Sharepoint 2010 on Windows 2012R2 and claims based authentication

Similar Messages

• How to pass credentials/saml token access sharepoint web service ex:lists.asmx when sharepoint has single sign on with claims based authentication

  How to pass credentials/saml token exchange to the sharepoint web service ex:lists.asmx when sharepoint has single sign on with claims based authentication 
  Identity provider here is Oracle identity provider 
  harika kakkireni

  Hi,
  The following materials for your reference:
  Consuming List.asmx on a claims based sharepoint site
  http://social.technet.microsoft.com/Forums/sharepoint/en-US/f965c1ee-4017-4066-ad0f-a4f56cd0e8da/consuming-listasmx-on-a-claims-based-sharepoint-site?forum=sharepointcustomizationprevious
  Sharepoint Claims based authentication and Single Sign on
  http://social.technet.microsoft.com/Forums/sharepoint/en-US/2dfc1fdc-abc0-4fad-a414-302f52c1178b/sharepoint-claims-based-authentication-and-single-sign-on?forum=sharepointadminprevious
  Sharepoint Claim Based Authentication Web Service issuehttp://social.msdn.microsoft.com/Forums/office/en-US/dd4cc581-863c-439f-938f-948809dd18db/sharepoint-claim-based-authentication-web-service-issue?forum=sharepointgeneralprevious
  Best Regards
  Dennis Guo
  TechNet Community Support

• Cannot create dataset from claims based authentication sharepoint site in report builder 3.0

  I have a sharepoint site, which is configured as claims based authentication (ref:
  http://ashrafhossain.wordpress.com/2011/05/25/how-to-configure-claim-based-authentication-for-sharepoint-project-server-2010/) . both AD and asp.net members can log in to the site successfully. My user need to use the report build to create report
  on this sharepoint site. As a result, the site is also integrated with reporting service. I try to create a report in the sharepoint site by clicking "New Document" -> "Report builder Report". The report builder will comes out and ask for credential to
  connect to the report server. I use asp.net member to login and it can let me to create a data source which connect to a the list of the sharepoint site with credential option "Use current Windows user. Kerberos delegation might be required". However, when
  I try to create a data set and click the query designer, error "Server was unable to process request. ---> Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))" appear as below:
  Besides, non of my AD account can be used to login to the report builder. Errors below found in the ULS log:
  09/26/2012 14:47:27.75 w3wp.exe (0x116C)
  0x11F4 SharePoint Foundation
  Claims Authentication fo1t
  Monitorable SPSecurityTokenService.Issue() failed: System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password could not be validated.
  (Fault Detail is equal to Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The security token username and password could not be validated.).
  09/26/2012 14:47:27.76 w3wp.exe (0x140C)
  0x0F38 SharePoint Foundation
  Claims Authentication fsq7
  High Request for security token failed with exception: System.ServiceModel.FaultException: The security token username and password could not be validated.     at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message
  response)     at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)     at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken
  rst)     at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo)
  524a2f96-f5ff-4c96-80d1-f08d3c7ef14f
  09/26/2012 14:47:27.76 w3wp.exe (0x140C)
  0x0F38 SharePoint Foundation
  Claims Authentication 8306
  Critical An exception occurred when trying to issue security token: The security token username and password could not be validated..
  524a2f96-f5ff-4c96-80d1-f08d3c7ef14f

  Hi Foxvito,
  Claims authentication types supported by SharePoint 2010 are Windows Claims, forms-based authentication Claims, and SAML Claims. In SAML-Claims mode, SharePoint Server accepts SAML tokens from a trusted external Security Token Provider (TST). From the
  blog you referenced, it seems to use the SAML Claims authentication.
  However, the Reporting Services client applications: Report Builder, the Report Designer in Business Intelligence Development Studio, and Management Studio do not support connecting and authenticating with LiveID or SAML Claims based SharePoint Web applications.
  That's because the SAML Claims don't use the Reporting Services authentication endpoint. So, you have to change the Claims authentication type to use Report Builder on the SharePoint site.
  References:
  Overview of Kerberos authentication for Microsoft SharePoint 2010 Products
  Claims Authentication and Reporting Services
  Regards,
  Mike Yin
  Mike Yin
  TechNet Community Support

• SharePoint 2013 Claim based authentication

  Hi,
  I'm trying to configure SharePoint 2013 web application to use Claim based authentication. I updated the SharePoint web application using the following cmdlet:
  Convert-SPWebApplication -Identity "http:// <servername>:port" -From Legacy -To Claims -RetainPermissions -Force
  I noticed that the authentication mode has been changed to Claims Based Authentication for the detault zone. But when I use fiddler to capture the traffic, there is no FedAuth cookie for the traffic to my SharePoint site.
  Questions:
  1. Does FedAuth cookie must exist when the SharePoint web application is configured to use Claims Based Authentication?
  2. The "Enable Windows Authentication" is checked and NTLM is selected for "Integrated Windows Authentication". Is this a correct setup for Claims based authentication?
  3. Is there any documents talking about how to configure Windows Claims-Based authentication?
  Thank you!

  Hi Wu Tao,
   Please find the below technet links and white paper (Claims-based
  Identity for Windows (white paper)) which will talk about windows claim based authentication.
  http://technet.microsoft.com/en-us/library/cc262350(v=office.15).aspx
  http://technet.microsoft.com/en-us/library/jj219571(v=office.15).aspx
  And the below link will talk about setup for claim based authentication.
  http://technet.microsoft.com/en-in/library/ee806885(v=office.15).aspx
  If you need more information, please let us know
  Sekar - Our life is short, so help others to grow
  Whenever you see a reply and if you think is helpful, click "Vote As Helpful"! And whenever
  you see a reply being an answer to the question of the thread, click "Mark As Answer

• Office Web Apps and Forms Based Authentication

  Is it possible to use Office Web Apps Server 2013 to give external SharePoint Foundation 2013 clients access to Office documents in a View only capacity?
  Does FBA work with Office Web Apps or would external users have to at least have a Windows CAL in AD if we are just using SharePoint Foundation?

  Hi,
  It may be possible.
  Here are some links for your situation:
  http://technet.microsoft.com/en-us/library/ff431682(v=office.15).aspx
  http://blogs.technet.com/b/office_web_apps_server_2013_support_blog/archive/2014/03/20/office-web-apps-2013-errors-previewing-viewing-editing-documents-when-using-fba-in-the-extended-zone-but-not-the-default-zone.aspx
  http://technet.microsoft.com/en-us/library/ee806890(v=office.15).aspx
  Office Web Apps can be used only by SharePoint 2013 web applications that use claims-based authentication.
  There is a known issue when using Office Web App in the extended zone with FBA, but not the default zone. Please configure FBA authentication in the Default zone in case of that.
  Hope it helps.
  Regards,
  Rebecca Tu
  TechNet Community Support

• SharePoint 2013 web service: Error while sending claim based authentication request (The corresponding SID in the domain is not part of the intended account type)

  We are using .asmx services for SharePoint features such as comments, and rating.
  Service
  Feature   used
  http://<<hostname>>/_vti_bin/socialdataservice.asmx
  Commenting, Rating
  http://<<hostname>>/_vti_bin/UserProfileService.asmx
  For out of box workflows
  In SharePoint 2013,
  SharePoint – 80  web application is on claims based mode and user is logging in with windows authentication. With logged-in client context used to call SharePoint's default web service, we are getting below error message from
  web service (Social data and user profile services).
  Server was unable to process request. ---> The corresponding SID in the domain is not part of the intended account type.
  When the service is accessed using console application with Visual Studio credentials (logged in user), we are able to access the service. Below is the code snippet
  using   (SocialDataService
  service = new  
  SocialDataService())
                    service.Credentials =
  CredentialCache.DefaultCredentials;
  SocialCommentDetail detail =   service.AddComment("<<url>>",
    "Test Comment",
  null,  
  null);
  Are SharePoint 2013 web services not supporting request coming with claim based authentication web application?
  Thanks, Pratik Agrawal (MAQ Software)

