0x80072f0c

Posted onby

I have have worked on a case where external access to the ADFS service was blocked and the Remote Access Management console on the WAP server fails with this error:

Web Application Proxy could not connect to the AD FS configuration storage and could not load the configuration. Make sure that the Web Application Proxy server can connect to the AD FS server, and if not, run the Install-WebApplicationProxy command.

0X80072F0C: Unknown: 0x80070057: Invalid parameter or argument is passed. 0x80090020: NTEFAIL: 0x80090027: Caller provided a wrong parameter. If third-party code receives this error, they must change their code. 0x8009002D: NTEINTERNALERROR: 0x801C0001 ADRS server response is not in a valid format. 0x801C0002: Server failed to authenticate. Stack Overflow for Teams is a private, secure spot for you and your coworkers to find and share information. I've read a couple of strings indicating that Microsoft is having issues setting up domain names at this time. Don't know if my issues are related however, let me give you.

(0x80075213)

  • Crosspost from r/Intune (can't seem to figure out anymore how to properly crosspost.facepalm.). Hi all, for our client some two weeks a go I created a GPO in line with Microsoft Documentation to register shy of 50 devices (laptops) in Intune (it's a hybrid AD setup).
  • Fix Unable to Add and Use PIN Sign-in Option in Windows 10 - Last updated on July 29, 2017 by VG. Windows 8, Windows 8.1 and Windows 10 operating systems allow their users to use PIN code as an alternative sign-in option.

The Event log on the WAP server displayed these errors (event IDs 12025, 422) repeatedly:

Log Name:Microsoft-Windows-WebApplicationProxy/Admin

Source:Microsoft-Windows-WebApplicationProxy

Event ID: 12025

Task Category: None

Level:Error

Keywords:

User:NETWORK SERVICE

Description:

Web Application Proxy encountered an error while retrieving the configuration from configuration storage.

Log Name:AD FS/Admin

Source:AD FS

Event ID: 422

Task Category: None

Level:Error

Keywords:AD FS

User:NETWORK SERVICE

Description:

Unable to retrieve proxy configuration data from the Federation Service.

Additional Data

Trust Certificate Thumbprint:

10ADAFD5258XXXXXXXXXXXXXXXXXXF78C8436C15

Status Code:

Exception details:

System.Net.WebException: Unable to connect to the remote server —> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond xx.xx.xx.xx:443

0x80072f0d Roblox

at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)

at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)

— End of inner exception stack trace —

at System.Net.HttpWebRequest.GetResponse()

at Microsoft.IdentityServer.Management.Proxy.StsConfigurationProvider.GetStsProxyConfiguration()

As a initial step, I checked the certificate used by the primary WAP server, using the Get-WebApplicationProxySslCertificate cmdlet:

Compared the CertificateHash of the WAP certificate with the service communication certificate on the primary ADFS backend servers:

Get-ChildItem -Path cert:LocalMachineMy FL FriendlyName, Thumbprint, Subject, NotBefore, NotAfter

As the CertificateHash matches, I restarted the WAP server, and verified the error status.
Finally I used the Install-WebApplicationProxy cmdlet to re-establish the trust between the WAP and the ADFS backend, using an elevated PowerShell command:

Install-WebApplicationProxy -CertificateThumbprint “SvcCertThumbprint” -FederationServiceName “fs.adatum.dk

When prompted for credentials, enter the username and password of an account with administrative permission on the ADFS backend server.

Verify the change in the Event log of the WAP server (event IDs 245 and 252) to ensure the connection has reestablished:

Log Name:AD FS/Admin

Source:AD FS

Event ID: 245

Task Category: None

Level:Information

Keywords:AD FS

Description:

The federation server proxy successfully retrieved its configuration from the Federation Service ‘fs.adatum.dk’.

Log Name:AD FS/Admin

Source:AD FS

Event ID: 252

Task Category: None

Level:Information

Keywords:AD FS

User:NETWORK SERVICE

Description:

The AD FS proxy service made changes to the endpoints it is listening on based on the configuration it retrieved from the Federation Service.

0x80072f06 Mail

Endpoints added:

Endpoints removed:

I finally reloaded the ADFS service using:

Restart-Service adfssrv

Microsoft Store Error 0x80072ee7 Windows 10

In the Event log, look for:

Log Name:AD FS/Admin

0x80072f0c Web Application Proxy

Source:AD FS

Event ID: 198

Task Category: None

Level:Information

Keywords:AD FS

User:NETWORK SERVICE

Description:

The federation server proxy started successfully.

0x80072f0d

After this, external clients could again access the ADFS sign-in page 🙂

-->

Applies to

  • Windows 10

When you set up Windows Hello in Windows 10, you may get an error during the Create a PIN step. This topic lists some of the error codes with recommendations for mitigating the problem. If you get an error code that is not listed here, contact Microsoft Support.

Where is the error code?

The following image shows an example of an error during Create a PIN.

Error 0x80072f0c

Error mitigations

When a user encounters an error when creating the work PIN, advise the user to try the following steps. Many errors can be mitigated by one of these steps.

  1. Try to create the PIN again. Some errors are transient and resolve themselves.
  2. Sign out, sign in, and try to create the PIN again.
  3. Reboot the device and then try to create the PIN again.
  4. Unjoin the device from Azure Active Directory (Azure AD), rejoin, and then try to create the PIN again. To unjoin a desktop PC, go to Settings > System > About and select Disconnect from organization. To unjoin a device running Windows 10 Mobile, you must reset the device.
  5. On mobile devices, if you are unable to setup a PIN after multiple attempts, reset your device and start over. For help on how to reset your phone go to Reset my phone.If the error occurs again, check the error code against the following table to see if there is another mitigation for that error. When no mitigation is listed in the table, contact Microsoft Support for assistance.
HexCauseMitigation
0x80090005NTE_BAD_DATAUnjoin the device from Azure AD and rejoin.
0x8009000FThe container or key already exists.Unjoin the device from Azure AD and rejoin.
0x80090011The container or key was not found.Unjoin the device from Azure AD and rejoin.
0x80090029TPM is not set up.Sign on with an administrator account. Click Start, type 'tpm.msc', and select tpm.msc Microsoft Common Console Document. In the Actions pane, select Prepare the TPM.
0x8009002ANTE_NO_MEMORYClose programs which are taking up memory and try again.
0x80090031NTE_AUTHENTICATION_IGNOREDReboot the device. If the error occurs again after rebooting, reset the TPM or run Clear-TPM.
0x80090035Policy requires TPM and the device does not have TPM.Change the Windows Hello for Business policy to not require a TPM.
0x80090036User canceled an interactive dialog.User will be asked to try again.
0x801C0003User is not authorized to enroll.Check if the user has permission to perform the operation​.
0x801C000ERegistration quota reached.Unjoin some other device that is currently joined using the same account or increase the maximum number of devices per user.
0x801C000FOperation successful, but the device requires a reboot.Reboot the device.
0x801C0010The AIK certificate is not valid or trusted.Sign out and then sign in again.
0x801C0011The attestation statement of the transport key is invalid.Sign out and then sign in again.
0x801C0012Discovery request is not in a valid format.Sign out and then sign in again.
0x801C0015The device is required to be joined to an Active Directory domain.​Join the device to an Active Directory domain.
0x801C0016The federation provider configuration is emptyGo to http://clientconfig.microsoftonline-p.net/FPURL.xml and verify that the file is not empty.
0x801C0017​The federation provider domain is emptyGo to http://clientconfig.microsoftonline-p.net/FPURL.xml and verify that the FPDOMAINNAME element is not empty.
0x801C0018The federation provider client configuration URL is emptyGo to http://clientconfig.microsoftonline-p.net/FPURL.xml and verify that the CLIENTCONFIG element contains a valid URL.
0x801C03E9Server response message is invalidSign out and then sign in again.
0x801C03EAServer failed to authorize user or device.Check if the token is valid and user has permission to register Windows Hello for Business keys.
0x801C03EBServer response http status is not validSign out and then sign in again.
0x801C03ECUnhandled exception from server.sign out and then sign in again.
0x801C03EDMulti-factor authentication is required for a 'ProvisionKey' operation, but was not performed.
-or-
Token was not found in the Authorization header.
-or-
Failed to read one or more objects.
-or-
The request sent to the server was invalid.
Sign out and then sign in again. If that doesn't resolve the issue, unjoin the device from Azure Active Directory (Azure AD) and rejoin.
0x801C03EEAttestation failed.Sign out and then sign in again.
0x801C03EFThe AIK certificate is no longer valid.Sign out and then sign in again.
0x801C03F2Windows Hello key registration failed.ERROR_BAD_DIRECTORY_REQUEST. Another object with the same value for property proxyAddresses already exists. To resolve the issue, refer to Duplicate Attributes Prevent Dirsync. Also, if no sync conflict exists, please verify that the 'Mail/Email address' in AAD and the Primary SMTP address are the same in the proxy address.
0x801C044DAuthorization token does not contain device ID.Unjoin the device from Azure AD and rejoin.
Unable to obtain user token.Sign out and then sign in again. Check network and credentials.
0x801C044EFailed to receive user credentials input.Sign out and then sign in again.

Errors with unknown mitigation

For errors listed in this table, contact Microsoft Support for assistance.

HexCause
0X80072F0CUnknown
0x80070057Invalid parameter or argument is passed.
0x80090020NTE_FAIL
0x80090027Caller provided a wrong parameter. If third-party code receives this error, they must change their code.
0x8009002DNTE_INTERNAL_ERROR
0x801C0001​ADRS server response is not in a valid format.
0x801C0002Server failed to authenticate the user.
0x801C0006Unhandled exception from server.
0x801C000BRedirection is needed and redirected location is not a well known server.
0x801C000CDiscovery failed.
0x801C0013Tenant ID is not found in the token.
0x801C0014User SID is not found in the token.
0x801C0019​The federation provider client configuration is empty
0x801C001AThe DRS endpoint in the federation provider client configuration is empty.
0x801C001B​The device certificate is not found.
0x801C03F0​There is no key registered for the user.
0x801C03F1​There is no UPN in the token.
​0x801C044CThere is no core window for the current thread.
0x801c004DDSREG_NO_DEFAULT_ACCOUNT: NGC provisioning is unable to find the default WAM account to use to request AAD token for provisioning. Unable to enroll a device to use a PIN for login.

Related topics