SharePoint On Premises – AZURE RMS issue
SharePoint On Premises – AZURE RMS issue. Our SharePoint plat form is on premises and wanted to take AZURE RMS ISSUE to make workable in On premises SharePoint site.
Based on the below blogs I have configured all the specified in those. I am getting below at the final stage. Please help me with the same.
https://technet.microsoft.com/en-us/library/dn375964.aspx
http://blog.hametbenoit.info/Lists/Posts/Post.aspx?ID=639
I am trying with my corporate AD account and logging into SharePoint site, getting below popup. in this screen, I am getting blank word whate ever I click with it is change user option or yes option or no option
Thanks, Ram Ch
Hi Ram,
The RMS connector communicates with Azure RMS by invoking REST service, so it doesn't need to be exposed to internet, but it must be able to reach internet. Based on the screenshot
information, it sounds that you haven't verified your domain in Office 365. For example, your AD users have UPN with suffix @consotos.com, the domain name contoso.com should be added into Domains of your Office 365 tenant, and verify it. This is to keep the
consistency of your users' on-premises credential and online credential, otherwise, your users will by synced to Office 365 with the default domain "tenantname.onmicrosoft.com", such as the current situation. In fact it has been already mentioned
in the article included in your first post. See the information below:
(from
https://technet.microsoft.com/library/hh967642.aspx)
Caution
You must add and verify your company’s domains in order to use them in Azure Active Directory and Office 365. For more information, see
Add your custom domain to the Azure AD tenant and
Verify a domain.
Meanwhile, to experience Azure RMS, I highly recommend you to implement single sign-on, otherwise, your users will be prompt for credentials before they can get access to the protected content.
Thanks,
Reken Liu
TechNet Community Support
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
[email protected]
Similar Messages
-
Mapping Azure RMS logs to SharePoint documents
Hello,
I have a SharePoint online environment with Azure RMS activated. I can get some logs from RMS, however it is not clear to me how the log entries are related the the sharepoint documents.
Can anyone help me out how I can link a document to a RMS log entry? (c#, powershell, ...)
ThanksHi Ram,
The RMS connector communicates with Azure RMS by invoking REST service, so it doesn't need to be exposed to internet, but it must be able to reach internet. Based on the screenshot
information, it sounds that you haven't verified your domain in Office 365. For example, your AD users have UPN with suffix @consotos.com, the domain name contoso.com should be added into Domains of your Office 365 tenant, and verify it. This is to keep the
consistency of your users' on-premises credential and online credential, otherwise, your users will by synced to Office 365 with the default domain "tenantname.onmicrosoft.com", such as the current situation. In fact it has been already mentioned
in the article included in your first post. See the information below:
(from
https://technet.microsoft.com/library/hh967642.aspx)
Caution
You must add and verify your company’s domains in order to use them in Azure Active Directory and Office 365. For more information, see
Add your custom domain to the Azure AD tenant and
Verify a domain.
Meanwhile, to experience Azure RMS, I highly recommend you to implement single sign-on, otherwise, your users will be prompt for credentials before they can get access to the protected content.
Thanks,
Reken Liu
TechNet Community Support
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
[email protected] -
Error occurred in deployment step 'Install app for SharePoint, ULS log as below:
0x0BA8 SharePoint Foundation App Deployment acjjg Medium The current user has System.Threading.Thread.CurrentPrincipal.Identity.Name
= 0#.w|perf\abraham.lincoln, System.Security.Principal.WindowsIdentity.GetCurrent().Name = NT AUTHORITY\IUSR, System.Web.HttpContext.Current.User.Identity.Name = 0#.w|perf\abraham.lincoln. dcf1d59c-94c5-5071-47bf-07cd3f2ead95
12/14/2014 23:54:27.39 w3wp.exe (0x2170) 0x0BA8 SharePoint Foundation
App Deployment ag8d6 Medium SPApp: CreateAppUsingPackageMetadata: isCabStream is false. Treating the stream as a ZIP. dcf1d59c-94c5-5071-47bf-07cd3f2ead95
12/14/2014 23:54:27.39 w3wp.exe (0x2170) 0x0BA8 SharePoint Foundation
App Deployment ahkn9 High Deleting App with fingerprint TJQrYuD5N+kEe38LZtl6wSs3Ak3yYvWcmwuNLTqtpdFzb4qSMopN3SWCRdWvntrKoM7qIS2S2llpA5omi8iHqQ==
on site 264dc389-d394-4985-a43c-ad91a383c0df dcf1d59c-94c5-5071-47bf-07cd3f2ead95
12/14/2014 23:54:27.39 w3wp.exe (0x2170) 0x0BA8 SharePoint Foundation
App Deployment ahkob High The App with fingerprint TJQrYuD5N+kEe38LZtl6wSs3Ak3yYvWcmwuNLTqtpdFzb4qSMopN3SWCRdWvntrKoM7qIS2S2llpA5omi8iHqQ==
on site 264dc389-d394-4985-a43c-ad91a383c0df was to be deleted, but it did not exist dcf1d59c-94c5-5071-47bf-07cd3f2ead95
12/14/2014 23:54:27.41 w3wp.exe (0x2170) 0x0BA8 SharePoint Foundation
App Deployment abnqa Medium App Packaging: CreatePackage: There are 10 parts in the package. There are 1 package-part relationships
in the package. dcf1d59c-94c5-5071-47bf-07cd3f2ead95
12/14/2014 23:54:27.41 w3wp.exe (0x2170) 0x0BA8 SharePoint Foundation
App Deployment afyz6 Medium SPAppResources: ParseResources: No default resource file was found. dcf1d59c-94c5-5071-47bf-07cd3f2ead95
12/14/2014 23:54:27.41 w3wp.exe (0x2170) 0x0BA8 SharePoint Foundation
App Deployment afyzx Medium SPAppResources: ParseResources: no resource file relationships were found. dcf1d59c-94c5-5071-47bf-07cd3f2ead95
12/14/2014 23:54:27.41 w3wp.exe (0x2170) 0x0BA8 SharePoint Foundation
App Deployment aebgs Medium SPPackageUtility: ExtractPart: Creating directory 'C:\Users\abraham.lincoln.PERF\AppData\Local\Temp\71345ca6-3565-43d8-9017-2d3336965d8f\extract' dcf1d59c-94c5-5071-47bf-07cd3f2ead95
12/14/2014 23:54:27.41 w3wp.exe (0x2170) 0x0BA8 SharePoint Foundation
App Deployment aebgt Medium SPPackageUtility: ExtractPart: Creating file 'C:\Users\abraham.lincoln.PERF\AppData\Local\Temp\71345ca6-3565-43d8-9017-2d3336965d8f\extract\AppManifest.xml' dcf1d59c-94c5-5071-47bf-07cd3f2ead95
12/14/2014 23:54:27.41 w3wp.exe (0x2170) 0x0BA8 SharePoint Foundation
App Deployment ajddw Medium SPPackageUtility: ExtractPart: Part stream length is '1072'. dcf1d59c-94c5-5071-47bf-07cd3f2ead95
12/14/2014 23:54:27.41 w3wp.exe (0x2170) 0x0BA8 SharePoint Foundation
App Deployment ajddz Medium SPPackageUtility: ExtractPart: Length is '1072', not locking before copying the stream. dcf1d59c-94c5-5071-47bf-07cd3f2ead95
12/14/2014 23:54:27.41 w3wp.exe (0x2170) 0x0BA8 SharePoint Foundation
App Deployment aebgt Medium SPPackageUtility: ExtractPart: Creating file 'C:\Users\abraham.lincoln.PERF\AppData\Local\Temp\71345ca6-3565-43d8-9017-2d3336965d8f\extract\AppIcon.png' dcf1d59c-94c5-5071-47bf-07cd3f2ead95
12/14/2014 23:54:27.41 w3wp.exe (0x2170) 0x0BA8 SharePoint Foundation
App Deployment ajddw Medium SPPackageUtility: ExtractPart: Part stream length is '3540'. dcf1d59c-94c5-5071-47bf-07cd3f2ead95
12/14/2014 23:54:27.41 w3wp.exe (0x2170) 0x0BA8 SharePoint Foundation
App Deployment ajddz Medium SPPackageUtility: ExtractPart: Length is '3540', not locking before copying the stream. dcf1d59c-94c5-5071-47bf-07cd3f2ead95
12/14/2014 23:54:27.41 w3wp.exe (0x2170) 0x0BA8 SharePoint Foundation
App Deployment aidi7 Medium SPIconAppPartValidator: IsSupportedFormat: image raw format is 'b96b3caf-0728-11d3-9d7b-0000f81ef32e'. dcf1d59c-94c5-5071-47bf-07cd3f2ead95
12/14/2014 23:54:27.42 w3wp.exe (0x2170) 0x0BA8 SharePoint Foundation
App Deployment afyz6 Medium SPAppResources: ParseResources: No default resource file was found. dcf1d59c-94c5-5071-47bf-07cd3f2ead95
12/14/2014 23:54:27.42 w3wp.exe (0x2170) 0x0BA8 SharePoint Foundation
App Deployment afyzx Medium SPAppResources: ParseResources: no resource file relationships were found. dcf1d59c-94c5-5071-47bf-07cd3f2ead95
12/14/2014 23:54:27.42 w3wp.exe (0x2170) 0x0BA8 SharePoint Foundation
App Deployment aebgt Medium SPPackageUtility: ExtractPart: Creating file 'C:\Users\abraham.lincoln.PERF\AppData\Local\Temp\71345ca6-3565-43d8-9017-2d3336965d8f\extract\featurecc1deab7-efdf-4cc2-80ae-60e073577d64.xml' dcf1d59c-94c5-5071-47bf-07cd3f2ead95
12/14/2014 23:54:27.42 w3wp.exe (0x2170) 0x0BA8 SharePoint Foundation
App Deployment ajddw Medium SPPackageUtility: ExtractPart: Part stream length is '321'. dcf1d59c-94c5-5071-47bf-07cd3f2ead95
12/14/2014 23:54:27.42 w3wp.exe (0x2170) 0x0BA8 SharePoint Foundation
App Deployment ajddz Medium SPPackageUtility: ExtractPart: Length is '321', not locking before copying the stream. dcf1d59c-94c5-5071-47bf-07cd3f2ead95
12/14/2014 23:54:27.42 w3wp.exe (0x2170) 0x0BA8 SharePoint Foundation
App Deployment aebgt Medium SPPackageUtility: ExtractPart: Creating file 'C:\Users\abraham.lincoln.PERF\AppData\Local\Temp\71345ca6-3565-43d8-9017-2d3336965d8f\extract\elements4d87f314-4b0a-4b89-8a7e-9cb73c99f25f.xml' dcf1d59c-94c5-5071-47bf-07cd3f2ead95
12/14/2014 23:54:27.42 w3wp.exe (0x2170) 0x0BA8 SharePoint Foundation
App Deployment ajddw Medium SPPackageUtility: ExtractPart: Part stream length is '849'. dcf1d59c-94c5-5071-47bf-07cd3f2ead95
12/14/2014 23:54:27.42 w3wp.exe (0x2170) 0x0BA8 SharePoint Foundation
App Deployment ajddz Medium SPPackageUtility: ExtractPart: Length is '849', not locking before copying the stream. dcf1d59c-94c5-5071-47bf-07cd3f2ead95
12/14/2014 23:54:27.42 w3wp.exe (0x2170) 0x0BA8 SharePoint Foundation
App Deployment aerhy Medium App Packaging - List of App Parts (count ='2'): Name='SPIconAppPart',Name='SPFeatureAppPart', dcf1d59c-94c5-5071-47bf-07cd3f2ead95
12/14/2014 23:54:27.42 w3wp.exe (0x2170) 0x0BA8 SharePoint Foundation
App Deployment aerhz Medium App Packaging - List of Deployment Groups (count ='3'): Name='SPIconDeploymentGroup',Name='SPTargetWebDeploymentGroup',Name='SPQuickLaunchDeploymentGroup', dcf1d59c-94c5-5071-47bf-07cd3f2ead95
12/14/2014 23:54:27.42 w3wp.exe (0x2170) 0x0BA8 SharePoint Foundation
App Deployment mq71 Medium Creating App with fingerprint TJQrYuD5N+kEe38LZtl6wSs3Ak3yYvWcmwuNLTqtpdFzb4qSMopN3SWCRdWvntrKoM7qIS2S2llpA5omi8iHqQ==
to site 264dc389-d394-4985-a43c-ad91a383c0df. dcf1d59c-94c5-5071-47bf-07cd3f2ead95
12/14/2014 23:54:27.44 w3wp.exe (0x2170) 0x0BA8 SharePoint Foundation
App Deployment afpd2 Medium Committing package with fingerprint TJQrYuD5N+kEe38LZtl6wSs3Ak3yYvWcmwuNLTqtpdFzb4qSMopN3SWCRdWvntrKoM7qIS2S2llpA5omi8iHqQ==
and data length 8010 to site 264dc389-d394-4985-a43c-ad91a383c0df. dcf1d59c-94c5-5071-47bf-07cd3f2ead95
12/14/2014 23:54:27.46 w3wp.exe (0x2170) 0x0BA8 SharePoint Foundation
App Deployment ajk9e Medium Writing 8010 bytes to database for app with fingerprint TJQrYuD5N+kEe38LZtl6wSs3Ak3yYvWcmwuNLTqtpdFzb4qSMopN3SWCRdWvntrKoM7qIS2S2llpA5omi8iHqQ== dcf1d59c-94c5-5071-47bf-07cd3f2ead95
12/14/2014 23:54:27.50 w3wp.exe (0x2170)Hi Jerry,
I agree with Nikhil, I think you have posted partial ULS log, we could not find effective errors for the issue.
For Provider Hosted app in SharePoint server on-premise,
the TokenHelper class will try to access your Azure Security Principle by default.
Did you have a valid Azure account?
If not, the issue may be caused that you don't have a valid account, to resolve this issue, you can use
a valid Azure account or not going to use Azure Platform for hosting the app as the article
below.
http://pratapreddypilaka.blogspot.jp/2012/12/sharepoint-2013-avoiding-azure-on-dev.html
Thanks,
Jason
Jason Guo
TechNet Community Support -
Hi,
Im struggling with finding clear information on licensing surrounding Azure RMS, in particular protecting files on on-premise file servers.
To begin with we only want to use Azure RMS to protect content stored within on-premise Windows 2012 servers using FCI and the Azure RMS Connector.
In terms of licensing the users do we need to
A) License each user that will be consuming protected content on premise?
or
B) License the users that will be applying the protection to content.
i.e. does a user need a RMS license to consume on premise protected documents.
