Sunday, November 15, 2015

Accessing the Update Password webpage published by an ADFS server displays the error: “An error occurred. Contact your administrator for more information.”

Problem

You’ve successfully deployed ADFS in your on-prem environment and would like to use the password change portal that the server provides but you notice that navigating to https://adfs.domain.com/adfs/portal/updatepassword displays the following error:

image

Expanding the Error details displays the following:

Error details

· Activity ID: 00000000-0000-0000-1400-0080000000d3

· Error time: Wed, 16 Sep 2015 14:02:27 GMT

· Cookie: enabled

· User agent string: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; InfoPath.2; MS-RTC LM 8; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; MS-RTC EA 2; .NET4.0C; .NET4.0E)

image

Solution

The reason why the portal is not functioning properly is because you are attempting to use a workstation that isn’t joined to the domain to access this page.  The initial design of this service requires authenticated or registered devices that are joined to the domain but Microsoft changed the relaxed the requirement after receiving feedback from customers.  The patch that relaxes this constraint can be found in the following KB:

https://support.microsoft.com/en-us/kb/3035025#/en-us/kb/3035025

image

image

The webpage should function as expected once the patch is applied:

imageimage

More information about the setup and why the requirement was relaxed can be found in the following MSDN blog post:

Note: ADFS 2012 R2 required authenticated/registered devices (a.k.a ‘workplace join’) to allow the change of passwords. Based on customer feedback, we have relaxed this constraint and allow this from all devices. You will need to apply 3035025 hotfix on all the ADFS servers.

http://blogs.msdn.com/b/samueld/archive/2015/05/13/adfs-2012-r2-now-supports-password-change-not-reset-across-all-devices.aspx

No comments: