I spent waaayyyyy too much time trying to resolve this problem so am capturing it here in case any of the rest of you run up against this. I installed a new ADFS 3.0 on Windows Server 2012 R2 machine in my environment, and then configured a new SharePoint SPTrustedIdentityTokenIssuer for it. Every time I tried to authenticate to it I entered my credentials, and then I would get a 400 bad request back and the whole thing came to a grinding halt. I was getting no errors in any of the event logs on the ADFS server. What was also weird is that if I configured ADFS to use forms based authentication instead of Windows, I could log in just fine.
I suspected Kerberos SPN issues, but when I had tried to set it after setting up ADFS (using setspn) it said that the SPN was set. Well, guess what - turns out that was not true. I finally just went in to adsiedit.msc on my domain controller and looked at my service account. If you go into the properties you can scroll down to servicePrinicpalName and see exactly what's configured for it, and sure enough, my ADFS server was not listed there. So, I just added the SPN needed for it - http/yourFqdnAdfsServer - saved it, and authentication started working then. As always, note that the SPN is NOT a Url, like http://myserver, it's just the protocol and host name, so http/myserver.
Hopefully this will save you some time, I know a lot of folks build all this out in their labs at home so start by double-checking your service account SPNs.
Brilliant, that just saved me a huge headache :)
Awesome! Thanks for sharing.
Thanks. Saved the day.
http://www.shopbestgoods.com/ http://www.nike-jordanshoes.com/ http://www.beatsbydreoutlet.net/ http://www.michaelkorsus.com/ http://www.polo-tshirts.com/ http://www.northsclearance.com/ http://www.ralph-laurensale.com/ http://www.gucci-shoesuk2014.com/ http://www.michael-korsusa.com/ http://www.polo-outlets.com/ http://www.ralphslauren.co.uk/ http://www.marcjacobsonsale.com/ http://www.mcmworldwides.com/ http://www.salongchamppairs.com/ http://www.canada-gooser.com/ http://www.burberryoutlet2014.com/ http://www.michaelkors.so/ http://www.hermes-outletonline.com/ http://www.oakley-sunglassoutlet.com/ http://www.north-faceoutlets.net/ http://www.moncler-clearance.com/ http://www.woolrich-clearance.com/ http://www.barbour-jacketsoutlet.com/ http://www.moncler-jacketsoutletonline.com/ http://www.monsterbeatsbydres.net/ http://www.louis-vuittonblackfriday.com/ http://www.lv-guccishoesfactory.com/ http://www.mcmoutlet-jp.com/ http://www.cheapdiscountoutlet.com/ http://coachoutlet.iwopop.com/ http://www.coachsfactoryoutlet.com/ http://www.coach-blackfriday2014.com/ http://www.coach-storeoutletonline.com/ http://www.coach-factorysoutletonline.com/ http://www.coachccoachoutlet.com/ http://www.coach-factories.net/ http://www.coach-pursesoutletonline.com/ http://www.llouisvuitton-factory.net/ http://www.coach-outletsusa.com/ http://www.mksfactoryoutlet.com/ http://www.zxcoachoutlet.com/ http://www.mischristmas.com/ http://www.misblackfriday.com/ http://www.bestcustomsonline.com/ http://www.newoutletonlinemall.com/ http://www.clickmichaelkors.com/ http://www.cmichaelkorsoutlet.com/ http://www.ralphlaurenepolo.com/ http://michaelkorsoutlet.mischristmas.com/ http://mcmbackpack.mischristmas.com/ http://monsterbeats.mischristmas.com/ http://northfaceoutlet.mischristmas.com/ http://mk.misblackfriday.com/ http://coachoutlet.misblackfriday.com/ http://coachfactory.misblackfriday.com/ http://uggaustralia.misblackfriday.com/ http://coachpurses.misblackfriday.com/ http://coachusa.misblackfriday.com/ http://coach.misblackfriday.com/ http://michaelkorss.misblackfriday.com/ http://michaelkors.misblackfriday.com/ http://airmax.misblackfriday.com/ http://michael-kors.misblackfriday.com/ http://t.co/1PJuejI1ys http://t.co/FYm2MxWwLM https://twitter.com/CoachOutlet2014 https://www.facebook.com/pages/Coach-Factory-Outlet-Online-Store-Michael-Kors-Outlet-Online-Sale-75-Off/712060898859091 https://www.facebook.com/pages/Ralph-Lauren-Polo-Outlet-Online-Sale/1404100279810690
Steve, bingo. This should be the first result on bing with ADFS 3.0 HTTP 400. :) Thanks as always.
