Lrl

hi, not powershell guy go easy on me here. found script use. script scans missing patches via ms's mbsa, downloads them , generates batch file install missing ones. issue having command downloads patches doesn't download anything. author of script has closed wrote on site future comment. ideas? $updatexml = “updates.xml” $tofolder = “c:\temp\” $installfile = $tofolder +”\_install.bat” #initialize webclient downloading files $webclient = new-object net.webclient $webclient.usedefaultcredentials = $true # content of xml file $updates = [xml](get-content $updatexml) “@echo off” | out-file $installfile “rem install patches” | out-file $installfile -append foreach ($check in $updates.xmlout.check) { write-host “checking for”, $check.name write-host $check.advice.tostring() #checking files download foreach ($updatedata in $check.detail.updatedata) { if ($updatedata.isinstalled -eq $f...

i've been looking document has sort of step step setup site site vpn between 2 servers. so here's have: remote server (hosted) we'll using our off site backup. it's running windows server 2008 r2 internal server use backup of servers , plan have internal server sends copy of backup remote server off site backup. internal server using wbadmin backup. so, i'd appreciate if provide me document utilize setup , running. of course, going perform test on 2 servers in inside network myself familiar setup before set production servers.   thanks in advance.     mohsen almassud see if these links help. ====== configure vpn tunnel using rras , no tmg, or demand dial vpn. it's possible create site-to-site vpn using rras have careful setting up. static routes route traffic 1 site other must bind demand-dial interfaces when connection made. have set manually. when happens routing work between sites. each site must have static route other site thro...

hi, i'm in process of changing our ca can issue sha256 certificates instead of "only" sha1 certificates. however. step 1 ca, , step fails. from within certificate authority mmc, try start backup: but fails: ok. maybe private key missing? how tell? i have following ca certs: if @ corresponding certs in certificate manager on ca (local computer/trusted root certification authorities), can find certs via thumbprint. certificate #3 definitively have private key - i'm able export cert .pfx file. any idea happened previous private keys? ca may unable create correct crls without previous private keys. if dont have access old keys anymore, can change the  hkey_local_machine\system\currentcontrolset\services\certsvc\configuration\pdc-certificateauthority\cacerthash value remove old thumbprints , replace hypen this: - - - - ba 01 61 3a 4c 6e 9e 84 bb 6b 72 19 89 77 47 48 4a 02 0d ba stop , restart ca read value. recommend backing ...

hello i tried to install version of " hyper - v 2016" but i have problem . microsoft hyper-v server 2016 technical preview 5 -> tp5 version tp5 was in itself drivers for network cards hp dl580 g7 nc375i , but the final version not support these cards. how can you move drivers from tp5 to the final version ? the driver of the hp windows 2012 r2 do not install themselves . i have a note about not supported operating system . is possible to do something in compatibility mode with previous versions ? after uploading the windows update and maneuver with installation of drivers like windows 10 my nc375i network cards are in system :) hyper -v 2016 Windows Server  >  Hyper-V ...

hi there i have general question , appreciate if make clear. i approve security update sql server 2008 service pack 3 (kb2716436) released other day. if go file information in wsus, see following 3 files: 1) sqlserver2008-kb2716436-ia64.exe 2) sqlserver2008-kb2716436-x64.exe 3) sqlserver2008-kb2716436-x86.exe once click approve, wsus fetches 3 files although need one. maybe missing something, there way approve update 1 particular architecture only? thank you stefan hi there i have general question , appreciate if make clear. i approve security update sql server 2008 service pack 3 (kb2716436) released other day. if go file information in wsus, see following 3 files: 1) sqlserver2008-kb2716436-ia64.exe 2) sqlserver2008-kb2716436-x64.exe 3) sqlserver2008-kb2716436-x86.exe once click approve, wsus fetches 3 files although need one. maybe missing something, there way approve update 1 particular architecture only? thank you stefan not think there ...

