Page can't currently handle this request

Question

Page can't currently handle this request

Outlawpete285 opened this issue 2 years ago · 2 comments

Hi, I installed the AMS successfully but cannot access the webpage. Either a logon-window appears or the page shows "can't currently handle this request."
I created a spn for the host containing the alias, but also access from the local machine via each possibility (localhost, servername, fqdn) doesn´t work. WebApp-Log shows:

2022-12-19 16:47:20.7896|TRACE|7460||||Lithnet.AccessManager.Server.Workers.AuditWorker|Stopping audit worker background processing thread
2022-12-19 16:47:29.5282|TRACE|5740||||Lithnet.AccessManager.Server.Workers.AuditWorker|Starting audit worker background processing thread
2022-12-19 16:47:29.6460|TRACE|5740||||Lithnet.AccessManager.WebApp.Startup|Waiting for database to become ready
2022-12-19 16:47:29.6460|TRACE|5740||||Lithnet.AccessManager.WebApp.Startup|Database is ready
2022-12-19 16:49:49.7040| INFO|5740|00-d9c521ea8c770664a2c134a282001977-df9a30ffb4e96712-00|::1||Lithnet.AccessManager.Enterprise.AmsLicenseManager|No license information was found on the system
2022-12-19 16:49:49.7733|TRACE|5740|00-eea1c65edefcdf3c02e0404546110aab-e0cf58633a9b72e7-00|::1||Lithnet.AccessManager.ActiveDirectory.DiscoveryServices|Local DCLocator: Finding domain controller for domain xxx.de with flags 0
2022-12-19 16:49:49.7854|TRACE|5740|00-eea1c65edefcdf3c02e0404546110aab-e0cf58633a9b72e7-00|::1||Lithnet.AccessManager.ActiveDirectory.DiscoveryServices|Local DCLocator: Found DC FQDN for domain xxx.de, with flags 0
2022-12-19 16:49:49.9237|ERROR|5740|00-eea1c65edefcdf3c02e0404546110aab-e0cf58633a9b72e7-00|::1||Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware|An unhandled exception has occurred while executing the request.
System.ArgumentNullException: Value cannot be null. (Parameter 'value')
at System.Security.Claims.Claim..ctor(String type, String value, String valueType, String issuer, String originalIssuer, ClaimsIdentity subject, String propertyKey, String propertyValue)
at System.Security.Claims.Claim..ctor(String type, String value)
at Lithnet.AccessManager.WebApp.Authentication.WindowsAccountNameClaimProvider.TransformAsync(ClaimsPrincipal principal) in D:\a\1\s\src\Lithnet.AccessManager\Lithnet.AccessManager.WebApp\Authentication\WindowsAccountNameClaimProvider.cs:line 24
at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.ResponseCaching.ResponseCachingMiddleware.Invoke(HttpContext httpContext)
at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)
2022-12-19 16:49:50.0060|ERROR|5740|00-eea1c65edefcdf3c02e0404546110aab-e0cf58633a9b72e7-00|::1||Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware|An exception was thrown attempting to execute the error handler.
System.ArgumentNullException: Value cannot be null. (Parameter 'value')
at System.Security.Claims.Claim..ctor(String type, String value, String valueType, String issuer, String originalIssuer, ClaimsIdentity subject, String propertyKey, String propertyValue)
at System.Security.Claims.Claim..ctor(String type, String value)
at Lithnet.AccessManager.WebApp.Authentication.WindowsAccountNameClaimProvider.TransformAsync(ClaimsPrincipal principal) in D:\a\1\s\src\Lithnet.AccessManager\Lithnet.AccessManager.WebApp\Authentication\WindowsAccountNameClaimProvider.cs:line 24
at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.ResponseCaching.ResponseCachingMiddleware.Invoke(HttpContext httpContext)
at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.HandleException(HttpContext context, ExceptionDispatchInfo edi)
2022-12-19 16:49:50.0060|ERROR|5740|00-eea1c65edefcdf3c02e0404546110aab-e0cf58633a9b72e7-00|::1||Microsoft.AspNetCore.Server.HttpSys.HttpSysListener|ProcessRequestAsync
System.ArgumentNullException: Value cannot be null. (Parameter 'value')
at System.Security.Claims.Claim..ctor(String type, String value, String valueType, String issuer, String originalIssuer, ClaimsIdentity subject, String propertyKey, String propertyValue)
at System.Security.Claims.Claim..ctor(String type, String value)
at Lithnet.AccessManager.WebApp.Authentication.WindowsAccountNameClaimProvider.TransformAsync(ClaimsPrincipal principal) in D:\a\1\s\src\Lithnet.AccessManager\Lithnet.AccessManager.WebApp\Authentication\WindowsAccountNameClaimProvider.cs:line 24
at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.ResponseCaching.ResponseCachingMiddleware.Invoke(HttpContext httpContext)
at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)
