Sometimes Web Application Proxy get 500 error and works well after clear browser cache

Juan Deng 6 Reputation points
2021-08-17T03:20:32.747+00:00

I configured SSO on sharepoint with WAP and ADFS, sometimes user get 500 error when access site, and it works well after clear browser cache.
I checked event log on WAB server and ADFS Tracing, there is an error in WAP logs and there isn't any message in ADFS Tracing logs.
anybody tried this before ?
this is what I see in WAP event logs:

  • <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  • <System>
    <Provider Name="Microsoft-Windows-WebApplicationProxy" Guid="{EA19457D-AFB4-4B25-B526-DA576CCE3FE4}" />
    <EventID>12027</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2021-08-17T02:39:25.467447300Z" />
    <EventRecordID>59778092</EventRecordID>
    <Correlation ActivityID="{128304E3-4AB7-0007-XXX-8712B74AD701}" />
    <Execution ProcessID="5800" ThreadID="5836" />
    <Channel>Microsoft-Windows-WebApplicationProxy/Admin</Channel>
    <Computer>XXX-XXX-SP20.hanhua.com</Computer>
    <Security UserID="S-1-5-20" />
    </System>
  • <EventData>
    <Data Name="errMsg">unspecified error (0x80004005)</Data>
    <Data Name="TransactionID">{128304E3-4AB7-0007-FAF1-8712B74AD701}</Data>
    <Data Name="SessionID">{128304E3-4AB7-0007-FAF1-8712B74AD701}</Data>
    <Data Name="PublishedAppName">KM For IDP Proxy</Data>
    <Data Name="PublishedAppID">2b0b6c09-022f-0259-b67d-fae84c0d25e3</Data>
    <Data Name="PublishedExternalUrl">https://xx.xx.com/</Data>
    <Data Name="PublishedBackendUrl">https://xx.xx.com/</Data>
    <Data Name="User"><Unknown></Data>
    <Data Name="UserAgent">Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36</Data>
    <Data Name="DeviceID"><Not Applicable></Data>
    <Data Name="TokenState">NotFound</Data>
    <Data Name="CookieState">NotFound</Data>
    <Data Name="ClientRequestUrl">https://km.hanhua.com/</Data>
    <Data Name="BackendRequestUrl"><Not Applicable></Data>
    <Data Name="PreAuthenticationFlow"><Not Applicable></Data>
    <Data Name="BackendServerAuthenticationMode" />
    <Data Name="StateMachineState">OuOfOrderFEHeadersWriting</Data>
    <Data Name="ResponseCodeToClient">500</Data>
    <Data Name="ResponseMsgToClient"><Not Applicable></Data>
    <Data Name="ClientCertIssuer"><Not Found></Data>
    <Data Name="ResponseCodeFromBackend"><Not Applicable></Data>
    <Data Name="FrontendLocationHeader"><Not Applicable></Data>
    <Data Name="BackendLocationHeader"><Not Applicable></Data>
    <Data Name="BackendHttpVerb"><Not Applicable></Data>
    <Data Name="ClientHttpVerb">GET</Data>
    </EventData>
    </Event>

Cookie in browser:
experimentation_subject_id=eyJfcmFpbHMiOnsibWVzc2FnZSI6IklqUm1ObUppWVRZNUxXRmtZMlF0TkRNeFlpMWhPV0k1TFdWbU9XUXpZMkV3WkRRMk15ST0iLCJleHAiOm51bGwsInB1ciI6ImNvb2tpZS5leHBlcmltZW50YXRpb25fc3ViamVjdF9pZCJ9fQ==--2be4a215ff52c670aab475295d2361ebb263e1f0; Hm_lvt_633e9c48ce7d51971e03192408f4e504=1627609214,1627631049,1627975372,1628146791

Thanks a lot in advance

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,208 questions
Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,286 questions
SharePoint Development
SharePoint Development
SharePoint: A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.Development: The process of researching, productizing, and refining new or existing technologies.
2,706 questions
{count} vote

2 answers

Sort by: Most helpful
  1. JoyZ 18,046 Reputation points
    2021-08-17T09:08:52.59+00:00

    @Juan Deng ,

    From the event id 12027, make sure the Web Application Proxy is domain joined to the same domain as the domain controller to ensure that the domain controller establishes trust with Web Application Proxy.

    In addition, please access the site in WAP server with ADFS , and use fiddler to debug what is happening on the backend, if possible, please provide detailed screenshot for further troubleshooting.


    If an Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  2. Juan Deng 6 Reputation points
    2021-08-20T01:19:16.75+00:00

    this issue is a sporadic problem, and WAP works well after clear cache. I want if there is a way to ignore cookie in WAP server if cookie is not correct.

    if there is right cookie or no cookie in client browser, the request flow is :
    user access website from browser --> WAP get request --> WAP validate request cookie : if there is a right cookie --> get user ticket from DC; if there isn't cookie or cookie is expired --> authenticate from ADFS -->WAP get token from ADFS --> WAP get user ticket from DC.

    but my problem is :
    user access website from browser --> WAP get request --> WAP validate request cookie, cookie is not right, and WAP post error: 500, the error XML is :
    <EventData>
    <Data Name="errMsg">unspecified error (0x80004005)</Data>
    <Data Name="TransactionID">{128304E3-4AB7-0007-FAF1-8712B74AD701}</Data>
    <Data Name="SessionID">{128304E3-4AB7-0007-FAF1-8712B74AD701}</Data>
    <Data Name="PublishedAppName">KM For IDP Proxy</Data>
    <Data Name="PublishedAppID">2b0b6c09-022f-0259-b67d-fae84c0d25e3</Data>
    <Data Name="PublishedExternalUrl">https://xx.xx.com/</Data>;
    <Data Name="PublishedBackendUrl">https://xx.xx.com/</Data>;
    <Data Name="User"><Unknown></Data>
    <Data Name="UserAgent">Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36</Data>
    <Data Name="DeviceID"><Not Applicable></Data>
    <Data Name="TokenState">NotFound</Data>
    <Data Name="CookieState">NotFound</Data>
    <Data Name="ClientRequestUrl">https://km.hanhua.com/</Data>;
    <Data Name="BackendRequestUrl"><Not Applicable></Data>
    <Data Name="PreAuthenticationFlow"><Not Applicable></Data>
    <Data Name="BackendServerAuthenticationMode" />
    <Data Name="StateMachineState">OuOfOrderFEHeadersWriting</Data>
    <Data Name="ResponseCodeToClient">500</Data>
    <Data Name="ResponseMsgToClient"><Not Applicable></Data>
    <Data Name="ClientCertIssuer"><Not Found></Data>
    <Data Name="ResponseCodeFromBackend"><Not Applicable></Data>
    <Data Name="FrontendLocationHeader"><Not Applicable></Data>
    <Data Name="BackendLocationHeader"><Not Applicable></Data>
    <Data Name="BackendHttpVerb"><Not Applicable></Data>
    <Data Name="ClientHttpVerb">GET</Data>
    </EventData>

    thank you