A previous engagement with Microsoft Partner PreSales Advisory stated that we do not need to license users that are purely consuming content and only need to license uses putting the protection and policys in place but we wanted to confirm this.
We are aware that with Applications such as Exchange Online and SharePoint Online all users need an RMS license but we need the clarification on on-premise file servers.
Can anyone help?
Many ThanksHi Carol,
Thank you for the further explanation this certainly does help clear things up.
Thinking about this scenario more and more it does seem like it could be quite cumbersome to license with a high potential to not license correctly certainly in a large environment.
Depending on how you have you NTFS permissions setup it strikes me that you would need to license any user that has the potential to save / create a file in a location as by default they would be the owner of that new file.
Would it be a sensible suggestion to have a license in place for all members of the security group that has the ability to create files in the location you are protecting? Further on from that if a we did this and a member of that security group didn't have
a license would we breach licensing regulations or would they simply not have the relevant functionality available to them? Taking this even further if the protection gets put in place by a policy / FCI rule surely they wouldn't need any different level
of functionality as FCI will be assisting in putting the protection in place not the user creating the files.
Sorry to bombard you with my questions / ramblings!
Thanks -
Hi,
Im struggling with finding clear information on licensing surrounding Azure RMS, in particular protecting files on on-premise file servers.
To begin with we only want to use Azure RMS to protect content stored within on-premise Windows 2012 servers using FCI and the Azure RMS Connector.
In terms of licensing the users do we need to
A) License each user that will be consuming protected content on premise?
or
B) License the users that will be applying the protection to content.
i.e. does a user need a RMS license to consume on premise protected documents.
A previous engagement with Microsoft Partner PreSales Advisory stated that we do not need to license users that are purely consuming content and only need to license uses putting the protection and policys in place but we wanted to confirm this.
We are aware that with Applications such as Exchange Online and SharePoint Online all users need an RMS license but we need the clarification on on-premise file servers.
Can anyone help?
Many ThanksPlease see the following blog post. I believe it covers your questions.
Rights Management Licensing Terms (for Orgs and ISVs)
Consuming protected content is free. Licenses needed to protect content. Other details in the link.
Steve L [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights. -
Hybrid Search not working from SharePoint 2013 Online to SharePoint On-premise
Hi,
I have setup a SharePoint 2013 Hybrid environment setup with the following –
Windows Server 2012 R2
SharePoint Server 2013 with April 2014 CU
SQL Server 2014
ADFS 3.0 using SSO with Web proxy and DirSync
SharePoint 2013 Online tenant on Office 365 Enterprise Subscription
I have configured the Hybrid following the article
http://technet.microsoft.com/en-us/library/jj838715(v=office.15).aspx and configured Hybrid Search. The hybrid environment was working fine including Search both ways initially
but after upgrade to April CU 2014 (along with upgrade to SQL 2014 from SQL 2012), now search from SharePoint online to SharePoint in-Premise is not working anymore.
I am still able login with the federated IDs in both the environments and get results from SharePoint Online in SharePoint in-Premise environment.
I have already tried most of the troubleshooting steps mentioned at
http://technet.microsoft.com/en-us/library/dn518363(v=office.15).aspx
Now every time, we perform a search in our SharePoint Online site, which is configured to show hybrid results from SharePoint in-premise, we don’t get results from in-premise and instead we see the following error logged in SharePoint
In-premise Web Server –
Error - An exception occurred when trying to issue security token: Exception of type 'System.ArgumentException' was thrown. Parameter name: value.
And ULS log shows the following – Even though the message seems apparent that there could be duplicate users in user profile Application, but that’s not the case. There are just 2 unique users added there.
06/04/2014 12:58:41.59 w3wp.exe (0x1C88) 0x2494 SharePoint Portal Server
User Profiles ae0sx
Unexpected Error trying to search in the UPA. The exception message is 'System.ArgumentException: Exception of type 'System.ArgumentException' was thrown. Parameter name: value at Microsoft.SharePoint.Administration.Claims.SPIdentityProviders.GetIdentityProviderType(String
value) at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.SearchUsingNameIdOrThrow(UserProfileManager upManager, String nameId, String nameIdIssuer) at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.GetSingleUserProfileFromClaimsList(UserProfileManager
upManager, IEnumerable`1 identityClaims)' 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1C88) 0x2494 SharePoint Foundation
Monitoring b4ly Verbose
Leaving Monitored Scope (Executing the user mapping operation in GetMappedIdentityClaim()). Execution Time=1.4449 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1C88) 0x2494 SharePoint Portal Server
User Profiles ae0su High The set of claims
could not be mapped to a single user identity. Exception Exception of type 'System.ArgumentException' was thrown. Parameter name: value has occured. 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1C88) 0x2494 SharePoint Foundation
Monitoring b4ly Verbose
Leaving Monitored Scope (Inside SPIdentityClaimMapperOperations.GetClaimFromExternalMapper(); calling the registered SPIdentityClaimMapper). Execution Time=1.5596
4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1C88) 0x2494 SharePoint Foundation
Claims Authentication ae0tc
High The registered mappered failed to resolve to one identity claim. Exception: System.InvalidOperationException: Exception of type 'System.ArgumentException' was thrown. Parameter name: value ---> System.ArgumentException:
Exception of type 'System.ArgumentException' was thrown. Parameter name: value at Microsoft.SharePoint.Administration.Claims.SPIdentityProviders.GetIdentityProviderType(String value) at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.SearchUsingNameIdOrThrow(UserProfileManager
upManager, String nameId, String nameIdIssuer) at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.GetSingleUserProfileFromClaimsList(UserProfileManager upManager, IEnumerable`1 identityClaims)
--- End of inner exception stack trace --- at Microsoft... 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59* w3wp.exe (0x1C88)
0x2494 SharePoint Foundation Claims Authentication
ae0tc High ....Office.Server.Security.UserProfileIdentityClaimMapper.GetSingleUserProfileFromClaimsList(UserProfileManager
upManager, IEnumerable`1 identityClaims) at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.<>c__DisplayClass2.<GetMappedIdentityClaim>b__0() at Microsoft.SharePoint.SPSecurity.<>c__DisplayClass5.<RunWithElevatedPrivileges>b__3()
at Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated secureCode) at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(WaitCallback secureCode, Object param) at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(CodeToRunElevated
secureCode) at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.GetMappedIdentityClaim(Uri context, IEnumerable`1 identityClaims) ...
