SPN and user name/password errors when trying to add an additional AD FS server with a Group Managed Service Account

In a recent case, we hit the issue detailed very well in the following blog post. Error when adding second 2012R2 AD FS server when using gMSA https://ril3y.wordpress.com/2014/08/19/error-when-adding-second-2012r2-ad-fs-server-when-using-gmsa/ Essentially, there needs to be a trio of conditions met: The AD FS server being set up is not the first AD FS server in the farm. The…


Admin Consent Option Missing

The Setup: An administrator had turned off user consent for Integrated Apps. This basically prevents users from being able to consent to an application to access the user’s O365 profile data. Here is what the Integrated Apps setting looks like when it is disabled.   Since the users no longer have the ability to provide…


Unable to delete Azure B2C directory

Azure B2C directories are still in preview at the time of this blog post. The behavior may change in the future. This blog post is specific to Azure B2C directories where the b2c-extensions-app has been installed. If you need general help deleting an Azure directory, please see the following article for pointers: https://support.microsoft.com/en-us/kb/2967860 I’ve had…


Login to O365 fails with error “We received a bad request.”

The Setup: Two Web Application Proxy Servers and two AD FS 2.0 servers. Users are Office 365 users with a federated domain suffix so they must authenticate via AD FS. The Story: Initially, only a few users were having issues logging into Office 365. As the day wore on, more and more users were having…


Web Application Proxy PowerShell cmdlets are not available in x86

The Setup Starting in Windows Server 2008 R2, the operating system no longer ships on the x86 platform (link). However, there are many backward compatibility features included in the x64 product to enable older 32 bit applications to run without issue on the x64 platform. One of the compatibility features is a x86 PowerShell executable….


A tale of Event 422 on WAP servers

A tale from support. I hope this helps solve similar issues more quickly. The Setup: Two Active Directory Federation (AD FS) Servers running Windows 2012 R2, located on the corporate network. Two Web Access Proxy (WAP) servers located in the DMZ. The Story: At first event 422 was logged here and there, but over the course of…