  While this applies to 2010, I believe the same is true with 2013:
  http://social.technet.microsoft.com/Forums/sharepoint/en-US/925e5f46-317f-46d3-bc55-c67f07eb2372/call-sharepoint-web-services-using-claimbased-authentication?forum=sharepointgeneralprevious
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Claims Based Authentication and Editing User Profiles

  Hi All,
  I have an interesting issue where I have a SharePoint Farm setup with both the intranet and mysites web applications setup using Claims Based Authentication. While everything seems to work fine, you are able to search for users, view properties and users
  can change their own profile properties. However when you configure a profile administration account (an account with the "manage user profiles" permission on the User Profile Service Application) and you attempt to use that account to edit
  another users profile you get hit with a generic error page. 
  Delving deeper you get the following errors:
  ULS:
  Date    Process    Thread Id    Area    Category    Event Id    Level    Correlation    Message
  5/7/2013 00:31:44:64    App Pool: MySites    0x1DC8    SharePoint Foundation    Logging Correlation Data    xmnv    Medium    4001199c-6bd8-c03d-920f-55177fbff00c  
   Name=Request (GET:http://mysite.DOMAIN.loc:80/_layouts/15/EditProfile.aspx?UserSettingsProvider=234bf0ed%2D70db%2D4158%2Da332%2D4dfd683b4148&ReturnUrl=http%3A%2F%2Fmysite%2EDOMAIN%2Eloc%2Fperson%2Easpx%3Faccountname%3DDOMAIN%255CAUSER&accountname=DOMAIN%5CAUSER)
  5/7/2013 00:31:44:66    App Pool: MySites    0x1DC8    SharePoint Foundation    Authentication Authorization    agb9s    Medium    4001199c-6bd8-c03d-920f-55177fbff00c  
   Non-OAuth request. IsAuthenticated=True, UserIdentityName=0#.w|DOMAIN\sp_config, ClaimsCount=24
  5/7/2013 00:31:44:66    App Pool: MySites    0x1DC8    SharePoint Foundation    Logging Correlation Data    xmnv    Medium    4001199c-6bd8-c03d-920f-55177fbff00c  
   Site=/
  5/7/2013 00:31:44:69    App Pool: MySites    0x1DC8    SharePoint Foundation    Files    00000    High    4001199c-6bd8-c03d-920f-55177fbff00c  
   UserAgent not available, file operations may not be optimized.
  at Microsoft.SharePoint.SPFileStreamManager.CreateCobaltStreamContainer(SPFileStreamStore spfs, ILockBytes ilb, Boolean copyOnFirstWrite, Boolean disposeIlb)  
  at Microsoft.SharePoint.SPFileStreamManager.SetInputLockBytes(SPFileInfo& fileInfo, SqlSession session, PrefetchResult prefetchResult)  
  at Microsoft.SharePoint.CoordinatedStreamBuffer.SPCoordinatedStreamBufferFactory.CreateFromDocumentRowset(Guid databaseId, SqlSession session, SPFileStreamManager spfstm, Object[] metadataRow, SPRowset contentRowset, SPDocumentBindRequest& dbreq, SPDocumentBindResults&
  dbres)  
  at Microsoft.SharePoint.SPSqlClient.GetDocumentContentRow(Int32 rowOrd, Object ospFileStmMgr, SPDocumentBindRequest& dbreq, SPDocumentBindResults& dbres)  
  at Microsoft.SharePoint.Library.SPRequestInternalClass.GetFileAndMetaInfo(String bstrUrl, Byte bPageView, Byte bPageMode, Byte bGetBuildDependencySet, String bstrCurrentFolderUrl, Int32 iRequestVersion, Byte bMainFileRequest, Boolean& pbCanCustomizePages,
  Boolean& pbCanPersonalizeWebParts, Boolean& pbCanAddDeleteWebParts, Boolean& pbGhostedDocument, Boolean& pbDefaultToPersonal, Boolean& pbIsWebWelcomePage, String& pbstrSiteRoot, Guid& pgSiteId, UInt32& pdwVersion, String&
  pbstrTimeLastModified, String& pbstrContent, UInt32& pdwPartCount, Object& pvarMetaData, Object& pvarMultipleMeetingDoclibRootFolders, String& pbstrRedirectUrl, Boolean& pbObjectIsList, Guid& pgListId, UInt32& pdwItemId, Int64&
  pllListFlags, Boolean& pbAccessDenied, Guid& pgDocid, Byte& piLevel, UInt64& ppermMask, Object& pvarBuildDependencySet, UInt32& pdwNumBuildDependencies, Object& pvarBuildDependencies, String& pbstrFolderUrl, String& pbstrContentTypeOrder,
  Guid& pgDocScopeId)  
  at Microsoft.SharePoint.Library.SPRequestInternalClass.GetFileAndMetaInfo(String bstrUrl, Byte bPageView, Byte bPageMode, Byte bGetBuildDependencySet, String bstrCurrentFolderUrl, Int32 iRequestVersion, Byte bMainFileRequest, Boolean& pbCanCustomizePages,
  Boolean& pbCanPersonalizeWebParts, Boolean& pbCanAddDeleteWebParts, Boolean& pbGhostedDocument, Boolean& pbDefaultToPersonal, Boolean& pbIsWebWelcomePage, String& pbstrSiteRoot, Guid& pgSiteId, UInt32& pdwVersion, String&
  pbstrTimeLastModified, String& pbstrContent, UInt32& pdwPartCount, Object& pvarMetaData, Object& pvarMultipleMeetingDoclibRootFolders, String& pbstrRedirectUrl, Boolean& pbObjectIsList, Guid& pgListId, UInt32& pdwItemId, Int64&
  pllListFlags, Boolean& pbAccessDenied, Guid& pgDocid, Byte& piLevel, UInt64& ppermMask, Object& pvarBuildDependencySet, UInt32& pdwNumBuildDependencies, Object& pvarBuildDependencies, String& pbstrFolderUrl, String& pbstrContentTypeOrder,
  Guid& pgDocScopeId)  
  at Microsoft.SharePoint.Library.SPRequest.GetFileAndMetaInfo(String bstrUrl, Byte bPageView, Byte bPageMode, Byte bGetBuildDependencySet, String bstrCurrentFolderUrl, Int32 iRequestVersion, Byte bMainFileRequest, Boolean& pbCanCustomizePages, Boolean&
  pbCanPersonalizeWebParts, Boolean& pbCanAddDeleteWebParts, Boolean& pbGhostedDocument, Boolean& pbDefaultToPersonal, Boolean& pbIsWebWelcomePage, String& pbstrSiteRoot, Guid& pgSiteId, UInt32& pdwVersion, String& pbstrTimeLastModified,
  String& pbstrContent, UInt32& pdwPartCount, Object& pvarMetaData, Object& pvarMultipleMeetingDoclibRootFolders, String& pbstrRedirectUrl, Boolean& pbObjectIsList, Guid& pgListId, UInt32& pdwItemId, Int64& pllListFlags, Boolean&
  pbAccessDenied, Guid& pgDocid, Byte& piLevel, UInt64& ppermMask, Object& pvarBuildDependencySet, UInt32& pdwNumBuildDependencies, Object& pvarBuildDependencies, String& pbstrFolderUrl, String& pbstrContentTypeOrder, Guid&
  pgDocScopeId)  
  at Microsoft.SharePoint.SPWeb.GetWebPartPageContent(Uri pageUrl, Int32 pageVersion, PageView requestedView, HttpContext context, Boolean forRender, Boolean includeHidden, Boolean mainFileRequest, Boolean fetchDependencyInformation, Boolean& ghostedPage,
  String& siteRoot, Guid& siteId, Int64& bytes, Guid& docId, UInt32& docVersion, String& timeLastModified, Byte& level, Object& buildDependencySetData, UInt32& dependencyCount, Object& buildDependencies, SPWebPartCollectionInitialState&
  initialState, Object& oMultipleMeetingDoclibRootFolders, String& redirectUrl, Boolean& ObjectIsList, Guid& listId)  
  at Microsoft.SharePoint.ApplicationRuntime.SPRequestModuleData.FetchWebPartPageInformationForInit(HttpContext context, SPWeb spweb, Boolean mainFileRequest, String path, Boolean impersonate, Boolean& isAppWeb, Boolean& fGhostedPage, Guid& docId,
  UInt32& docVersion, String& timeLastModified, SPFileLevel& spLevel, String& masterPageUrl, String& customMasterPageUrl, String& webUrl, String& siteUrl, Guid& siteId, Object& buildDependencySetData, SPWebPartCollectionInitialState&
  initialState, String& siteRoot, String& redirectUrl, Object& oMultipleMeetingDoclibRootFolders, Boolean& objectIsList, Guid& listId, Int64& bytes)  
  at Microsoft.SharePoint.ApplicationRuntime.SPRequestModuleData.GetWebPartPageData(HttpContext context, String path, Boolean throwIfFileNotFound)  
  at Microsoft.SharePoint.ApplicationRuntime.SPVirtualPathProvider.GetCacheKey(String virtualPath)  
  at System.Web.Compilation.BuildManager.GetVPathBuildResultFromCacheInternal(VirtualPath virtualPath, Boolean ensureIsUpToDate)  
  at System.Web.Compilation.BuildManager.GetVPathBuildResultInternal(VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile, Boolean throwIfNotFound, Boolean ensureIsUpToDate)  
  at System.Web.Compilation.BuildManager.GetVPathBuildResultWithNoAssert(HttpContext context, VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile, Boolean throwIfNotFound, Boolean ensureIsUpToDate)  
  at System.Web.Compilation.BuildManager.GetVPathBuildResult(HttpContext context, VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile, Boolean ensureIsUpToDate)  
  at System.Web.UI.MasterPage.CreateMaster(TemplateControl owner, HttpContext context, VirtualPath masterPageFile, IDictionary contentTemplateCollection)  
  at System.Web.UI.Page.ApplyMasterPage()  
  at System.Web.UI.Page.PerformPreInit()  
  at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)  
  at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)  
  at System.Web.UI.Page.ProcessRequest()  
  at System.Web.UI.Page.ProcessRequest(HttpContext context)  
  at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()  
  at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)  
  at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error)  
  at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb)  
  at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)  
  at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)  
  at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)  
  at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)  
  at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)  
  at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)  
  at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
  5/7/2013 00:31:44:69    App Pool: MySites    0x1DC8    SharePoint Foundation    Files    aiv4w    Medium    4001199c-6bd8-c03d-920f-55177fbff00c  
   Spent 0 ms to bind 33542 byte file stream
  5/7/2013 00:31:44:72    App Pool: MySites    0x1DC8    SharePoint Portal Server    User Profiles    ai7z6    High    4001199c-6bd8-c03d-920f-55177fbff00c  
   User was not successfully retrieved: i:0#.w|DOMAIN\AUSER in ProfileUI.OnInit. Seeing if this is a system account
  5/7/2013 00:31:44:72    App Pool: MySites    0x1DC8    SharePoint Portal Server    User Profiles    ai7z7    High    4001199c-6bd8-c03d-920f-55177fbff00c  
   User i:0#.w|DOMAIN\AUSER not found and not a system account.
  5/7/2013 00:31:44:72    App Pool: MySites    0x1DC8    SharePoint Portal Server    User Profiles    ahn7m    Unexpected    4001199c-6bd8-c03d-920f-55177fbff00c  
   ProfileUI: Unhandled exception inside OnInit: Microsoft.Office.Server.UserProfiles.UserNotFoundException: DOMAIN\AUSER  
  at Microsoft.SharePoint.Portal.WebControls.ProfileUI.OnInit(EventArgs e)
  5/7/2013 00:31:44:72    App Pool: MySites    0x1DC8    SharePoint Portal Server    User Profiles    ahn7h    Unexpected    4001199c-6bd8-c03d-920f-55177fbff00c  
   ProfileEditor: Unhandled exception inside OnInit: Microsoft.Office.Server.UserProfiles.UserNotFoundException: DOMAIN\AUSER  
  at Microsoft.SharePoint.Portal.WebControls.ProfileUI.OnInit(EventArgs e)  
  at Microsoft.SharePoint.Portal.WebControls.ProfileEditor.OnInit(EventArgs e)
  5/7/2013 00:31:44:72    App Pool: MySites    0x1DC8    SharePoint Foundation    General    8nca    Medium    4001199c-6bd8-c03d-920f-55177fbff00c  
   Application error when access /_layouts/15/EditProfile.aspx, Error=DOMAIN\AUSER
  at Microsoft.SharePoint.Portal.WebControls.ProfileUI.OnInit(EventArgs e)  
  at Microsoft.SharePoint.Portal.WebControls.ProfileEditor.OnInit(EventArgs e)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
  5/7/2013 00:31:44:72    App Pool: MySites    0x1DC8    SharePoint Foundation    Runtime    tkau    Unexpected    4001199c-6bd8-c03d-920f-55177fbff00c  
   Microsoft.Office.Server.UserProfiles.UserNotFoundException: DOMAIN\AUSER
  at Microsoft.SharePoint.Portal.WebControls.ProfileUI.OnInit(EventArgs e)  
  at Microsoft.SharePoint.Portal.WebControls.ProfileEditor.OnInit(EventArgs e)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
  5/7/2013 00:31:44:72    App Pool: MySites    0x1DC8    SharePoint Foundation    General    ajlz0    High    4001199c-6bd8-c03d-920f-55177fbff00c  
   Getting Error Message for Exception System.Web.HttpUnhandledException (0x80004005): Exception of type 'System.Web.HttpUnhandledException' was thrown. ---> Microsoft.Office.Server.UserProfiles.UserNotFoundException: DOMAIN\AUSER  
  at Microsoft.SharePoint.Portal.WebControls.ProfileUI.OnInit(EventArgs e)  
  at Microsoft.SharePoint.Portal.WebControls.ProfileEditor.OnInit(EventArgs e)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Control.InitRecursive(Control namingContainer)  
  at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)  
  at System.Web.UI.Page.HandleError(Exception e)  
  at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)  
  at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)  
  at System.Web.UI.Page.ProcessRequest()  
  at System.Web.UI.Page.ProcessRequest(HttpContext context)  
  at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()  
  at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
  5/7/2013 00:31:44:72    App Pool: MySites    0x1DC8    SharePoint Foundation    General    aat87    Monitorable    4001199c-6bd8-c03d-920f-55177fbff00c  
  5/7/2013 00:31:44:73    App Pool: MySites    0x1DC8    SharePoint Foundation    Monitoring    b4ly    Medium    4001199c-6bd8-c03d-920f-55177fbff00c  
   Leaving Monitored Scope (Request (GET:http://mysite.DOMAIN.loc:80/_layouts/15/EditProfile.aspx?UserSettingsProvider=234bf0ed%2D70db%2D4158%2Da332%2D4dfd683b4148&ReturnUrl=http%3A%2F%2Fmysite%2EDOMAIN%2Eloc%2Fperson%2Easpx%3Faccountname%3DDOMAIN%255CAUSER&accountname=DOMAIN%5CAUSER)).
  Execution Time=87.1739285300227
  It seems similar to an issue in the blog post here: http://kb4sp.wordpress.com/2012/12/05/user-cannot-be-found-shenanigans-one-way-active-directory-trusts-and-sharepoint-2013/ however I tried what was suggested and it didn't work.
  Any help with this is appriciated.