hi there, i getting following error below when attempting rdp windows 2000 server box.  server p2v'd , dis joined , rejoined domain.  event viewer not show logs regarding this.  ideas?   the system can not log on due following error: the stub received bad data. please try again or consult system administrator hi, you can refer following link: http://support.microsoft.com/kb/897662 http://support.microsoft.com/kb/2028588   Windows Server  >  Remote Desktop Services (Terminal Services)

i need script that will query active users in a 2008r2 active directory environment , check whether or not roaming profile configured.  newbie when comes scripting if there can assist, appreicate it. thank you, here version retrieves users , outputs samaccountname , either true (if profilepath starts "\\" indicating unc path) or false (if profilepath has no value local path). 1 line: get-aduser -filter * -properties profilepath | select samaccountname, @{name= "roaming profile" ; expression={ $_ .profilepath -like "`\`\*" }} ----- richard mueller - mvp directory services Windows Server  >  Windows PowerShell

please provide me link storport driver 2008 sp-2 64bit  asap. hi,   what kind of host bus adapter (hba) did used? please provide details.   vincent hu technet community support Windows Server  >  Windows Server General Forum

i use third party credential provider provider radius authentication 3 factors (username, password, , otp). when connect can switch user user to bypass radius provider. i don't whant this. if disable passwordcredential provider on computer, can not use-it after connect (for runas, uac elevated, or remote desktop connection). it's possible to  force 1 security provider on login screen ? best regards hi luc, please check if gpo setting helpful: location: gpmc->computer configuration->administrative templates->system->logon->... gpupdate /force best regards, andy please remember mark replies answers if help. if have feedback technet subscriber support, contact tnmff@microsoft.com . Windows Server  >  Security ...

trying write powershell script automated deployments ssrs 2014.  my problem linking report shared dataset.  i keep getting error:  [error] cannot convert argument "itemreferences", value: "system.object[]", for  [error] "setitemreferences" type "ssrs.reportingservice2010.itemreference[]":  [error] "cannot convert "ssrs.reportingservice2010.itemreference" value of type  [error] "ssrs.reportingservice2010.itemreference" type  [error] "ssrs.reportingservice2010.itemreference"." [error] @ c:\users\bshaw20\documents\ssrs\powershell deploy\ssrs deploy\ssrs  [error] deploy\prototypev4.ps1:224 char:46 [error] +         $rs.setitemreferences($reportpath, @($mydataset)) [error] +                                             ...

hi, please on how let workstation inside lan (joinned domain) syn workstation time domain controller. the statement embedded in login script "net time /set /yes" the error message sysmte error 1314 has occured a required privilege not held client... thanks !! do users have rights change system time?  try grant rights change system time domain users on specific workstation. may refer below one: net time \\server /set /yes http://www.experts-exchange.com/networking/windows_networking/nt/q_10090938.html   Windows Server  >  Management

hi guys, i have interesting query, on server 2008 , previous, create file shares, , give users ability create files, folders, rename , copy them not delete them advanced security button, using deny delete, on server 2012 r2, unable to, seems have allow permissions or delete, i need allow users abilities create files/folders, rename, copy , edit, not able delete @ all, being files , folders, have tried setting special permissions , removing delete , delete subfolder , files when user tries rename folder once creating 1 cannot rename it, have set deny permission delete , delete subfolders , files, , under basic security set can modify, read , edit, please can help. i assuming @ dead end? could be. windows treats file renaming operation deletion of file , creation of new file new name delete permissions required.       regards, dave patrick .... microsoft certified professional microsoft mvp [windows] disclaimer: posting provided "as ...

we use application provided on citrix 3rd party.   citrix client connects 1 server initially, load balanced 1 of several other serves.  the load balancer sends ipv4 address client open session , launch application. is possible make work on direct access?  as understand it, da connection needs name of remote server, , resolves name ipv6 address translated ipv4 address @ ras server before being forwarded on.  is there way send traffic on da connection ipv4 address destination? using: server 2012 windows 7 enterprise hi, i no can not connect ipv4 resources. but since talk citrix added information below: i had similar situation da , citrix involved. solution in end was put csg. the things trying was: http://support.citrix.com/article/ctx128436 http://ronnyholtmaat.nl/accessing-citrix-web-interface-over-a-direct-access-uag-solution/ the purpose/goal to try , citrix send dns name resolved client. since never got working csg...

when booting whs 2011 rig, freezes, after loading windows @ black screen, pressing f8 , selecting safe mode networking runs thru screen on loading files safe mode , freezes on file called classpnp.dll. created iso of whs 2011 cd. run system repair install disk(usb) froze once loaded loaded enviroment. suggestions me problem solved , appreciated. if have replace os drive fresh install pick files stored on other drives. 14tb system 10tb used. losing devastating. please help!  they'll on here. windows home server 2011 forum on technet       regards, dave patrick .... microsoft certified professional microsoft mvp [windows] disclaimer: posting provided "as is" no warranties or guarantees , , confers no rights. Windows Server  >  Windows Serve...

