MailExchange ADFS Authentication Errors

%3CLINGO-SUB%20id%3D%22lingo-sub-2411384%22%20slang%3D%22en-US%22%3EMailExchange%20ADFS%20Authentication%20Errors%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2411384%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EI%20have%20issue%20with%20ADFS%20authentication%20on%20My%20exchange%20server.%20The%20problem%20encountered%20in%20the%20ADFS%203.0%20of%20the%20window%20server%202012%20and%20exchange%20server%202013%20cu22.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3Ei%20have%203%20server%3A%3C%2FP%3E%3CP%3E1%20vm%20x%20ADDS%3CBR%20%2F%3E1%20vm%20x%20ADFS%3CBR%20%2F%3E1%20vm%20x%20adfs%20(lan)%3C%2FP%3E%3CP%3E%3CSPAN%3EBecause%20web%20application%20proxy%20is%20optional%2C%20so%20in%20my%20dev%20enviroment%20I%20don't%20use%20web%20application%20proxy%20server.%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3EI%20followed%20the%20below%20instruction%20link%20to%20config%20AD%20FS%20claims-based%20authentication%20with%20Outlook%20Web%20App%20and%20EAC%3A%3C%2FSPAN%3E%3C%2FP%3E%3CDIV%20class%3D%22question-body%20post-body%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fusing-ad-fs-claims-based-authentication-with-outlook-web-app-and-eac-exchange-2013-help%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fusing-ad-fs-claims-based-authentication-with-outlook-web-app-and-eac-exchange-2013-help%3C%2FA%3E%3CBR%20%2F%3EIn%20my%20web%20browser%20(Chrome%2C%20Firefox)%2C%20I%20sign%20in%20OWA%2C%20response%20returns%20the%20http%20error%20401.%20I%20try%20to%20sign%20in%20EAC%20by%20type%20my%20username%20(domain%5Cuser)%20and%20password%2C%20EAC%20show%20message%20%22An%20error%20occurred.%20Contact%20your%20administrator%20for%20more%20information%22.%20I%20check%20event%20viewer%20of%20Exchange%20Server%2C%20there%20are%20no%20errors%20in%20event%20viewer.%20I%20check%20event%20viewer%20of%20ADFS%20server%2C%20the%20following%20error%20was%20reported%3A%3CBR%20%2F%3Encountered%20error%20during%20federation%20passive%20request.%3C%2FP%3E%3CP%3EAdditional%20Data%3C%2FP%3E%3CP%3EProtocol%20Name%3A%3CBR%20%2F%3Ewsfed%3C%2FP%3E%3CP%3ERelying%20Party%3A%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fmailsrv.contoso.com%2Fecp%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Fmailsrv.contoso.com%2Fecp%3C%2FA%3E%2F%3C%2FP%3E%3CP%3EException%20details%3A%3CBR%20%2F%3EMicrosoft.IdentityServer.Web.InvalidRequestException%3A%20MSIS7042%3A%20The%20same%20client%20browser%20session%20has%20made%20'6'%20requests%20in%20the%20last%20'1'%20seconds.%20Contact%20your%20administrator%20for%20details.%3CBR%20%2F%3Eat%20Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.UpdateLoopDetectionCookie(WrappedHttpListenerContext%20context)%3CBR%20%2F%3Eat%20Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.SendSignInResponse(WSFederationContext%20context%2C%20MSISSignInResponse%20response)%3CBR%20%2F%3Eat%20Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext%20protocolContext%2C%20PassiveProtocolHandler%20protocolHandler)%3CBR%20%2F%3Eat%20Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext%20context)%3C%2FP%3E%3CP%3EI%20already%20search%20in%20google%20about%20error%20MSIS7042%20but%20nothing%20can%20solve%20my%20problem.%3CBR%20%2F%3EAny%20idea%20to%20help%20me%3F%3CBR%20%2F%3EThank%20for%20your%20help.%3C%2FP%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2411384%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3E2013%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Visitor

I have issue with ADFS authentication on My exchange server. The problem encountered in the ADFS 3.0 of the window server 2012 and exchange server 2013 cu22.

i have 3 server:

1 vm x ADDS
1 vm x ADFS
1 vm x adfs (lan)

Because web application proxy is optional, so in my dev enviroment I don't use web application proxy server.
I followed the below instruction link to config AD FS claims-based authentication with Outlook Web App and EAC:

https://docs.microsoft.com/en-us/exchange/using-ad-fs-claims-based-authentication-with-outlook-web-a...
In my web browser (Chrome, Firefox), I sign in OWA, response returns the http error 401. I try to sign in EAC by type my username (domain\user) and password, EAC show message "An error occurred. Contact your administrator for more information". I check event viewer of Exchange Server, there are no errors in event viewer. I check event viewer of ADFS server, the following error was reported:
ncountered error during federation passive request.

Additional Data

Protocol Name:
wsfed

Relying Party:
https://mailsrv.contoso.com/ecp/

Exception details:
Microsoft.IdentityServer.Web.InvalidRequestException: MSIS7042: The same client browser session has made '6' requests in the last '1' seconds. Contact your administrator for details.
at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.UpdateLoopDetectionCookie(WrappedHttpListenerContext context)
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.SendSignInResponse(WSFederationContext context, MSISSignInResponse response)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)

I already search in google about error MSIS7042 but nothing can solve my problem.
Any idea to help me?
Thank for your help.

0 Replies