4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1C88) 0x2494 SharePoint Foundation
Claims Authentication af3zp
Unexpected STS Call Claims Saml: Problem getting output claims identity. Exception: 'System.InvalidOperationException: Exception of type 'System.ArgumentException' was thrown. Parameter name: value ---> System.ArgumentException:
Exception of type 'System.ArgumentException' was thrown. Parameter name: value at Microsoft.SharePoint.Administration.Claims.SPIdentityProviders.GetIdentityProviderType(String value) at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.SearchUsingNameIdOrThrow(UserProfileManager
upManager, String nameId, String nameIdIssuer) at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.GetSingleUserProfileFromClaimsList(UserProfileManager upManager, IEnumerable`1 identityClaims) ---
End of inner exception stack trace --- at Microsoft.O... 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1C88) 0x2494 SharePoint
Foundation Claims Authentication fo1t
Monitorable STS Call: Failed to issue new security token. Exception: System.InvalidOperationException: Exception of type 'System.ArgumentException' was thrown. Parameter name: value ---> System.ArgumentException:
Exception of type 'System.ArgumentException' was thrown. Parameter name: value at Microsoft.SharePoint.Administration.Claims.SPIdentityProviders.GetIdentityProviderType(String value) at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.SearchUsingNameIdOrThrow(UserProfileManager
upManager, String nameId, String nameIdIssuer) at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.GetSingleUserProfileFromClaimsList(UserProfileManager upManager, IEnumerable`1 identityClaims)
--- End of inner exception stack trace --- at Microsoft.Office.Server.Secu... 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59* w3wp.exe (0x1C88)
0x2494 SharePoint Foundation Claims Authentication
fo1t Monitorable ...rity.UserProfileIdentityClaimMapper.GetSingleUserProfileFromClaimsList(UserProfileManager upManager, IEnumerable`1
identityClaims) at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.<>c__DisplayClass2.<GetMappedIdentityClaim>b__0() at Microsoft.SharePoint.SPSecurity.<>c__DisplayClass5.<RunWithElevatedPrivileges>b__3()
at Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated secureCode) at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(WaitCallback secureCode, Object param) at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(CodeToRunElevated
secureCode) at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.GetMappedIdentityClaim(Uri context, IEnumerable`1 identityClaims) at Microsoft.ShareP... 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59* w3wp.exe (0x1C88)
0x2494 SharePoint Foundation Claims Authentication
fo1t Monitorable ...oint.IdentityModel.SPIdentityClaimMapperOperations.GetClaimFromExternalMapper(Uri contextUri, List`1 claims)
at Microsoft.SharePoint.IdentityModel.SPIdentityClaimMapperOperations.ResolveUserIdentityClaim(Uri contextUri, ClaimCollection inputClaims) at Microsoft.SharePoint.IdentityModel.SPIdentityClaimMapperOperations.GetIdentityClaim(Uri contextUri,
ClaimCollection inputClaims, SPCallingIdentityType callerType) at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.GetLogonIdentityClaim(SPRequestInfo requestInfo, IClaimsIdentity inputIdentity, IClaimsIdentity outputIdentity,
SPCallingIdentityType callerType) at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.EnsureSharePointClaims(SPRequestInfo requestInfo, IClaimsIdentity outputIdentity, SPCallingIdentityTy... 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59* w3wp.exe (0x1C88)
0x2494 SharePoint Foundation Claims Authentication
fo1t Monitorable ...pe callerType) at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.AugmentOutputIdentityForRequest(SPRequestInfo
requestInfo, IClaimsIdentity outputIdentity) at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.GetOutputClaimsIdentity(IClaimsPrincipal principal, RequestSecurityToken request, Scope scope) at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.Issue(IClaimsPrincipal
principal, RequestSecurityToken request) at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.Issue(IClaimsPrincipal principal, RequestSecurityToken request)
4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1C88) 0x2494 SharePoint Foundation
Monitoring b4ly Verbose
Leaving Monitored Scope (SPSecurityTokenService.Issue). Execution Time=6.3185 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1C88) 0x2494 SharePoint Foundation
Monitoring nass Verbose
____CPU Cycles=12774004 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1C88) 0x2494 SharePoint Foundation
Monitoring nass Verbose
____Execution Time=6.3185 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1C88) 0x2494 SharePoint Foundation
Monitoring nasq Verbose
Entering monitored scope (CleanUpSecurityTokenServiceOperation). Parent ExecuteSecurityTokenServiceOperationServer 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1C88) 0x2494 SharePoint Foundation
Monitoring b4ly Verbose
Leaving Monitored Scope (CleanUpSecurityTokenServiceOperation). Execution Time=0.0282 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1C88) 0x2494 SharePoint Foundation
Monitoring nass Verbose
____CPU Cycles=14832078 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1C88) 0x2494 SharePoint Foundation
Monitoring nass Verbose
____Execution Time=0.0282 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1C88) 0x2494 SharePoint Foundation
Monitoring b4ly Medium
Leaving Monitored Scope (ExecuteSecurityTokenServiceOperationServer). Execution Time=7.2841 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1C88) 0x2494 SharePoint Foundation
Monitoring nass Verbose
____WebPart Events Offsets=0 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1C88) 0x2494 SharePoint Foundation
Monitoring nass Verbose
____User Address= 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1C88) 0x2494 SharePoint Foundation
Monitoring nass Verbose
____=00000000-0000-0000-0000-000000000000 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1C88) 0x2494 SharePoint Foundation
Monitoring nass Verbose
____Log Correlation Id=4c8b979c-f112-d050-9764-c445282f9184 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1C88) 0x2494 SharePoint Foundation
Monitoring nass Verbose
____Service Calls=0 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1C88) 0x2494 SharePoint Foundation
Monitoring nass Verbose
____Claims Counter=0 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1C88) 0x2494 SharePoint Foundation
Monitoring nass Verbose
____Critical Events=0 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1C88) 0x2494 SharePoint Foundation
Monitoring nass Verbose
____ULS Large Gap= 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1C88) 0x2494 SharePoint Foundation
Monitoring nass Verbose
____Execution Time=7.2841 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1C88) 0x2494 SharePoint Foundation
Monitoring nass Verbose
____CPU Cycles=0 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1C88) 0x2494 SharePoint Foundation
Monitoring nass Verbose
____Current SharePoint Operations=0 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1C88) 0x2494 SharePoint Foundation
Monitoring nass Verbose
____SPRequest Objects=2 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1C88) 0x2494 SharePoint Foundation
Monitoring nass Verbose
____Distributed Cache=0 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1C88) 0x2494 SharePoint Foundation
Monitoring nass Verbose
____SQL Query Count=0 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1C88) 0x2494 SharePoint Foundation
Monitoring nass Verbose
____Current User= 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1C88) 0x2494 SharePoint Foundation
Monitoring nass Verbose
____Request Management= 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1C88) 0x2494 SharePoint Foundation
Monitoring nass Verbose
____Page Checkout Level=Published 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1C88) 0x2494 SharePoint Foundation
Logging Correlation Data 77a3 Verbose
Ending correlation. Transfer to 4c8b979c-f112-d050-9764-c834ee4cf36d 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1C88) 0x2494 SharePoint Foundation
Unified Logging Service cn4g Verbose
Trace level override is turned off. 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1C88) 0x2494 SharePoint Foundation
Logging Correlation Data 77a3 Verbose
Ending correlation. 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1EEC) 0x26BC SharePoint Foundation
Monitoring nasq Verbose
Entering monitored scope (CleanUpSecurityTokenServiceOperation). Parent ExecuteSecurityTokenServiceOperationCaller:http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1EEC) 0x26BC SharePoint Foundation
Monitoring b4ly Verbose
Leaving Monitored Scope (CleanUpSecurityTokenServiceOperation). Execution Time=0.0257 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1EEC) 0x26BC SharePoint Foundation
Monitoring nass Verbose