  This line offers clues about the actual problem:
  Microsoft.Office.Server.UserProfiles.UserNotFoundException: DOMAIN\AUSER 
  According to the MSDN link (http://msdn.microsoft.com/en-us/library/microsoft.office.server.userprofiles.usernotfoundexception.aspx)
  it is not able to find the user in the profile store. Additionally the link you mentioned (http://kb4sp.wordpress.com/2012/12/05/user-cannot-be-found-shenanigans-one-way-active-directory-trusts-and-sharepoint-2013)
  suggests that the account being used to validate accounts on the production domain may have a problem.
  If there a way you can test that account in isolation against the DC?
  With Regards Shailen Sukul Entrepreneur/Software Architect/Developer/Consultant/Trainer (BSc | Mct | Mcpd (.Net 2/3.5/SharePoint2010) | Mcts (Sharepoint 2010/MOSS/WSS), Biztalk, Web, Win, Dist Apps) | Mcitp(SharePoint) | Mcsd.NET | Mcsd | Mcad) MSN | Skype
  | GTalk Id: shailensukul Twitter: http://twitter.com/shailensukul Website: http://sukul.org Blog: http://shailen.sukul.org/ http://www.linkedin.com/in/shailensukul

• Install sharepoint 2010 on windows 8.1 enterprise

  I would like to install sharepoint server 2010 on windows 8.1 enterprise without Hyper-V as the organization policy does not allow us to user Hyper-V. At the end of the installation while sharepoint configuration wizard is running, it thre a "Configuration
  Failed" exception. Failed to create configuration database as shown below. Kindly help.