at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.HandleException(HttpContext context, ExceptionDispatchInfo edi)
at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)
at Microsoft.AspNetCore.Diagnostics.StatusCodePagesMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Server.HttpSys.RequestContext1.ExecuteAsync() at Microsoft.AspNetCore.Server.HttpSys.RequestContext1.ExecuteAsync()
2022-12-19 16:49:52.8657|ERROR|5740|00-9cdc892c2b9f19d56154cda677ec3f1e-d6407c792f4999ef-00|::1||Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware|An unhandled exception has occurred while executing the request.
System.ArgumentNullException: Value cannot be null. (Parameter 'value')
at System.Security.Claims.Claim..ctor(String type, String value, String valueType, String issuer, String originalIssuer, ClaimsIdentity subject, String propertyKey, String propertyValue)
at System.Security.Claims.Claim..ctor(String type, String value)
at Lithnet.AccessManager.WebApp.Authentication.WindowsAccountNameClaimProvider.TransformAsync(ClaimsPrincipal principal) in D:\a\1\s\src\Lithnet.AccessManager\Lithnet.AccessManager.WebApp\Authentication\WindowsAccountNameClaimProvider.cs:line 24
at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.ResponseCaching.ResponseCachingMiddleware.Invoke(HttpContext httpContext)
at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)
2022-12-19 16:49:52.8814|ERROR|5740|00-9cdc892c2b9f19d56154cda677ec3f1e-d6407c792f4999ef-00|::1||Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware|An exception was thrown attempting to execute the error handler.
System.ArgumentNullException: Value cannot be null. (Parameter 'value')
at System.Security.Claims.Claim..ctor(String type, String value, String valueType, String issuer, String originalIssuer, ClaimsIdentity subject, String propertyKey, String propertyValue)
at System.Security.Claims.Claim..ctor(String type, String value)
at Lithnet.AccessManager.WebApp.Authentication.WindowsAccountNameClaimProvider.TransformAsync(ClaimsPrincipal principal) in D:\a\1\s\src\Lithnet.AccessManager\Lithnet.AccessManager.WebApp\Authentication\WindowsAccountNameClaimProvider.cs:line 24
at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.ResponseCaching.ResponseCachingMiddleware.Invoke(HttpContext httpContext)
at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.HandleException(HttpContext context, ExceptionDispatchInfo edi)
2022-12-19 16:49:52.8814|ERROR|5740|00-9cdc892c2b9f19d56154cda677ec3f1e-d6407c792f4999ef-00|::1||Microsoft.AspNetCore.Server.HttpSys.HttpSysListener|ProcessRequestAsync
System.ArgumentNullException: Value cannot be null. (Parameter 'value')
at System.Security.Claims.Claim..ctor(String type, String value, String valueType, String issuer, String originalIssuer, ClaimsIdentity subject, String propertyKey, String propertyValue)
at System.Security.Claims.Claim..ctor(String type, String value)
at Lithnet.AccessManager.WebApp.Authentication.WindowsAccountNameClaimProvider.TransformAsync(ClaimsPrincipal principal) in D:\a\1\s\src\Lithnet.AccessManager\Lithnet.AccessManager.WebApp\Authentication\WindowsAccountNameClaimProvider.cs:line 24
at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.ResponseCaching.ResponseCachingMiddleware.Invoke(HttpContext httpContext)
at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)
at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.HandleException(HttpContext context, ExceptionDispatchInfo edi)
at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)
at Microsoft.AspNetCore.Diagnostics.StatusCodePagesMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Server.HttpSys.RequestContext1.ExecuteAsync() at Microsoft.AspNetCore.Server.HttpSys.RequestContext1.ExecuteAsync()

We already installed DecemberUpdates on all DCs, so I hope I can exclude this as a source for the problem. This is a new installation.
Any ideas what might be the problem?

Best Regards
Oliver

Answer 1 · 2022-12-20T00:32:23.000Z

Hi Oliver,

It looks like the AMS service is unable to read the msDS-PrincipalName attribute from AD. Do you have attribute read restrictions in place?

Can you try adding the AMS service account to the Pre-Windows 2000 Compatible Access group as a quick way to confirm or deny this

Ryan

Answer 2 · 2022-12-20T06:48:07.000Z

Hi Ryan,
thanks for the quick and completely right answer. We cleaned the Pre-Windows 2000 Compatible Access group following some security advices. I thought the Windows Authorization Access Group and Access Control Assistance Operators would replace this functionality. It works now. I love this tool and really appreciate your work.
Best Regards
Oliver