____Execution Time=0.0257 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1EEC) 0x26BC SharePoint Foundation
Monitoring nass Verbose
____CPU Cycles=2377140 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1EEC) 0x26BC SharePoint Foundation
Monitoring b4ly Verbose
Leaving Monitored Scope (ExecuteSecurityTokenServiceOperationCaller:http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue). Execution Time=13.2855 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1EEC) 0x26BC SharePoint Foundation
Monitoring nass Verbose
____Execution Time=13.2855 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1EEC) 0x26BC SharePoint Foundation
Monitoring nass Verbose
____CPU Cycles=0 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1EEC) 0x26BC SharePoint Foundation
Claims Authentication fsq7
High SPSecurityContext: Request for security token failed with exception: System.ServiceModel.FaultException`1[System.ServiceModel.ExceptionDetail]: Exception of type 'System.ArgumentException' was thrown. Parameter name:
value (Fault Detail is equal to An ExceptionDetail, likely created by IncludeExceptionDetailInFaults=true, whose value is: System.InvalidOperationException: Exception of type 'System.ArgumentException' was thrown. Parameter name: value ----> System.ArgumentException:
Exception of type 'System.ArgumentException' was thrown. Parameter name: value at Microsoft.SharePoint.Administration.Claims.SPIdentityProviders.GetIdentityProviderType(String value) at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.SearchUsingNameIdOrThrow(UserProfileManager
upManager, ... 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59* w3wp.exe (0x1EEC)
0x26BC SharePoint Foundation Claims Authentication
fsq7 High ...String nameId, String nameIdIssuer) at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.GetSingleUserProfileFromClaimsList(UserProfileManager
upManager, IEnumerable`1 identityClaims) --- End of inner ExceptionDetail stack trace --- at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.GetSingleUserProfileFromClaimsList(UserProfileManager upManager,
IEnumerable`1 identityClaims) at Microsoft.Office.Server.Security.UserProfileI...). 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1EEC) 0x26BC SharePoint Foundation
Claims Authentication 8306
Critical An exception occurred when trying to issue security token: Exception of type 'System.ArgumentException' was thrown. Parameter name: value. 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1EEC) 0x26BC SharePoint Foundation
Monitoring b4ly Verbose
Leaving Monitored Scope ([S2S] Getting token from STS and setting Thread Identity). Execution Time=16.83 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1EEC) 0x26BC SharePoint Foundation
Monitoring nass Verbose
____Execution Time=16.83 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1EEC) 0x26BC SharePoint Foundation
Monitoring nass Verbose
____CPU Cycles=7084490 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1EEC) 0x26BC SharePoint Foundation
Monitoring b4ly Medium
Leaving Monitored Scope (Application Authentication Pipeline). Execution Time=20.6415 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1EEC) 0x26BC SharePoint Foundation
Monitoring nass Verbose
____Execution Time=20.6415 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1EEC) 0x26BC SharePoint Foundation
Monitoring nass Verbose
____CPU Cycles=14789795 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1EEC) 0x26BC SharePoint Foundation
Application Authentication ajezs High SPApplicationAuthenticationModule:
Error authenticating request, Error details { Header: {0}, Body: {1} }. Available parameters: 3001000;reason="There has been an error authenticating the request.";category="invalid_client" {"error_description":"Exception
of type 'System.ArgumentException' was thrown.\u000d\u000aParameter name: value"} . 4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59 w3wp.exe (0x1EEC) 0x26BC SharePoint Foundation
General
8nca Medium Application error when access /_vti_bin/sites.asmx, Error=Exception of type 'System.ArgumentException' was thrown.
Parameter name: value at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response) at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse&
rstr) at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken
onBehalfOf, SecurityToken actAs, SecurityToken delegateTo, SPRequestSecurityTokenProperties properties) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForApplicationAuthentication(Uri context, SecurityToken onBe...
4c8b979c-f112-d050-9764-c834ee4cf36d
06/04/2014 12:58:41.59* w3wp.exe (0x1EEC)
0x26BC SharePoint Foundation General
8nca Medium ...halfOf)
at Microsoft.SharePoint.IdentityModel.SPApplicationAuthenticationModule.<>c__DisplayClass4.<GetLocallyIssuedToken>b__3() at Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated secureCode)
at Microsoft.SharePoint.IdentityModel.SPApplicationAuthenticationModule.ConstructIClaimsPrincipalAndSetThreadIdentity(HttpApplication httpApplication, HttpContext httpContext, SPFederationAuthenticationModule fam) at Microsoft.SharePoint.IdentityModel.SPApplicationAuthenticationModule.AuthenticateRequest(Object
sender, EventArgs e) at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
4c8b979c-f112-d050-9764-c834ee4cf36d
Any ideas?
Anupam ShrivastavaI am experiencing the same issue. Don't have the answer yet about what's wrong exactly. And my SSO works fine too.
I know precisely what makes the SharePoint throw the ArgumentException, but I can't yet figure out how to influence this behavior. I will respond back if I find out, but I hope the following will create an "aha moment" for someone.
So the SP Online issues an OAuth request to the on-prem SharePoint. If verbose logging is on for the Claims category, you may see how it reads these claims. One of them is this:
Claim['nii':'urn:federation:microsoftonline']
Using this claim and the nameid claim the profile mapping logic then reports the following immediately before the error (Set User Profiles to verbose to see this):
Creating encoded sid for nameid '100300008b29cb02' and nameidissuer 'urn:federation:microsoftonline'
Inspecting this logic with Reflector, I can see that it then attempts to infer the identity provider type from the nameidissuer, and throws the exception, because "federation" is not what it expects. It expects either "windows", "trusted" or "forms" for
the provider type.
So the user's actions to lead to this error were as follows:
1. I connect to the Office 365 portal, and get redirected to my ADFS server (same domain for the ADFS server, on-prem SharePoint, and the user accounts).
2. I log on, and from the SP Online portal I issue my search query using a result source configured as per the Hybrid TechNet guidance.
So thanks in advance for any suggestions, on what it could be. -
Error while Authenticating sharepoint site with Azure AD users using Azure Access Control Namespace
I have a Sharepoint site running on Azure virtual Machine. Now i want to authenticate my sharepoint site with Azure AD users.
For this i have followed below link, but getting error after login.
Using Microsoft Azure Active Directory for SharePoint 2013 authentication
I have implemented as given on reference link, but still facing error. When i access my url from browser, it will ask me through which you want to logon.
Then on selection of ACS Provider, it will redirect me to office365 login. After i submit my credentials, it will redirect me to
https://testvm.cloudapp.net/_trust/
and got error. So i checked in sharepoint log and found below error.
Cannot find site lookup info for request Uri urn:sharepoint:spvms.
SPAudienceValidator: Audience uri 'urn:sharepoint:spvms is not valid for the context.
Getting Error Message for Exception Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The Audience URI could not be validated.
SPSaml11SecurityTokenHandler: Audience validation failed for request 'https://testvm.cloudapp.net/_trust/' with
the following audience URIs: 'urn:sharepoint:spvms', .
Application error when access /_trust/, Error=The Audience URI could not be validated.
at Microsoft.SharePoint.IdentityModel.SPSaml11SecurityTokenHandler.ValidateConditions(SamlConditions conditions, Boolean enforceAudienceRestriction)
at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token)
at Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.ValidateToken(SecurityToken token)
at Microsoft.IdentityModel.Web.TokenReceiver.AuthenticateToken(SecurityToken token, Boolean ensureBearerToken, String endpointUri)
at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequest request)
at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)
at Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs eventArgs)
at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)I want 100,000 external users to have access to my SharePoint online Site collection.
I was thinking of going the Azure AD route, where external users will have there ID's created in Azure AD cloud.
Trying to figure how I can integrate Azure AD cloud with my SharePoint Online Site collection.