our ad has few objects cn length of on 64 characters. since maximum length of cn defined 64, seems odd.    able find objects using following powershell script: get-adobject -filter * -properties cn , objectcategory , objectclass | where-object { $_ . cn . length -gt 64 } | fl name , cn , @{name = 'cn len' ;expression = {( $_ . cn) . length}} , objectclass , objectcategory all of objects are cnf (conflict) objects.  here's example of 1 of objects name            : srv-comp-factry-netoasis-change                  cnf:aca8678f-25dc-47dd-b518-5aaaa9185e8a cn              : srv-comp-factry-netoasis-change                  cnf:aca8678f-25dc-47dd-...

i'm on build 10030 w10 professional , when trying upgrade 10058, 10059 or 10062 error says following: 0xc1900101 - 0x20017 installation failed in safe_os phase error during boot operation in c:\$windows.~bt\sources\panthe\setuperr.log 2015-07-07 10:14:13, error                        callpidgenx: pidgenx function failed on product key. (hr = 0x8a010001) 2015-07-07 10:14:22, error                 conx   wlanopenhandle failed error 00000426 2015-07-07 10:14:22, error                 conx   failed initialize wireless class data 80070426 2015-07-07 10:14:22, error                 conx   failed in...

i need upgrade 32bit server 2003 server 2012 essentials (http://social.technet.microsoft.com/forums/windowsserver/en-us/0d87db8a-a6d0-4adc-9dc2-d31fb7a2021b/32bit-server-2003-upgrade-path-to-2012-essentials?forum=winserver8setup&prof=required - thread details on setup , such) since it's 32bit moving 64bit direct path isn't available , i've seen mention of doing p2v of original server , installing 2012 server in 'migrate' mode. suggested check on here steps p2v of original server, here am. start? the best advice rebuild scratch. sure have 64-bit hardware since running 32-bit os? sure hardware vendor supports windows server 2012 ( www.windowsservercatalog.com ).  p2v notorious presenting sorts of issues going , leaving little time-bombs in converted image crop later.  then, upgrading in place through multiple versions creates whole lot of more garbage.  if ever had call support, tech groan , wish had never come work day.  there many things go wrong, ne...

hello, i have move user objects existing windows server 2003 domain newly build windows server 2008 r2 domain. as know should use admt3.1 perform operatin not able migrate sid old domain new. it tells me auditing , tcpipclientsupport cannot found, access denied. 1. there two-way trust between domains 2. auditing enabled on both domains 3. reg-key in hlkm\controlset\....\lsa set 4. user new domain member of administrators in old domain now question: what setup has done sid migration running??? thanks in advance. hello, look @ technet kb on migrating sid history well http://technet.microsoft.com/en-us/library/aa996171(exchg.65).aspx also, make sure user account using both in domain admins group in both domains respectively isaac oben mcitp:ea, mcse Windows Server  >  Migration ...

hi, we have 2-tier pki 2 subordinate issuing cas crlperiod of days , crlperiodunits of 14 me says publish new crl every 14 days.  found crl expired yesterday caused issues clients had certs issued ca.  issued 'certutil -crl' and a new crl published http site , ad.  other subordinate issuing ca's crl set same way , renews no problem.  suggestions on why crl did not renew? thanks help! sdedot that active directory ldap error caused publish process fail. can see if there other ad related error messages. have been transient issue won't repeat, if does, should preventing machine reaching domain. mark b. cooper, president , founder of pki solutions inc., former microsoft senior engineer , subject matter expert microsoft active directory certificate services (adcs). known “the pki guy” @ microsoft 10 years. connect mark @ http://www.pkisolutions.com Windows Server ...

hi, i'm facing problem since month on rds server 2012 r2. its virtual machine, hosted on hyper-v 2012 r2. everything worked far since 1 month when add trouble users. randomly during day, server slow down, users got kicked remote session, , when try come back, got black screen. when event appear, i'v tried check server state, task manager or anything, , cannot browse on server because slow answering or not answering @ all. the work arround found this, reboot server. problem is, right now, need reboot server everyday .... i've tried many things : - restore vhdx system previous state (using veeam 14 days ago restaure backup) - enable automatic disconnection inactive or pending remote session (users doesnt log off properly) set 1 or 10 minutes. - windows update installed. none of things correct problem. any ideas ? tools can use on server gather data provide find solution ?   hi, please check whether hotfix installed: a windows server 2012 r2 ...