Dude! YOU ROCK!! What a life saver. I wish Microsoft, the producer, published this type of info!
Is it possible your ADFS server name was the same name as the federation farm? I just ran into this issue where that was the case, turns out it's not recommended. I manually entered the HTTP endpoint as you suggested and that worked for me - but it leads me to believe that if the two weren't the same, then the SPN might have been set for you.
You are a rockstar... thought I was in for a long Sunday trying to figure this one out (I migrated from ADFS 2.1 to ADFS 3.0) and could not understand why it wasn't working. So simple. Thanks so much.
Tao http://dichvuketoanlongbien.com/ Rủa http://dichvuketoanlongbien.com/a2-96-dich-vu-ke-toan-tron-goi.html Thằng http://dichvuketoanlongbien.com/a2-98-dich-vu-ke-toan-thue.html Cờ http://dichvuketoanlongbien.com/a2-103-dich-vu-bao-cao-tai-chinh.html Hó http://dichvuketoanlongbien.com/a2-97-dich-vu-quyet-toan-thue.html Nào http://dichvuketoanlongbien.com/a2-114-dich-vu-ke-toan-tai-29-quan-huyen.html Soi http://dichvuketoanlongbien.com/i780-dich-vu-ke-toan-thue-tron-goi-tai-bac-ninh.html Tài http://dichvuketoanlongbien.com/i779-dich-vu-ke-toan-thue-tron-goi-tai-bac-giang.html Khoản http://dichvuketoanlongbien.com/i778-dich-vu-ke-toan-thue-tron-goi-tai-phu-tho.html Và http://dichvuketoanlongbien.com/i781-dich-vu-ke-toan-thue-tron-goi-tai-hung-yen.html Link http://dichvuketoanlongbien.com/i782-dich-vu-ke-toan-thue-tron-goi-tai-vinh-phuc.html Của http://dichvuketoanlongbien.com/i783-dich-vu-ke-toan-thue-tron-goi-tai-hai-phong.html Tao. http://www.trungtamketoan.com.vn/ Chúng http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-ha-noi.html Mày http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-tp-hcm.html Đủ http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-quang-ninh.html Trình http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-hai-duong.html Thì http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-bac-giang.html Tự http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-bac-ninh.html Đi http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-hai-phong.html Mà http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-nam-dinh.html Làm. http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-thai-binh.html Việc http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-thanh-hoa.html Gì http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-vinh-phuc.html Phải http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-hung-yen.html Rẻ http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-phu-tho.html Rách http://www.trungtamketoan.com.vn/p/trung-tam-dao-tao-ke-toan-tai-binh-duong.html Như http://www.tosvn.com Thế. http://iketoan247.blogspot.com Loại http://tailieuveketoan.blogspot.com Chó http://mauhinhnendep.blogspot.com Má. http://www.tosvn.com/search/label/Hack%20CF Tao http://www.tosvn.com/search/label/Hack%20AvatarStar Rủa http://www.tosvn.com/search/label/Hack%20Warcraft-Dota2 Những http://hocketoan360.com/category/tai-lieu-ke-toan/ Thằng http://iketoan247.blogspot.com/search/label/thong-tin-kinh-te Soi http://iketoan247.blogspot.com/search/label/tin-bai-ve-thue Tao http://hoclamketoan.edu.vn/ Sẽ http://hoclamketoan.edu.vn/category/khoa-hoc-ke-toan Tan http://hoclamketoan.edu.vn/category/dich-vu-ke-toan Cửa http://hoclamketoan.edu.vn/category/hoc-lam-ke-toan Nát http://hoclamketoan.edu.vn/category/tai-lieu-ke-toan Nhà http://hocketoan360.com/ Haha http://hocketoan360.com/category/khoa-hoc-ke-toan/ http://hocketoan360.com/category/dich-vu-ke-toan/