Currently my site collection is tied to On-premise AD.
Is there a way to integrate the SharePoint online to use both Azure AD and On-premise AD?
Thanks
Nate
Any Answer here? -
Form and Workflow in SharePoint Online vs SharePoint On-Premise
Hi Expert,
I have the question about Form and Workflow in SharePoint Online vs ShrePoint On-Premise
Current Problem : Customer is implemented Form and Workflow in SharePoint Online but they have a problem some features that didn’t work in SharePoint Online. I will have a meeting to discuss Do and Don’t Form and Workflow in SharePoint Online compare SharePoint
On-Premise.
Please suggestion.
Thank youHi MasterBird,
For SharePoint 2013 On-premise, we can :
Comlete control of our environment and data
Supports heavy customization
Keep sensitive information in-house
Easier integration into line of business systems
Full development options for developers
For SharePoint Online workflow:
Workflow 2010 & 2013 are available with Standard and Enterprise Editions without having to install
If using Windows Azure workflow functionality is the same as 2013
Cannot create custom Visual Studio workflows
For InfoPath Form Services you will need Office 365 Enterprise Could Edition or SharePoint Online Plan 2
More information, please refer to the video:
http://www.youtube.com/watch?v=eNtCH3qOk2g
Best Regards,
Wendy
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Wendy Li
TechNet Community Support -
Azure RMS Group user with Ad-hoc policy
Hi,
In Azure RMS, the group users are unable to open the encrypted documants if the file is encrypted using ad-hoc policy(my policy)
But, the same group users were able to open the encrypted document incase if the file is encrypted using templates(company policy)
so, it would be great if you assist us in resolving this issue.
Vivek, thanks for your reply. As mentioned I'm trying to integrate ASA remote access VPN in with Microsoft Active Directory via IAS. How can I configure RADIUS Attribute 25 on IAS to recv a value from AD and fwd it on to the ASA?
What I'd really like confirmed first is whether group-lock functionality is available from AD through RADIUS?
thanks, Graeme -
RMS sdk 2.1 - cannot get AZURE rms server.
We have 2 RMS servers, 1 is on premise and the second is RMS azure server with SSO(single sign on).
calling IpcGetTemplateIssuerList returns only the on-premise RMS server. how do i retrieve the azure RMS server?Hi,
I'm also new to AD RMS and trying to get started with the interop example. I too am getting the EXACT SAME ERROR - The system cannot find the file specified. HRESULT: 0x80070002 - when I try to run the code below:
I try to run this statement: Collection<TemplateInfo> ipcTemplates = IPC.GetTemplates();
internal static class IPC
static IPC()
SafeNativeMethods.IpcInitialize();
public static Collection<TemplateInfo> GetTemplates()
Collection<TemplateInfo> templates = null;
try
templates = SafeNativeMethods.IpcGetTemplateList(null, true, true, false, false, null, null);
catch (Exception /*ex*/)
/* TODO: Add logging */
throw;
return templates;
Here's my stack trace:
The system cannot find the file specified. HRESULT: 0x80070002
at Microsoft.InformationProtectionAndControl.SafeNativeMethods.ThrowOnErrorCode(Int32 hrError) in c:\Microsoft.InformationProtectionAndControl\SafeNativeMethods.cs:line 1678
at Microsoft.InformationProtectionAndControl.SafeNativeMethods.IpcGetTemplateList(ConnectionInfo connectionInfo, Boolean forceDownload, Boolean suppressUI, Boolean offline, Boolean hasUserConsent, Form parentForm, CultureInfo cultureInfo) in c:\\Microsoft.InformationProtectionAndControl\SafeNativeMethods.cs:line
137
at IPC.GetTemplates() in c:\IPC.cs
Please let me know if you have resolved this error or if you can find any managed code samples for AD RMS.
Thanks -
Hello,
I'm attempting to get a SharePoint 2013 Provider Hosted Application working in a brand new SharePoint environment. I've created snapshots of both my dev and the sharepoint environments along the way and have meticulously documented every step of the
way. I've followed these instructions (among many other resources found along this journey) :
http://msdn.microsoft.com/en-us/library/fp179923(office.15).aspx
http://technet.microsoft.com/en-us/library/fp161236(office.15).aspx
http://msdn.microsoft.com/library/office/fp179901%28v=office.15%29
Upon package and publish of my application to SharePoint, I get a 401 Unauthorized error. I use Fiddler to obtain the SPErrorCorrelationID to ultimately obtain the following ULS Viewer Output. Please explain how to fix if you're able.
Please Note: I was under the impression that a Provider Hosted Application does not use the Azure Access Control service, so I'm confused as to why my system is attempting to make this connection?
Also Note: I've used a self signed and godday obtained certificate to successfully f5 debug my basic web.title (out of the visual studio 2012 box) sharepoint provider hosted application... so I know my certs are good.
Here's my ULS output:
03/24/2014 08:54:47.83 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation Logging Correlation Data xmnv Medium Name=Request (GET:http://portal.cltenet.com/_layouts/15/appredirect.aspx?instance_id=22d5252f%2D392c%2D4f68%2Db820%2Da3053b9d4f24)
306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.83 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation Authentication Authorization agb9s Medium Non-OAuth request.
IsAuthenticated=True, UserIdentityName=0#.w|cltenet\sp.apps, ClaimsCount=25 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.83 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation Logging Correlation Data xmnv Medium Site=/ 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.84 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Deployment acjjg Medium The current user has System.Threading.Thread.CurrentPrincipal.Identity.Name
= 0#.w|cltenet\sp.apps, System.Security.Principal.WindowsIdentity.GetCurrent().Name = NT AUTHORITY\IUSR, System.Web.HttpContext.Current.User.Identity.Name = 0#.w|cltenet\sp.apps. 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.84 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsrv Medium redirectLaunUrl after getting it from query
string, web or app instance: https://hightrust31.cltenetapps.com/Pages/Default.aspx?{StandardTokens} 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation General aib0n High trying to get app tokens for site: 888b71f7-51ee-40f5-8344-8de4869d37d0
Unable to load app tokens from appInstanceId: 22d5252f-392c-4f68-b820-a3053b9d4f24 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsrw Medium redirectLaunUrl after getting token replacement:
https://hightrust31.cltenetapps.com/Pages/Default.aspx?SPHostUrl=http%3A%2F%2Fportal%2Ecltenet%2Ecom&SPLanguage=en%2DUS&SPClientTag=0&SPProductNumber=15%2E0%2E4420%2E1017 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsry Medium m_oauthAppId after NormalizeAppIdentifier()
i:0i.t|ms.sp.ext|[email protected]8df36d5d. Now getting app principal info. 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsr0 Medium decided that we need to do a POST to the
app. 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsr1 Medium m_redirectMessage: EndpointAuthorityMatches
306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsr2 Medium realm matched attempting to get app token
using GetAccessToken() 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth advzm High Error when get token for app i:0i.t|ms.sp.ext|[email protected]8df36d5d,
exception: Microsoft.SharePoint.SPException: The Azure Access Control service is unavailable. at Microsoft.SharePoint.ApplicationServices.SPApplicationContext.GetApplicationSecurityTokenServicesUri(SPServiceContext serviceContext)
at Microsoft.SharePoint.ApplicationServices.SPApplicationContext..ctor(SPServiceContext serviceContext, SPIdentityContext userIdentity, OAuth2EndpointIdentity applicationEndPoint) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForApplicationContext(SPIdentityContext
userIdentityContext, String applicationId, Uri applicationRealm, SPApplicationContextAccessTokenType applicationTokenType, SPApplicationDelegationConsentType consentValue) at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenPrivate(SPServiceContext
serviceContext, String appId, Uri appEndpointUrl, SPAppPrincipalInfo appPrincipal, SPApplicationContextAccessTokenType tokenType, Boolean useThreadIdentity, SPUserToken userToken) 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth ajsr3 High App token requested from appredirect.aspx
for site: 888b71f7-51ee-40f5-8344-8de4869d37d0 but there was an error in generating it. This may be a case when we do not need a token or when the app principal was not properly set up. LaunchUrl:https://hightrust31.cltenetapps.com/Pages/Default.aspx?SPHostUrl=http://portal.cltenet.com&SPLanguage=en-US&SPClientTag=0&SPProductNumber=15.0.4420.1017
Exception Message:The Azure Access Control service is unavailable. Stacktrace: at Microsoft.SharePoint.ApplicationServices.SPApplicationContext.GetApplicationSecurityTokenServicesUri(SPServiceContext serviceContext)
at Microsoft.SharePoint.ApplicationServices.SPApplicationContext..ctor(SPServiceContext serviceContext, SPIdentityContext userIdentity, OAuth2EndpointIdentity applicationEndPoint) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForApplicationContext(SPIdentityContext
userIdentityContext, String applicationId, Uri applicationRealm, SPApplicationContextAccessTokenType applicationTokenType, SPApplicationDelegationConsentType consentValue) at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenPrivate(SPServiceContext
serviceContext, String appId, Uri appEndpointUrl, SPAppPrincipalInfo appPrincipal, SPApplicationContextAccessTokenType tokenType, Boolean useThreadIdentity, SPUserToken userToken) at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenFromThreadIdentityOrUserToken(SPServiceContext
serviceContext, String appId, Uri appEndpointUrl, SPApplicationContextAccessTokenType tokenType, SPAppPrincipalInfo appPrincipal, Boolean useThreadIdentity, SPUserToken userToken) at Microsoft.SharePoint.ApplicationPages.AppRedirectPage.ValidateAndProcessRequest().