so may have done daft, did in place server upgrade 2012 2016 upgrading wsus along way 10.0.14393.0. now nothing seems broken , working should (no event error etc) i'm nervous, should out , can check take away doubt? should note not end of world if need restore backup or bin server , start again. sorry such late reply.   the upgrade did work , every seemed fine machines weren't checking in amongst other problems ended rebuilding server , separating out db sql. thanks responses. Windows Server  >  WSUS

hi, we have 2012 r2 remote desktop deployment, 2 session collections, gateway server, , connection broker. we have set these session collections use centralised user profile disks. what having issue with, when user sets profile image through server have logged on (i have desktop experience pack installed able this), can see user tile has been set image in settings , on start menu, log off server , on, profile image has been reset default blank image. i have checked of group policy options, , cannot find settings impacting this. does have ideas why these images not persisting users or admins? thanks, eds please check user not getting temporary profile each time logs in. also, make sure rdp client configured display wallpaper: http://www.webapper.com/blog/index.php/2007/10/18/enabling-desktop-wallpaper-on-remote-desktop-terminal-services/ this posting provided "as is" no warranties or guarantees , , confers no rights. get active directory user ...

hello everyone,  i in middle of testing 2003 2012 domain controller migration.  i have cloned our 2 current 2003 dc's , spun 2 additional 2012 dcs, of in isolated virtual environment.  i have transferred roles 2012 dc's, went fine.  i @ point of demoting 2003 dc's, during dcpromo process prompted "this domain controller holds last replica of following application directory partitions:  dc=tapi3directory,dc=xxx,dc=local.  i understand tapi3 used telephony relies on ad.  i cannot clear answer (recent turnover) whether need this.  my question is, how can copy/replicate/move or re-create application directory partition on server 2012 dc?  everything research leads tapicfg not valid command in server 2012.   if there way can please explain? time. damien hi thanks posting question.  in exact same situation, , @ exact same step. now i've replicated partition new 2012 r2 dc in exact same way as did, n...

we use dfs , dfs-r.  server 2008 r2.  we have our files split between 2 file servers, 4 tb on each one.  they replicate 1 partner each @ our dr site. to avoid problems caused lack of distributed file locking in dfsr, have dfs targets on dr side disabled users referrals production side. but believe in failover situation users not referral, if file server on production side went down, because have targets on dr side disabled. we have quite few dfs targets.  maybe 25.  does know of script, or other method, automate changing targets disabled enabled, , targets enabled disabled? hi, if dr site site data site (sounds so), enabled these targets on dr site, users should still directed "in site" target. default. we not have such setting automatically enable disabled site when enabled site down. have manually (with run script, enable in dfs management etc). if have feedback on our support, please send tnfsl@microsoft.com. ...

operating system failure (windows bug check, stop: 0x00000050 (0xfffff8811f216660, 0x0000000000000001, 0xfffffa600b61769e, 0x0000000000000005)) note have posted query in forum dedicated windows server 2016.  issues on current releases of windows server, should post here - https://social.technet.microsoft.com/forums/en-us/home?forum=winserver8gen does help? - https://msdn.microsoft.com/en-us/library/windows/hardware/ff559023%28v=vs.85%29.aspx?f=255&mspperror=-2147217396 almost hardware issue.  did install new driver? . : | : . : | : . tim Windows Server  >  Windows Server General Forum

hello have problem sound blaster cards got 2 of them. one sb0220 secound 1 sb0090. both od them didnt work correctly. the sb0220 cant find drivers , windows cant find in ur database. cant use anyway. but sb0090 have problem microphone, when installed drivers creative sound blaster site or you'r data base microphone can't work properly. sound working fine microphone not react. anyway when unmute microphone @ output configuration mean in sound device configuration if u know mean can hear myself in input configuration mean recording devices configuration windows can't notice activities. yes if can't working in windows 8 (most likely) won't working in 10. case microsoft operating systems , applications/drivers. the drivers entirely manufacturer, manufacturers not hard set operating system value in driver , leaves open future versions of windows (which why lot of drivers 8.1 still install , function in 10). manufacturers support specific os's specif...