  The instructions for installing SharePoint 2010 on Windows 8 are pretty much the same as they were on Windows 7 x64.  You do still need to make sure you create the custom config file to do the install.  You can find a full set of  instructions
  to install on Windows 7 on my blog here:
  http://www.dontpapanic.com/blog/?p=96
  The one additional thing you need to do is make sure that when you install IIS you are using ASP.net 2.0 instead of ASP.Net 4.0.  Windows 8 will default to 4.0.  You can read more about that here:
  http://johnlivingstontech.blogspot.com/2011/09/installing-sharepoint-2010-on-windows-8.html
  I should however point out that although you can install SharePoint 2010 on Windows 8 its not really a supported platform and even on Windows 7 its only supported as a Dev environment.  Its never been supported for any kind of production usage.
  Paul Stork SharePoint Server MVP
  Principal Architect: Blue Chip Consulting Group
  Blog: http://dontpapanic.com/blog
  Twitter: Follow @pstork
  Please remember to mark your question as "answered" if this solves your problem.

• Adobe Acrobat X Pro cannot handle claim based authentication

  Hi,
  The system has licensed 'Adobe Acrobat X Pro' installed successfully. When SharePoint 2010 site collection has NTLM authentication, pdf document can be edited sucessfully using 'Adobe Acrobat X Pro'.
  Issue arises when the sharepoint 2010 site collection has claim based authentication.
  User logs in and navigate through links as-
     Workspace->Document Library.
     Selects PDF document->select "Edit Document" link.
  This action opens Adobe Acrobat X Pro, but do not open pdf and displays error "There was error opening this document. The filename, directory name, or volume label syntax is incorrect."
  In this case, request-response caught as-
  OPTIONS http://dev-ms-db-01.devrapdrp.mahadiscom.in/portal/workspace/WS%20Library/89000000 HTTP/1.1
  Accept: */*
  User-Agent: Mozilla/3.0 (compatible; Acrobat Annots 10.1.1 )
  Host: dev-ms-db-01.devrapdrp.mahadiscom.in
  Content-Length: 0
  Connection: Keep-Alive
  Pragma: no-cache
  Cookie: SPSESSION=IWyGCxHlHGZr0eWSuEDJvOt7+i2Io81ggZFn+tFAtcuOYqDUjzIINxLXo5V69CSSbTi+UsSjgB8fow/ Gr0UWuGEHRpliqgfRGPsjaPO4vdYVCKJ+HAtMjCgcVx6HuVHUeO4/hpsI7gb47X9s4OmsgXkd6MqTFlVQIIMHxDtuE 6WpZxnSEl47voXnX11FkcIWSk8BqEl4+PnC7Paktct3SEJdgY+lWsazcsMqD3HrEGe0w7Qn0VN2lWglt1N5ejSDNyR oKoPAZKsm7fDqxO+SDHBF+UDEN2VvOhOV/PL5OIwRLKU+niaYolAZyDrASixdMm012NwchcLbqELJPT6sxfYEyMbRB MF2o1W922SYSkfAEKSFZ5ikkRyTCcuMNuI6fMQ6t+Xti6pcX/Vula+qf9q+vqPVxkZ5ACPih6EgvnUqxiNXgzLQ7c/ gYjo0D8ZP79KixoROJPs5VRZhmVKCnMY+SSn/4TNf2vW5eMiJeHdeeciMWpHC7cZ+Z6Uh3w+Aj9n9FTux2N++WTjRx wbIBluqQL1ZuCd3XnXBxlG9C4Wi1dAynp3YSd1axyOciVQmwnPuZg9XgROeqCM0/z4nmKkAYuu1MRH0acgVOu3PL/q C06T+UOxvHUKtU7Qe14TFFioYY8e/Rrfnd2uOIujUZLM/kJEM+kSguvoWeK+ABZHyTvPCw5FRxAsDNCiA2rklzFtUx yoI6SqDDlGidY+TRQaRfLX0xvlTqr7PPuEMLKAoEGwkBPvOV24eUPcVC1+PgKMt2rsbt1tZYn7adS4dZ3aRaj0zp9Q 8Pea2lFTxvsANYklT05kHQt832VsFQ9PGuHPTX7A7z6QUW4P4GOE5dJ5USawOrjxZ/Mi621NZlLaLfTzPTJmxcJu3X cCG8VrkMco9JfbxnM0ZKgD9OI+qjnQpJXpkjNChtrgZ+tYzLPb4TpQgQphBTfKIyhcXwW9Y+Lze/3P0zmjpiTIWWN3 mbyE5W07KpCtwvvECJhCn1cMlPoaEV0ZxWJsPcYNVNqFcWeQiDJugkAe7VlWJsiznjJDioW+98SsFoZWz/4U0KCB0P Ja/4VAMdzRQmm0owEucWBHUUw1//9ufkgk7DqZ75sH28cjfsfiKiBZvLe61Q8yxs5iiXqHBkp6WRaPH93CslYI1sa4 izeScEye2decQObEfVDY7KAOFAQSW95hlqSHcSlm1hgYR+AsMmffnqHcH0ebyjsvYJoI3o7AMXjev7o9qGH9eEd+eU Tpn3lnqvDdbbTYdkjtE8HeOkhqiEIXUj5jX/owYjASbW0Q0l6M+QjRUu/eJaBVNYEG8l3xIbnPTGyEWM3hCCbIvoXA WlN972hL4x+SDGkr7pK+gq/D6+5+FL2qqB7Vr9aRnc1nPSV6nx8oEgX/fcZpPWSACwphq
  HTTP/1.1 302 Moved Temporarily
  Date: Tue, 16 Jul 2013 10:42:30 GMT
  Server: Apache/2.2.15 (Win32) mod_jk/1.2.30
  Set-Cookie: SMSESSION=yFelHh2awfWW7yLKZHpSnNHDstixrmkciGIIqfLtwSRrLEQeVdI4R9iO3Q9qynhWDFCk8OIW2HXl+Cl JOdVC5/mwavCdDtHZYn5tL1s6C3BjIGLJowaDVTXUeGZAt0JcyVHEQcsIVgiiFlmkPKPapEOprHPItaa/vZJal5eeK 7NN8s0RrJ+Me1PlBmRQdBSklMxilciwMaLMXAKRwHSstl3kw5n2Qo5VCRmjG34k3gsYWNHh/I5o6buRRszeGpdZLeU 9GLeOdk8r3qXiXwIOvBhkBZrfuPKMAa1IIhftEdeJgKh9XSuCxAHs8wTEGCDzBNSzqZ3Q6S1UhC8/aA8qw1o2lVMbn 3AaYb2LE2/PgW9pN6VctY4XW6O8Dpvri8iXMCHLR28F8KrzLgust3CPBu1D/APPyJpsc1ya/IxdO5FWmCmBvGviEnN m9sNjPZVMSg3rpUgH8C492Kg5k4TzbqRsCvnI7o8ulycpBLvQOoQ97xOO8esCj/jtQAC8Y2bKLCKPqJhSJO4ROCaK7 6cGMihhGDhqE5+IJsW4Wr7Om4l4mO1Ov28hwJiGZVW0NsF0BJDrqPcagMAolIQ8xgTX1wpxPQebt/voTr5+ZjPbUj5 5LRvavod8ePnrE9majS/Fzr1QkHpeZvMxE6UBJ3r32uiEqykcm91nKIZpgBNkwKP9HzbgMSh8KV+y4vxQeOUT2rQo8 8r3vql9d+XCU7jk0jv6J+ugBBxGVaRC99thR6kvolTo7QMn6vsUk6ZC57IpSy84CQHSxp0vtNYdnTRcL8IZUPXyh3L iBnmCmdpRbEpN2l8kR23Jn0Zb1i/BxbMFU5El8xkhxWiZPCRLHctIIoXhv6Mt4amlc84MbawQedaL3ynWQFPg3sgyn 8KbigvV6nKf+rOBeVVU/fwCpLRwHxZ8x5aKWXPTZuT1W3tCkA6OwWIi9fshksawMgzTnNYpP/vz+Yrp/akquH5qb25 ZXsUHaMzR6YC0Lnw7wAMjRoDELznOVg0fgL12mjRkplI2Fg1HjsbmGNtdsCuS5Nt/VAiur40GNPnRG+kYtTVvaTOLw ShaXSqbKc5y0Z2MiQ+sCxXmXueRTtnXYiMKd3dszcGkor3mW2QrJqkFblcTSnIUeYDHhCMK+dt/0xA1jsVVA9Zal4F ISyWTryDUK5BQHVGyAHOoZK7NsYosGabLtvVe777VO4Q3eBSWkEU5QWpe47eAe54o1nfsR+gl0lJjR7q9Ms5LNW9qU NZaBahic1+c4MqhqLY5l+yqrig3CaFm; Domain=.mahadiscom.in; Expires=Tue, 23-Jul-2013 10:42:30 GMT; Path=/