Since this is a nonfatal error, it will be sanitized and posted to the app as part of the app launch. 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation General ajlz0 High Getting Error Message for Exception Microsoft.SharePoint.SPException:
The Azure Access Control service is unavailable. at Microsoft.SharePoint.ApplicationServices.SPApplicationContext.GetApplicationSecurityTokenServicesUri(SPServiceContext serviceContext) at Microsoft.SharePoint.ApplicationServices.SPApplicationContext..ctor(SPServiceContext
serviceContext, SPIdentityContext userIdentity, OAuth2EndpointIdentity applicationEndPoint) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForApplicationContext(SPIdentityContext userIdentityContext, String applicationId, Uri
applicationRealm, SPApplicationContextAccessTokenType applicationTokenType, SPApplicationDelegationConsentType consentValue) at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenPrivate(SPServiceContext serviceContext,
String appId, Uri appEndpointUrl, SPAppPrincipalInfo appPrincipal, SPApplicationContextAccessTokenType tokenType, Boolean useThreadIdentity, SPUserToken userToken) at Microsoft.SharePoint.SPServerToAppServerAccessTokenManager.GetAccessTokenFromThreadIdentityOrUserToken(SPServiceContext
serviceContext, String appId, Uri appEndpointUrl, SPApplicationContextAccessTokenType tokenType, SPAppPrincipalInfo appPrincipal, Boolean useThreadIdentity, SPUserToken userToken) at Microsoft.SharePoint.ApplicationPages.AppRedirectPage.ValidateAndProcessRequest()
306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation App Auth aib0p Medium Doing appredirect from appredirect.aspx:
in site: 888b71f7-51ee-40f5-8344-8de4869d37d0 with RedirectLaunchUrl: https://hightrust31.cltenetapps.com/Pages/Default.aspx?SPHostUrl=http%3A%2F%2Fportal%2Ecltenet%2Ecom&SPLanguage=en%2DUS&SPClientTag=0&SPProductNumber=15%2E0%2E4420%2E1017
306c809c-66a1-d0d5-d8e2-89d3631ce1bf
03/24/2014 08:54:47.85 w3wp.exe (0x1448) 0x22D8 SharePoint Foundation Monitoring b4ly Medium Leaving Monitored Scope (Request (GET:http://portal.cltenet.com/_layouts/15/appredirect.aspx?instance_id=22d5252f%2D392c%2D4f68%2Db820%2Da3053b9d4f24)).
Execution Time=26.5933938531294 306c809c-66a1-d0d5-d8e2-89d3631ce1bf
Your help is very much appreciated.
With Respect,
LarryYes, actually - I was able to resolve it.
However I don't know how, unfortunately. I suspect it was because I needed to have the names of the certificates, defined during the certificate registration (to sharepoint) process, different.
I have a complete document that shows step by step instructions on the exact process I took to complete the provider hosted application creation, deployment and publishing. It was a daunting task, but I finished it successfully.
If there's a way to send private message on this forum, please do so and I'll respond with a way to obtain my document.
NOTE: I'm not all impressed with the way this forum works. This is supposed to be a Microsoft resource and I'll be damned if I ever get a response to highly technical questions. Completely lame. Boooooo Microsoft. -
SharePoint Online list view threshold issues: "because it exceeds the list view threshold enforced by the administrator"
Office 365 SharePoint Online can be problematic when it comes to exceeding the list item threshold (e.g. 5,000).
Examples of what happens after exceeding the threshold (e.g. 5,000 items):
You can’t create new forms for the list in SharePoint Designer.
You may have challenges with metadata fields in the forms (e.g. adding metadata values, editing metadata values, deleting the metadata column from the list).
Cannot save the list as a template (i.e. you get the threshold error).
Issue I'd like assistance with: how can I create a custom NewForm in SharePoint Designer
when the list exceeds the threshold limit, given this is Office 365 SharePoint Online and I don't have access to increase that limit?
As a control for my testing, I created another list with just a few custom columns with no list items --it worked fine for that list.
I also tried clearing local AppData cache which didn't solve it. I'd need Central Admin on O365 SharePoint Online to increase the threshold which I don't have access
to do. Errors received in SharePoint Designer:
"Could not save the list changes to the server." After getting this, I tried to work around
the create new forms issue by saving a copy of the original NewForm as NewForm2 and got the root error that I suspected was underlying it all:
“Server error: the attempted operation is prohibited because it exceeds the list view threshold enforced by the administrator”.
Any ideas for how to create a new list form in SD?Thanks Alex.
I just found a couple new workarounds instead of using SharePoint Designer:
Method 1: Add web parts to the form pages on the client side:
Go to the list and execute one of these actions depending what form you want to edit: create a new item (NewForm), edit an item (EditForm), or display an item (DispForm).
With the form you want to edit displayed, go to the gear icon and click "Edit Page".
You should now see the web part page show up with "Add a Web Part" as an option.
Add a Content Editor or Script Editor web part.
Add your custom code to either one to manipulate the HTML objects using your favorite web languages.
Method 2: Use InfoPath 2013.
