationConsentType consentValue)     at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenPrivate(SPServiceContext serviceContext,
    String appId, Uri appEndpointUrl, SPAppPrincipalInfo appPrincipal, SPApplicationContextAccessTokenType tokenType, Boolean useThreadIdentity, SPUserToken userToken)     at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenFromThreadIdentityOrUserToken(SPServiceContext
    serviceContext, String appId, Uri appEndpointUrl, SPApplicationContextAccessTokenType tokenType, SPAppPrincipalInfo appPrincipal, Boolean useThreadIdentity, SPUserToken userToken)     at Microsoft.SharePoint.ApplicationPages.AppRedirectPage.ValidateAndProcessRequest()  
     306c809c-66a1-d0d5-d8e2-89d3631ce1bf
    03/24/2014 08:54:47.85    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    App Auth    aib0p    Medium    Doing appredirect from appredirect.aspx:
    in site: 888b71f7-51ee-40f5-8344-8de4869d37d0 with RedirectLaunchUrl: https://hightrust31.cltenetapps.com/Pages/Default.aspx?SPHostUrl=http%3A%2F%2Fportal%2Ecltenet%2Ecom&SPLanguage=en%2DUS&SPClientTag=0&SPProductNumber=15%2E0%2E4420%2E1017  
     306c809c-66a1-d0d5-d8e2-89d3631ce1bf
    03/24/2014 08:54:47.85    w3wp.exe (0x1448)    0x22D8    SharePoint Foundation    Monitoring    b4ly    Medium    Leaving Monitored Scope (Request (GET:http://portal.cltenet.com/_layouts/15/appredirect.aspx?instance_id=22d5252f%2D392c%2D4f68%2Db820%2Da3053b9d4f24)).
    Execution Time=26.5933938531294    306c809c-66a1-d0d5-d8e2-89d3631ce1bf
    Your help is very much appreciated.
    With Respect,
    Larry

    Yes, actually - I was able to resolve it.
    However I don't know how, unfortunately.  I suspect it was because I needed to have the names of the certificates, defined during the certificate registration (to sharepoint) process, different.
    I have a complete document that shows step by step instructions on the exact process I took to complete the provider hosted application creation, deployment and publishing.  It was a daunting task, but I finished it successfully.
    If there's a way to send private message on this forum, please do so and I'll respond with a way to obtain my document.
    NOTE:  I'm not all impressed with the way this forum works.  This is supposed to be a Microsoft resource and I'll be damned if I ever get a response to highly technical questions.  Completely lame.  Boooooo Microsoft.

  • 401 - Unauthorized error while connecting to userprofile web service in InfoPath 2010

    Hello,
    I have 2wfe (NLB), 2app, 1db farm.
    Everything is working fine except for one computer! I have several InfoPath forms, they have custom webservices and userprofile web service. They work without any problem, but there is one computer that gives me 401-Unathourized Error! I'm not sure it is
    double hop issue because there is no other user/computer we are having a problem!
    I checked several blogs, they refer to hosts file, but not sure because why is it happening only on one computer?
    I have hosts files refers to 127.0.0.1 webapp .
    What could be the issue? I have other Service Apps are working without any issues.
    Could you please help me?
    Thank You
    Orrin

    Hi  ,
    No, due to the issue is happening only on one computer.
    The error "(401) Unauthorized" usually indicates that the connection has been established but the permission check fails.  InfoPath Form Services uses the application pool identity of the web
    application to connect to resources.
    Does the account  which login the computer have permission to connect to User Profile Service Application?
    For a workaround, you can go to IIS Manager , set the User Profile Application Pool to Anonymous Access and try again.
    Also you can have a look at the blog:
    http://sharepointconnoisseur.blogspot.in/2011/04/how-to-resolve-401-unauthorized-error.html
    Best Regards,
    Eric
    Eric Tao
    TechNet Community Support

Maybe you are looking for