  Set-Cookie: SPSESSION=aecQ9bgin1o3zGDHNhZJB8l5o1MmEmOjAMaACmYoXuqvLFak53UjUmMYKSW5VJ6CyOr/ahKrDAhWXja D8f/eFAW6G5oZ/4t6D0TSiozDepGNHdCRJ72Z/mAenAOQI63rkXwnWuCzmOZXGW6ZPIvSjPw3+0GGWnNFkM4ZhBhxs ZBKM2x2v4xy7I2LUTW4vV8IQovBHXIUfGxD38TuqBBfRR1tQu8GsW/q7LFQSSim+arvHSaJwrcNk63pCX539ouCEBi Ng8LUj9NPUF5FwiZwA7hcGNiRWdMae71ccYkVqmWC0WkU06KZETrqotVFGS8azZSPd+/xx6OodV5wxTq43Y/8CwEAL NqCZv/Ye4OJYYmParYAhgdON/PZ4UEuI5+dG/pICSxYA6NJyuswMz7LiIEXaltAhhhK+margc26sMGOf8hpE7M5OpV sU/Fc7ylpg2bmvT0bKOGg1o8h2jJIBx0SRhs6CByjauPdu3rBA0HVTRQnammCiWnjkHgJvyONi7B78HDo2vmQvB9og 7U9xQkhywLwg+ZyCmtx91zV1paP7Sk2pBPnGRQK+/WLdk8zEOG5d9Thmg4X9INZVgt8qwwOTky8mp9wNi48eO670BF DdD4PCM+PpiYAjV8NernCXcREpSD75THtvZNLq5LEzgmwNk6bThLcXHNYt5zhZEo/v559nDrx97r1EceZImKfII0kI QA6RS0MajM1/UvoI+gBjXqnXbybskBhdnt13zeoth6OmIP9DSjahILqOban09bmLXgzspG5t/EmIOdawfy/JKuRNPA H4nExF8Tt2iBRu1mLvcqWOidFKG1Qm/fo0YEalDZe2+m5PF9vCe5nWnqEPyzCOfcSzU4HnTFjyatlnunbexREhDNz7 2/oVfxq9sii+fiJgMM04J83WSwIE2dDhNN1/PU8+TH+WIkkB1r/DkI7ynir9g+5o2pKPyWem+HxRUmWy4AWGlbp+xT gPP7A7ZcOFMcWbzItEIEUpgYOXILk5DIXe8o08910s6bmYlUDZNRPBp/ZsqhI4A1cCQcdKqnCmx8BGkjJ/3VRxFxvx CeBJ6sEJomnUD+mw6Lxy10Q1r0QHAvbv2j4NLOR+XAoxMU2ye9mzrhspyWWEa2S+LgxhV5V563sNFXB57f+WJzIblk ww1iENF2rEhJtTebC3EEy5MkFlXPsacq4OUKsgavAlhO0xDIdhrg233eTZYFvIZ3xOhmjrfiLdkS/XvB2gwq6QRniU QDIY/D0QPtnNJ+GGFM/Mqvciu5K7gi6SK85nWiY08hnBJfiUen7C+KZ0lAEH2zNUhPnIJav0BgA/yIZhNswd3fZXoS ioFFz45isPRMYkZqkNEkoy32wBH5qVSHRJPIGxiGXT1b0ccUiuJx4ptKt7xKDqvsGmnu5; Domain=.mahadiscom.in; Expires=Tue, 23-Jul-2013 10:42:30 GMT; Path=/
  Location: http://dev-ms-db-01.devrapdrp.mahadiscom.in/portal/workspace/_layouts/Authenticate.aspx?So urce=%2Fportal%2Fworkspace%2FWS%20Library%2F89000000
  SPRequestGuid: 4fb96723-8eaf-4249-9f63-13a3c4d61a25
  X-SharePointHealthScore: 5
  X-Powered-By: ASP.NET
  MicrosoftSharePointTeamServices: 14.0.0.6106
  Via: HTTP/1.1 dev-ms-db-01.devrapdrp.mahadiscom.in:80
  Content-Length: 259
  Keep-Alive: timeout=5, max=99
  Connection: Keep-Alive
  Content-Type: text/html;charset=utf-8
  <html><head><title>Object moved</title></head><body>
  <h2>Object moved to <a href="http://dev-ms-db-01.devrapdrp.mahadiscom.in/portal/workspace/_layouts/Authenticate.aspx?So urce=%2Fportal%2Fworkspace%2FWS%20Library%2F89000000">here</a>.</h2>
  </body></html>
  After getting this response, 'Adobe Acrobat X Pro' do not send any more request.
  Note, the same site collection(with claim based authentication), opens and allows to edit microsoft document successfully. There is request-response sequence.
  Giving one of them for example, because all will flood the page-
  OPTIONS http://dev-ms-db-01.devrapdrp.mahadiscom.in/portal/workspace/WS%20Library/89000000/ HTTP/1.1
  User-Agent: Microsoft Office Protocol Discovery
  Host: dev-ms-db-01.devrapdrp.mahadiscom.in
  Content-Length: 0
  Connection: Keep-Alive
  Pragma: no-cache
  Cookie: SMSESSION=yFelHh2awfWW7yLKZHpSnNHDstixrmkciGIIqfLtwSRrLEQeVdI4R9iO3Q9qynhWDFCk8OIW2HXl+Cl JOdVC5/mwavCdDtHZYn5tL1s6C3BjIGLJowaDVTXUeGZAt0JcyVHEQcsIVgiiFlmkPKPapEOprHPItaa/vZJal5eeK 7NN8s0RrJ+Me1PlBmRQdBSklMxilciwMaLMXAKRwHSstl3kw5n2Qo5VCRmjG34k3gsYWNHh/I5o6buRRszeGpdZLeU 9GLeOdk8r3qXiXwIOvBhkBZrfuPKMAa1IIhftEdeJgKh9XSuCxAHs8wTEGCDzBNSzqZ3Q6S1UhC8/aA8qw1o2lVMbn 3AaYb2LE2/PgW9pN6VctY4XW6O8Dpvri8iXMCHLR28F8KrzLgust3CPBu1D/APPyJpsc1ya/IxdO5FWmCmBvGviEnN m9sNjPZVMSg3rpUgH8C492Kg5k4TzbqRsCvnI7o8ulycpBLvQOoQ97xOO8esCj/jtQAC8Y2bKLCKPqJhSJO4ROCaK7 6cGMihhGDhqE5+IJsW4Wr7Om4l4mO1Ov28hwJiGZVW0NsF0BJDrqPcagMAolIQ8xgTX1wpxPQebt/voTr5+ZjPbUj5 5LRvavod8ePnrE9majS/Fzr1QkHpeZvMxE6UBJ3r32uiEqykcm91nKIZpgBNkwKP9HzbgMSh8KV+y4vxQeOUT2rQo8 8r3vql9d+XCU7jk0jv6J+ugBBxGVaRC99thR6kvolTo7QMn6vsUk6ZC57IpSy84CQHSxp0vtNYdnTRcL8IZUPXyh3L iBnmCmdpRbEpN2l8kR23Jn0Zb1i/BxbMFU5El8xkhxWiZPCRLHctIIoXhv6Mt4amlc84MbawQedaL3ynWQFPg3sgyn 8KbigvV6nKf+rOBeVVU/fwCpLRwHxZ8x5aKWXPTZuT1W3tCkA6OwWIi9fshksawMgzTnNYpP/vz+Yrp/akquH5qb25 ZXsUHaMzR6YC0Lnw7wAMjRoDELznOVg0fgL12mjRkplI2Fg1HjsbmGNtdsCuS5Nt/VAiur40GNPnRG+kYtTVvaTOLw ShaXSqbKc5y0Z2MiQ+sCxXmXueRTtnXYiMKd3dszcGkor3mW2QrJqkFblcTSnIUeYDHhCMK+dt/0xA1jsVVA9Zal4F ISyWTryDUK5BQHVGyAHOoZK7NsYosGabLtvVe777VO4Q3eBSWkEU5QWpe47eAe54o1nfsR+gl0lJjR7q9Ms5LNW9qU NZaBahic1+c4MqhqLY5l+yqrig3CaFm; SPSESSION=EHC4LQyCHd29iQYBYn4tZz32xTbluDRCKmE7MfoOvlo4X4bkU2z2+YB3GbbMs99E/nVU/QwCPFaNxTz 6dx9EAHyBo1xhs6fNhkrlFX+m/EZiufmafae/osbzcdx2fWbEsh78UnstGbRPRX5kSx8gCXRnc14vWagr+Y6nufb3w 50c+5u96DQJSR+WhoZOiVnmoeUHq7TIgd9N9dUl+9lBOyFfetYCHjvZNWHKANLMIl3lkbvO5xtMBpGLGZ/m12mitKx TQKJ++dbRcCUM9f8e52nz/soFLjhd3bL9KCln9IsaqBtBW1n/rBtxogQq8CLGl64RT3gW/yIAPPvCKQHKvT/PjsNOQ c4K4vSdN9zSxJFwrC6s1s046wxg707+iHQzChaVI8E/DcQPFn4FkdntwrO9CejVT1qSEkqRbr1XsxONaNWQu2SOyTQ 6vz3fO1j/Y+SH3R9+liZ/Q9HnQyh6DgMkswvbcJDqoVK61B6QGOJECihpMxjrtdHCEFDulMb5rnE70V3hBttLJRj8R 5T5ttHG5geAjync4BaWfIDLoi1hfJtUMPASnZKLzIl/SOwYHxFLIWL/P57T3NkrjiqTkoeqvP63Qf1pnWgh18gOFIF JuncxdnNI2Mg67UlJ+JPxQMPf6tuPWHD78SActM6r0pAnz7tbHmjb14D7ZmPjPN98yORlUxbL4vNzoXJYbYn0f3ZPw Rw6I1pF8cThGuMy7mb+0zwCPrsDCl23yS03l7GFavyk9bGRc4SDh5INslA1TI1rVS4k+9ECZpPKHiEtDDjQKWoO4Pi u/WrXgNWT3wl49qslDfBnHucyXFH6+FWfOBcP82DsbGLXt6+wsDIdOhTXFbweAIPXgsLL1bIjpBPzwR4KwIf0lOKxp O+Bah5ZQs7JtPIBjsnWO/KUfU4vQN3H6lBUBm8+lLEVNA8tBnyDhXhxvLmL3j7eeMCigRQsVtVOAwT9Lbyk+wie6Fa 2JzgNUXDJFL/n3uo/I1U6Z+UFz+oKaP/MPutCGUMFUq1K9zO9g60UD9YaB+OxIfO5vudJ0yrhaVAeSeyWn3bnVCKZi xHTpG1frsQqMm2NkmnMoe3r3KvyqvbdEBiLGVniyBUDRYqOn5vTTnvnRMuxpR+jRiSSg1REarO1IJLEUBX2XDAkuNY 5/ulMUVJXikVpRHE8T4NXVFssFtMYE6ff4Whc1ZrLiIt4QQy85QFszpI4jqVdb5Zrn66JdgY4w168+wHllLZh9iyoK CZKAWNRQzJSqfOmEqbMVMR+dAnBAwDRqydZ8AiE2lhlgqHB2dk3hETwickBvAldOqZdJu3jJ/w6CGL82Tx2W5eyHQU EkHU/gs7Lrpjxyc+fJSPK03LKZlS2Gpy5wHx2LFybBX1FndVbml0axdbX62uIjEOnDvD1; FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+MMe1LnR8c2hhcmVwb2lud HJlYWxtMWZvcmRldnNoYXJlcG9pbnRhZ2VudHw4OTAwMDAwMCwwx7UudHxzaGFyZXBvaW50cmVhbG0xZm9yZGV2c2h hcmVwb2ludGFnZW50fDg5MDAwMDAwLDEzMDE4NDQ5NzYwMjAyMDAwMCxGYWxzZSxlSGZscEVHNDJEK2F3SXRQVFNLa GNXMzR5VU1HZ2hIVVRNT2ppaDJxY2YzcVRtKzcwR3RxblNmQUlQSisxZkhZZXNzaUhsejRWU1owRkJJRExEWDdXZWt 0dXNYUjd5YUtiRzNxdEdzZEVWM0ZXWmp0Y20vdWpkdHhlTTcxd0luRllEQ25ld1oxa3k0MUJ4NVFOanFlSGpaMmdtZ GVWZEdLczdHTGxWV1J0NUVYMWJNT2pnMTBsaGQvV2VQc1dCNGFWUDBXWnlwdEpmUEZHTEV2QjVCdHZpd1ZjekFwQ0d HTGY5bkk5S2IxS285aHhxMXNuUkxKbi9GNi9HdG50M3FMaEl1YnR5ZGwyNHBiaXBVQ2RuZjNldWExeVFxQWdqV25zN mFONFV5VHMrQVpGUlRmcDBUVHNzL0R1d2dGa1IwSlpCZGd5UVpTNlBRTTZhK3J5ejlpZmc9PSxodHRwOi8vZGV2LW1 zLWRiLTAxLmRldnJhcGRycC5tYWhhZGlzY29tLmluLzwvU1A+
  HTTP/1.1 200 OK
  Date: Tue, 16 Jul 2013 10:49:17 GMT
  Server: Apache/2.2.15 (Win32) mod_jk/1.2.30
  Set-Cookie: SPSESSION=v9NiXhTOuExWMzaHXx+oFJTtC8w0vd23LS5AQL+js7Z+xCp9rbe1nlErG4kE+MQ1JzYoeF7PQ/h7Jjm l+8Z/qBIeTuO2muL+g/fQAYSAxx7kPlVVkRZ/gwq+2EtkYtQ/5egbPmSvyY/Uba5QndnYpjok3r4qJRY7p48tN4rr+ vcoolRC1bSVZaU7WrjOxnX7YbAeNNWRUIpI9Ut9L4G0tmv5NlGtg6SxnTZ1q+lbAG+/ZEnAxJorBFkq+tZZP9cRLB5 4u67swngb67etK8EVNbFrTXW/8n/XlotfF6dUgiVfD+tAfdsNJO7jsQ4bsAh4dP0frS/XDlPyv7QE1ZbYKC5gw5UOi m4Zw3Fitc0DrrQCEOpDZiWvK/gqxzAHm2PJPMNoM0jYxiuSAU8P6Y76vFsHWTY4Kkdhin9VTdEAxDMweMaEyS1ISbZ CHHxLHsAWyhUm24CFL1fZDcRW0x1DcoMu3y8yAN4tvXz4hn5GC46qI/q83+f3uNn6mdDYoEcEwbrVHP6K2YlErWfox gCz3Us7msXb2eK93fBQDRhUvhm9F300mr7523tWvVioeiNPGX7dl8CQxU67TGkkV9s45F3ShZKTlH0DsWSLJPhtd/D xENhCJR6yG4VkT1nThp6SpT2CuHmnlzYodKsRAtaDx5kCwlo9TKsIezs1FQqxtxZkvKxqaULgRx5ZSK/fJz6PiQwNd lRKUFw9uG5J9EWTRuz0AoWn0WF+32VWIeglhyDaMi/GWaD1pVZffnT68KRQWINVm/r3WPvk+23mPOYUX07Vy5bGO21 sZzCxLjmrhibt1wgF/syg9swcplf46JV61Q6ASMi/tXxRGcaCg75+8PrE7sjYjnxXsutmJJqtvnx6pdgpb4akmWnZF DRvptVxs0d/kMbf2YA7sJRpbNcIIR6tpIgm2FzKtk80Bj5aDM/e+FVfH0mpoqEk9/IwC2SdCoUfg6OFVV9JBowhCkj 17o1saz73pQoAzG5o51m33R1959jrQIwOwsI4t2R27F6jY9RCRzKvbEBPxhwl4hzpZ/LY5cQr1CvOlCPilXGlgKFGx rQl56OVQfsUFwBLEufTrHN5XR4SITUU1PW0IOgjxwems5jNlmsddWIsu08nmVuuagFQUaKwxk0p8jd9S4QBHFbknLv WhSgPfcd7yahHw0oqJ5cAFyjMa/LY1QD8MN8INDIEuY5jvzM5l5Jxn0Tr5i4aqHit89i3n6VeealPDEzS1CSSg0U3y P5K0DTAKMQLyUzFMB9ND63pAeNJaY3+PfmIYZsiQgEprNv+dagHVL3j8iU5kskxsIiRqJxVLt4G6WagnKcbCQt4gmz Enb5LSst1Zhx+MvYfCTwr8wYhrgnBCMNQEuC0i8FH5rM2GrpFDOL1336GX1tgyR5nTSXi; Domain=.mahadiscom.in; Expires=Tue, 23-Jul-2013 10:49:17 GMT; Path=/
  Cache-Control: private,max-age=0
  Allow: GET, POST, OPTIONS, HEAD, MKCOL, PUT, PROPFIND, PROPPATCH, DELETE, MOVE, COPY, GETLIB, LOCK, UNLOCK
  Expires: Mon, 01 Jul 2013 10:49:15 GMT
  Accept-Ranges: none
  SPRequestGuid: 2f248360-fd85-4fb3-a185-b01dadac3f7a
  X-SharePointHealthScore: 4
  MS-Author-Via: MS-FP/4.0,DAV
  X-MSDAVEXT: 1
  DocumentManagementServer: Properties Schema;Source Control;Version History;
  X-MSFSSHTTP: 1.0
  DAV: 1,2
  Public-Extension: http://schemas.microsoft.com/repl-2
  X-Powered-By: ASP.NET
  MicrosoftSharePointTeamServices: 14.0.0.6106
  Via: HTTP/1.1 dev-ms-db-01.devrapdrp.mahadiscom.in:80
  Content-Length: 0
  Keep-Alive: timeout=5, max=96
  Connection: Keep-Alive
  Content-Type: text/plain
  When site is with NTLM authentication, adobe acrobat x pro opens and allow to edit successfully. But when it there is Claim Based authentication, it cannot. It seems Adobe Acrobat X Pro does not have capability to send appropriate headers to handle claim based authentication. Also it is not able handle the sequence of request-response for claim based authentication. When searched on web, there is one product of Acrobat called LiveCycle, which has capability to handle SAML. Does that mean Adobe Acrobat X Pro does not have the capability to handle Claim based authentication so it is depend on LiveCycle for it?
  thanks
  Sharmila