The InfoPath 2013 route appears to work. -
SharePoint Online Public Facing Website Issues/Limitations
Hi,
We would like to use SharePoint Online for a public facing website (we are using the intranet side already which works well) but have noticed a lot of issues trying to get it to work the way we want to. I have seen on the web that there are quite a few limitations
from various blogs/forums with suggested work-arounds but none of them have worked thus far.
Basically I need to make a call on whether or not SP Online will be able to meet the requirements or if we'll have to look at an alternative solution.
E.g. 1) Document Libraries
1.1) I've created a document library and exposed it through an app part on a public page. This seems to work fine for the most part when using PDF files but any Word/Excel documents want to open in OWA or, if forced, in the client application which then
starts prompting for credentials. The requirement here is to have various documents available to the public to download and fill in. Is it possible to force all files within a document library, when clicked, to prompt to download/save the file?
1.2) When clicking on the name of the document library that is displayed in the app part, it wants to open the document library itself which then redirects to the login page. The issue with this is that if a user goes down a level into a folder in the document
library, they have to use the browser back button to go back up a level. Most users will click on the title though which doesn't lend well to a good user experience. Is there any way to prevent this and have the title link to the page with the app part or
have some form of folder navigation present?
E.g. 2) Calendars
1.1) I have found a "work around" in changing the content type to Event for this to somewhat work but we need a calendar to be filterable by a certain category which doesn't seem possible when adding the calendar app part to a public page. If it
is possible to display a view selector on the public page, that would suffice but it seems that adding the part to the page limits it to a pre-defined view.
1.2) I also tried displaying it as a "list" instead of a calendar view but when trying to open a single item to see its contents, we are again redirected to the login screen. Is there any way around this?
1.3) Using the same list approach at least shows the column titles but when trying to open the filter drop down I get "Cannot show the value of the filter. The field may not be filterable, or the number of items returned exceeds the list view threshold
enforced by the administrator" which doesn't happen when logged in. Is this also by design or is it fixable somehow?
1.4) The same issue applies for the title of the calendar whereby clicking on it directs the user to a login screen.
I've tried numerous attempts at getting the above to work but basically if SP Online public facing websites are not meant to be more than simple content pages/brochure type sites then we'll have to use an alternative solution. If anyone else has encountered
the same types of issues or figured out workarounds for them, I'd love to hear what they are!
Kind regards,
RickHi ,
According to your description, my understanding is that you want to customize the search result for displaying news pages with query string in your SharePoint Online.
For your issue, you can create custom search result template and modify the following code:
<a href=”_#=ctx.CurrentItem.Path=#_”>
_#=ctx.CurrentItem.Title=#_
</a>
For more information, you can refer to the blog:
http://www.abelsolutions.com/totm/creating-customized-search-results-in-sharepoint-2013/
http://sharepointfieldnotes.blogspot.com/2012/11/customizing-sharepoint-2013-search.html
http://channel9.msdn.com/Events/SharePoint-Conference/2014/SPC322
Best Regards,
Eric
Eric Tao
TechNet Community Support -
How can I copy documents from a Sharepoint On Premises library to a Sharepoint Online library and at the same time preserving their metadata?
I use the Open Explorer Windows to drag and drop the files, but the metadata are not copied. Thanks.To maintain the metadata you'll need to use one of the third party tools that does this kind of migration. Metalogix has a product with a free trial that we have used before. (Don't remember whether the free version maintains metadata or not).
You can read about it here:
http://www.metalogix.com/Products/Content-Matrix.aspx
Paul Stork SharePoint Server MVP
Principal Architect: Blue Chip Consulting Group
Blog: http://dontpapanic.com/blog
Twitter: Follow @pstork
Please remember to mark your question as "answered" if this solves your problem. -
Dear Sir,
I got an experienced for the RMS with iPhone. I have enrolled an account for RMS evaluation from aadrm portal. I have registered two acounts for testing purpose. First of all, I have download the apps from apple store and install
it on my iphone. After installation, I have tried to encrypted the photos through existing photo library. I follwed the instructions to do so. I have two choices and the third choices is dim which is "Custom Permission". The only
two choices "Shared" and "Protected". I am able to encrypt the photo and sent out to the designated users. It returns an error on sharing permission. What is going wrong? On the other hand, is the in placed photo
will be encrpted or not? I have returned to photo library the format remains unchanged.
Secondly, I have registered Widnows Azure. As heard from tecnical engineer-MS, they told me that MS has an Azure RMS dedicated cloud platform. Is it a centralised platform for user management? I would like managed all user in Azure
cloud services. Please let me know?
For the permission assigned, I also have an experience before with PC encrypted document file(s) where I used ms office 2013.
Finally, I woul like to get more Windows Azure information. Can you give me some implementation note and technical requirements?
Regards
StanleyHi Stanely,
Some answers for your questions:
" I have two choices and the third choices is dim which is "Custom Permission""
>>> "Custom Permissions" is currently not supported and but will be available soon. It allows you to give permissions to specific people (i.e. email addresses) inside or outside your organization (i.e. account).
>>> "It returns an error on sharing permission."
It is not clear to me what happened here, can you please elaborate? Did the designated user get the sharing permissions when he tried to open the document using RMS sharing app? did it happen on the same device?
>>> "On the other hand, is the
in placed photo will be encrpted or not? I have returned to photo library the format remains unchanged.
When you choose a photo from your Photos gallery, the photo is copied and encrypted using RMS and can be sent in a protected file format (called PFILE).
The original photo in your Photos library app remains unchanged, because it is currently impossible to use RMS to protect the photos that are in your photos library app. You can of course choose to delete the original photo itself after you protect and share
it.
About the rest of your questions,
- Windows Azure provides deep documentation and tutorials which you can find here: http://www.windowsazure.com/en-us/
You can use Windows Azure Active Directory to manage all the users in your organization, as explained there.
Azure RMS is the new RMS technology which RMS sharing app uses. You can build your own applications that uses Azure RMS too. Please refer to the following links to find more information on Azure RMS:
http://blogs.msdn.com/b/rms/archive/2013/11/15/the-new-microsoft-rms-has-shipped.aspx
You might also want to read Azure RMS whitepaper here:
http://blogs.technet.com/b/rms/archive/2013/07/31/the-new-microsoft-rights-management-services-whitepaper.aspx
Best regards,
Yair
Maybe you are looking for
-
Is the Ipad 2 compatible in Italy
Hello, I would like to know the following things about the Ipad2 and its compatibility. 1. Is it compatible in Italy with their Wi-Fi? 2. To charge the Ipad, can it be charged on a non-apple computer? If not, is the electrical charging system compati
-
With PSE 7 Unable to Open Organizer, Editor, Create, Share
I am new to PSE7. I installed the program in Jun and have only played with it some. Last night I used the program with no problem. This morning I opened the program and the Welcome Screen comes up. I am able to sign into photoshop.com. However, w
-
WLC 4402 - 4.2.130.0 I have generated a CSR and received a certificate from GlobalSign. Has followed the instructions in "certificate signing Request Generation for a Third-Party ......"(DOcID 70584) , and uploaded the certificate to the WLC. But sti
-
How to print hard copy of web site?
I am getting audited by the State. Not for cause just routine. However they ask for a lot of things. One is a complete web site printout. I have never done this in Dreamweaver and my help is not finding the answer I need. Could you help me?
-
How to Cancel Long Running Report
Hello I'm looking for a way to cancel the printing of a long running report programatically? I'm using the CrystalDecisions.CrystalReports.Engine.ReportDocument() class. Thanks for your help