25,081 questions
I finally figured out solution
I explicitly only allowing TLS1.2 for MS login
so that Web server don't have to change their security setting as long as it has TLS1.2 enable on their Windows Servers
Azure SSO - Response status code does not indicate success: 426 (InvalidRequest).
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 26%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDL%3C/text%3E%3C/svg%3E)
Denny Luo
15
Reputation points
Server Error in '/azuressotest' Application.
Response status code does not indicate success: 426 (InvalidRequest).
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Net.Http.HttpRequestException: Response status code does not indicate success: 426 (InvalidRequest).
Azure SSO,OpenId, Authentication,Account sign, MS login
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[HttpRequestException: Response status code does not indicate success: 426 (InvalidRequest).]
System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode() +121834
Microsoft.IdentityModel.Protocols.<GetDocumentAsync>d__0.MoveNext() +399
[IOException: Unable to get document from: https://login.microsoftonline.com/******5/federationmetadata/2007-06/federationmetadata.xml?appid=****]
Microsoft.IdentityModel.Protocols.<GetDocumentAsync>d__0.MoveNext() +725
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.IdentityModel.Protocols.<GetAsync>d__1.MoveNext() +414
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.IdentityModel.Protocols.<GetConfigurationAsync>d__3.MoveNext() +908
[InvalidOperationException: IDX10803: Unable to create to obtain configuration from: 'https://login.microsoftonline.com/1426******/federationmetadata/2007-06/federationmetadata.xml?appid=d91b1af3*****.]
Microsoft.IdentityModel.Protocols.<GetConfigurationAsync>d__3.MoveNext() +1255
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.WsFederation.<ApplyResponseChallengeAsync>d__c.MoveNext() +522
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.<ApplyResponseCoreAsync>d__8.MoveNext() +376
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.<TeardownAsync>d__5.MoveNext() +215
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +968
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.<RunApp>d__5.MoveNext() +197
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +768
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.<RunApp>d__5.MoveNext() +197
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.<DoFinalWork>d__2.MoveNext() +184
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.StageAsyncResult.End(IAsyncResult ar) +117
System.Web.AsyncEventExecutionStep.InvokeEndHandler(IAsyncResult ar) +209
System.Web.AsyncEventExecutionStep.OnAsyncEventCompletion(IAsyncResult ar) +156
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.7.3930.0
Microsoft Security Microsoft Entra Microsoft Entra ID
Microsoft Security Microsoft Authenticator
9,248 questions
{count} votes
-
Denny Luo 15 Reputation points
2023-05-31T18:42:05.7333333+00:00 additionally, this same solution works well for one client (different Windows server - 2012)
have above error for all other clients (Windows Server 2019)
Not sure it's network issue or Windows server security setting issue
Can anybody give suggestion what change is required
thank you so much
Denny
Sign in to comment
4 answers
Sort by: Most helpful
-
Denny Luo 15 Reputation points
2023-05-31T22:28:03.33+00:00 -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 21%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMD%3C/text%3E%3C/svg%3E)
Mádr Tomáš 5 Reputation points2023-06-01T06:27:28.72+00:00 thanks a lot!
and for the others, there is a link how to enable TLS 1.2
-
SOTO CUBELLS Juan Francisco 0 Reputation points2023-06-01T09:11:29.9033333+00:00 Thanks a lot!.. we had exactly the same issue.. and solve it forcing TLS 1.2 as you did it. :-) Great!!
Sign in to comment -
-
Denny Luo 15 Reputation points
2023-05-31T18:41:38.01+00:00 additionally, this same solution works well for one client (different Windows server - 2012)
have above error for all other clients (Windows Server 2019)
Not sure it's network issue or Windows server security setting issue
Can anybody give suggestion what change is required
thank you so much
Denny
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 56.00000000000001%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAP%3C/text%3E%3C/svg%3E)
Anand Prakash-Dubey (Azure Admin) 0 Reputation points2023-06-07T14:22:44.6833333+00:00 Hi,
I am getting the same error, earlier it was working properly but after 31 May 2023 , It stopped working. Do we have any logs or any track what changed or how to fix it ?
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 42%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGR%3C/text%3E%3C/svg%3E)
Ganapathy Raman A 0 Reputation points2023-06-14T17:54:45.7266667+00:00 Even I do have the same issue on already deployed API's. Could someone assist on this issue?. Thanks
-
Chandra Sekhar Pasumarthi 0 Reputation points Microsoft Employee2023-06-19T06:39:13.5033333+00:00 We are also getting same issue
-
Ganapathy Raman A 0 Reputation points
2023-06-29T10:05:14.9+00:00 Got the solution, please check your available framework version, if the version is less than 4.6, you may get the issue. Please upgrade the version to 4.6 and above. Thanks
Sign in to comment -
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 7.000000000000001%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHP%3C/text%3E%3C/svg%3E)
Himesh Patel 0 Reputation points2023-06-08T09:07:17.1333333+00:00 We have run into this yesterday. Appears TLS 1.1 is no longer accepted by federation meta data url. You must use TLS 1.2
Ie. add the following to your code (this allows backward compatibility with 1.1)
System.Net.ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12;-
Nitish Kumar 31 Reputation points2023-06-12T07:01:46.7433333+00:00 System.Net.ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12;This is not a valid powershell not sure if would work in any language due to presence of |
-
Himesh Patel 0 Reputation points
2023-06-19T08:00:02.2833333+00:00 Just to add this is a code change in the web project. This is not a change to server.
Sign in to comment -