  Hi MkkLam
  The below mentioned link might resolve this issue, kinldy try it:
  LInk:  http://helpx.adobe.com/creative-suite/kb/acrobat-failed-launch-30-days.html
  Other related thread:
  http://forums.adobe.com/thread/1021632
  Thanks!
  Atul Saini

• MOBI SSO with trusted authentication and form based authentication

  Dear All,
  I am trying to configure Trusted authentication based SSO FOR MOBI, here are the details:
  - SAP BI 4.1 SP04
  - Trusted authentication with HTTP header configurred for BI Launchpad and working fine.
  Now to have SSO from Mobile, I plan to leverage the existing configuration of BI Launchpad and at Mobile level, I want to use authentication type as TRUSTED_AUTH_FORM, instead of TRUSTED_AUTH_BASIC, with the approach: Trusted authentication with HTTP header.
  And
  Provide our app users their X502 certs.
  1. Will the above approach work ??
  2. As per SAP NOTE: 2038165 - SSO using form based trusted auth gives with the SAP BI app for iOS gives error MOB00920 this does not work and is still under investigation from July last year ? So for any community member, has this been found working ??
  I would appreciate your valuable inputs.
  Regards,
  Sarvjot Singh

  Hi,
  According to your post, my understanding is that you want to know the difference of the SharePoint three type user authentications.
  Windows claims-based authentication uses your existing Windows authentication provider (Active Directory Domain Services [AD DS]) to validate the credentials of connecting clients. Use this authentication to allow AD DS-based accounts access to SharePoint
  resources. Authentication methods include NTLM, Kerberos, and Basic.
  Forms-based authentication can be used against credentials that are stored in an authentication provider that is available through the ASP.NET interface
  SAML token-based authentication in SharePoint 2013 requires coordination with administrators of a claims-based environment, whether it is your own internal environment or a partner environment.
  There is a good article contains all the SharePoint Authentications, including how they work and how to configure.
  http://sp77.blogspot.com/2014/02/authentication-in-sharepoint-2013_5.html#.VFcyQ_mUfkJ
  Thanks & Regards,
  Jason
  Jason Guo
  TechNet Community Support

• Where I can get visio file of SAML claims-based authentication process

  Hello
  I saw SAML claims-based authentication process flow diagram  on
  http://msdn.microsoft.com/en-us/library/office/hh394901(v=office.14).aspx . Please let me know where I will get the visio of this file.  
  Regards
  Avian

  What makes you think that such a file is available (to the public)?
  Use the graphic, or make your own.
  Scott Brickey
  MCTS, MCPD, MCITP
  www.sbrickey.com
  Strategic Data Systems - for all your SharePoint needs

• SharePoint 2010 - Claims Based Authentication - Access Denied for AD Group members

  We're in the process of migrating our SharePoint 2003 system to 2010 and have used Metavis to migrate the data. We had to do the data migration in a lab environment and then move/attach the content database to our production server. The database attached successfully
  and I, as a site collection administrator, can see all sites and the data therein. We are using claims-based auth with ADFS 2.0 as the provider.
  My users, however, get access denied trying to go anywhere on the site. I have added the Active Directory groups to the appropriate SharePoint groups and have confirmed the groups are appearing with the c:0-.t|adfs|group_name syntax. If I add them as individual
  users (i:05.t|adfs|[email protected]) they can authenticate fine, but not by AD group membership.
  I enabled ADFS tracing and I see that the claim being provided includes the SIDs for all the groups the user belongs to. Using ULS Viewer I can see that SharePoint sees the correct number of claims (it doesn't show what those claims are, just the number) but
  it doesn't seem to be connecting the SIDs passed to the group name used in the permissions list. I have also updated the portalsuperreader and portalsuperuser accounts after the database was moved, just in case there was something weird there.
  The ADFS and SharePoint servers are all in the same AD domain, so they should be able to resolve SIDs ok. I suspect the issue is somehow related to the migration of the content database from a separate
  environment (different domain), but I can't figure out for the life of me how to get the group authentication to work.
  Thoughts?

  Brilliant idea. Unfortunately that didn't work - I can get to the new site as the site collection owner, but members of groups to which I assigned permissions still get Access Denied. :-(

• Can not get access files from Windows 7 to Claims-based file authorization share

  We have AD level 2012R2, DCs running 2012R2 of course, and we have clustered File Server (3 FSNodes running 2012R2).
  We enabled 2 policies 
  KDC Support for claim
  Kerberos support for claim
  We created 1 claim type in ADAC (For example "Division" Source Property). Filled this property to all IT AD Accounts by our value "IT"
  On FS made a share folder ITDivision:
  - set permissions  Domain Users can Modify if User.Division equals "IT"
  so on Windows 8 IT Users can access files on this share and on Windows 7 they cant
  =\ . We know from many presentations about Dynamic Access Control that File Server must enroll user claims if client do not support this claims (Service-for-User-To-Self)

  Hi,
  >>so on Windows 8 IT Users can access files on this share and on Windows 7 they cant
  =\ . We know from many presentations about Dynamic Access Control that File Server must enroll user claims if client do not support this claims (Service-for-User-To-Self)
  How is it going? Was there any error message? As far as I know, Dynamic Access Control (DAC) should work for downlevel clients. It’s backwards compatible. As Florain explains in the following blog:
  For non-Windows 8 and non-Windows Server 2012 boxes accessing DAC-protected file shares, the users do not carry any claims. For them, the Server 2012-based file share will query Active Directory and proxy the claims request to figure out what claims
  the user and machine bring. The file server checks in the name of the user, whether they should have claims. With that information, the file server evaluates the access to the file share. So yeah – DAC works for downlevel clients, too. It’s backwards compatible.
  And totally transparent to Windows 7.
  Questions regarding Dynamic Access Control (FAQ)
  http://www.frickelsoft.net/blog/?p=293
  In addition, regarding dynamic access control, the following blog can also be referred to for more information.
  Dynamic Access Control in Windows Server 2012
  http://www.infoq.com/news/2012/10/Dynamic-Access-Control
  Please Note: Since the above two website are not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
  Best regards,
  Frank Shen

• Claims Based Authentication SPSecurityTokenService.Issue() failed: The security token username and password could not be validated.

  Please excuse the lousy table...Its late :-)
  I have a multi-server SP2010 farm.  Patched up to
  Configuration database version: 14.0.6106.5002
  My goal is to have a claims based web application that authenticated to ADAM for Extranet.  I have configured the servers exactly to MSDN and technet specs (following this spec to the
  letter (
  http://technet.microsoft.com/en-us/library/ee806882.aspx) to allow the forms side of the web app to authenticate to ADAM.
  IT WORKS IN DEV!!! , which is a single server farm.  However, it does not work in production.  I get the following:
  Claims Auth log entries:
  1:06:25 AM
  w3wp.exe (0x0EDC)                      
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  f2ut
  Verbose
  Authenticated with login provider. Validating request security token.
  1:06:25 AM
  w3wp.exe (0x0EDC)                      
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  0
  Verbose
  Using membership provider 'ADAMProvider'.
  1:06:25 AM
  w3wp.exe (0x0EDC)                      
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  0
  Verbose
  Doing password check on '[email protected]'.
  1:06:46 AM
  w3wp.exe (0x0EDC)                      
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  0
  Verbose
  Failed password check on '[email protected]'.
  1:06:46 AM
  w3wp.exe (0x0EDC)               
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  0
  Unexpected
  Password check on '[email protected]' generated exception: 'System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security
  token username and password could not be validated. (Fault Detail is equal to Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The security token username and password could not be validated.).'.
  1:06:46 AM
  w3wp.exe (0x0EDC)                      
  0x1790
  SharePoint Foundation        
  Claims Authentication        
  fo1t
  Monitorable
  SPSecurityTokenService.Issue() failed: System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password
  could not be validated. (Fault Detail is equal to Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The security token username and password could not be validated.).
  1:06:46 AM
  w3wp.exe (0x1B34)                      
  0x08A0
  SharePoint Foundation        
  Claims Authentication        
  fsq7
  High   
  Request for security token failed with exception: System.ServiceModel.FaultException: The security token username and password could not be validated.    
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response)    
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)  
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst)    
  at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo)
  1:06:46 AM
  w3wp.exe (0x1B34)                      
  0x08A0
  SharePoint Foundation        
  Claims Authentication        
  8306
  Critical
  An exception occurred when trying to issue security token: The security token username and password could not be validated..
  1:06:46 AM
  w3wp.exe (0x1B34)                      
  0x08A0
  SharePoint Foundation        
  Claims Authentication        
  f2un
  Verbose
  Form authentication failed.
  I have tried EVERYTHING (well, nt everything, I don’t have the fix I suppose). 
   I found plenty out there and nothing directly correlates with this issue. 
  I searched on all parts of the errors I got.
  This contains an interesting blurb about setting up access for the apppool id correctly. 
  That’s not the case for me.  It works in dev and the same id are used there. 
  http://sharepoint-2010-world.blogspot.com/2011/03/adam-forms-based-authentication-in.html
  This was good but it doesn’t give specs on what the environment looks like:
  http://social.msdn.microsoft.com/Forums/en/sharepoint2010general/thread/557143a6-4b36-4939-bb7f-d62a9335fd18
  The was interesting…but I am patched up beyond the June 2011 CU so it’s a moot point:
  http://social.technet.microsoft.com/Forums/en-US/sharepoint2010setup/thread/9b8368ef-c5e5-4ead-b348-7b2b5587cfc8
  Any and all help would be greatly appreciated!

  Hi.
  You say its a multiserver farm, do you have more than one web server then?
  If thats the case, have you tried accessing the site on each server directly?
  Found this for you, maybe that can help?
  Troubleshooting Exceptions: System.ServiceModel.FaultException`1
  http://msdn.microsoft.com/en-us/library/bb907220.aspx
  and this:
  SharePoint 2010 Claims Authentication - The security token username and password could not be validated reoccurring every morning
  http://social.technet.microsoft.com/Forums/pl-PL/sharepoint2010setup/thread/383f1f9b-5c4a-4e19-b770-2a54b7ab1ca1
  and
  This seems to be a good guide:
  http://donalconlon.wordpress.com/2010/02/23/configuring-forms-base-authentication-for-sharepoint-2010-using-iis7/
  Good luck
  Thomas Balkeståhl - Technical Specialist - SharePoint - http://blksthl.wordpress.com

• Using a PDF as a Document Template in SharePoint 2010: "New Document" icon and action

  Hi,
  I have to create a document template in SharePoint 2010 using a PDF. After much searching I have learned to install Reader on the SharePoint server to bring in AcroPDF.dll
  and set the OpenControl for PDFs in DOCICON.xml to be "AdobeAcrobat.OpenDocuments".
  After taking these steps I can check PDFs in and out of SharePoint, and edit PDFs as I would edit an MS Office document.
  However two problems remain with creating new documents based upon a PDF document template.
  1) The PDF icon does not appear in the New Document dropdown. This makes sense since I never referenced a 32x32 icon in the SharePoint config files. Where would I place the icon image file and which configuration file would I edit to use that image file, and how?
  The last three document templates are PDFs.
  The second problem I face is that when I click one of the document templates above that is a PDF, nothing happens. I have tried this with Acrobat installed on both the client and the server. It would be preferable to insert a copy of the PDF document used as a template without having to use Acrobat at all.
  Is there any resolution to either of these problems?

  According to what i found the image needs to be 16x16.
  See if this works.
  Edit the DOCICON.XML file to include the PDF icon
  In Windows Explorer, navigate to C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\TEMPLATE\XML
  Edit the DOCICON.XML file (I open it in NotePad, you can also use the built-in XML Editor)
  Ignore the section <ByProgID> and scroll down to the <ByExtension> section of the file
  Within the <ByExtension> section, insert a <Mapping Key=”pdf” Value=”pdficon_small.gif” /> attribute. The easiest way is to copy an existing one – I usually just copy the line that starts <Mapping Key=”png”… and replace the parameters for Key and Value (see image below for example).
  Note: Do not take shortcuts and copy/paste from here. 99% of problems with PDF icons not being displayed are due to errors made in the DOCICON.XML file
  Save and close the file
  Source:
  http://www.sharepointsharon.com/2010/03/sharepoint-2010-and-adobe-pdf/