hi, i have windows 2008 r2 standard edition server terminal server role installed, when connecting xp pc using remote desktop connection in option had select local drive , printers. but after connecting server not able see xp machine local drive. please me on this. in situation, found users have 2 sessions (even though it's set limit 1). i log server admin, go admin tools, rds, remote session manager, , log off user disconnected. when user logs in again, local drives show up. Windows Server  >  Remote Desktop Services (Terminal Services)

hi, have been working on day !! hope can point me in correct direction. we have fewl legacy xp machines left not connect our new 2012r2 ca. the ca working fine , other workstations autoenrolling without issues (vista , 7 , 8) i've downgraded security on ca per microsoft article, certificate templates xp compatible too. the error id 13, 0x800706ba (win32 : 1722) when running certutil -ping -config xyxyy.com\xyyg-server-ca i can ping ca server , dns resolves. i've check dcom settings, looks ok. so stuck :( , great appricated. kind regards mark another possibility ca certificate uses unsupported public key algorithm (ecc/ecdsa) or signature algorithm (rsassa-pss, example). can confirm ca cert algorithms? vadims podāns, aka powershell cryptoguy weblog: en-us.sysadmins.lv powershell pki module: pspki.codeplex.com powershell cmdlet editor pscmdlethelpeditor.codeplex.com check out new: ssl certificate verifier check out new: powershell file checksum int...

i trying setup routing , remote access on windows 2003 server i'm having trouble. i went thru wizard , configured it.  i'm able connect server outside cannot access resources.  (i.e. cannot ping anything) it seems dns resolution.  here's ip address scheme: rras server: 172.16.0.26  subnet mask 255.255.252.0   gateway 172.16.0.1 i created static ip address pool in range of 172.31.37.10 thru 37.100 i have cisco 6513 switch that's doing switching/routing.  have setup 172.31.37.1 on switch , can ping internally , rras server. the cisco switch dhcp server didn't want setup dhcp relay on rras server because don't know dhcp address try pull since have many different subnets.  when right click on static routes , go "show ip routes", here's get: 0.0.0.0            0.0.0.0                 172.16.0.1...

inability mac os x 10.4 , 10.5 view shares when connecting via smb 2008 r2 cluster running file services     environment defined following:   servers:   file server cluster "filecluster" two 2008 r2 enterprise servers hosting failover cluster providing file services (smb only) - fresh installation , put production.  located in "server" subnet.   running on hp bl460cg6 , connected 3par inserve t800 via qlogic fc mezzanine adapters -> brocade 8gb fc c7000 chassis switches -> inserv fc adapters.   file server standalone "sparky" 1 2008 r2 standard being used workstation - in-place upgraded 2008 sp1 sp2 r2 (over several months).  located in "user" subnet.   local sata storage used testing.   workstations:   1 mac running os x 10.6.2 1 mac running os x 10.5.8 1 mac running os x 10.4.11   above workstations in "user" subnet.   users:   all users domain users appropriate rights shares, , ntfs level permissions conf...

every time restart windows 2012 server, iscsi target service unavailable clients though appears running. i have restart service, clients can connect it.  tried change startup type delayed, error 87: parameter incorrect. i've tried delete , recreate vhd , iscsi target. i've tried uninstall role, , reinstall it.  anybody have additional ideas try , troubleshoot this? thank you james roper so service starting , somehow freaking out. whatever reason, can not tell microsoft iscsi software target delay automatic start.  i got around problem following steps: setting microsoft iscsi software target service manual create cmd file startiscsi.cmd timeout 60 net start wintarget created task run startiscsi.cmd on startup configured task start if nobody logged on yet. now iscsi target starts on own without user intervention james Windows Server ...

hi, i have been reading virtualization day , there not alot of information being released how correctly configure it. we have ibm blade centre here have installed server 2008 enterprise first blade , added hyper-v role good. blade attached san. 1 ) if want run virtual servers otehr 13 blades have install server 2008 core servers , manage first server? 2) take can use san virtual hard disk , storing virtual machine? is correct or have got wrong completely? thanks in advance! correct on both.   cheers, ben Windows Server  >  Hyper-V

hi i'm trying configure remoteapp run of our legacy web apps require java 1.6.31, need working on 2012 r2. i can't java 1.6.31 run user on server 2012 r2 in ie11 remoteapp or otherwise. java works if user in administrator group (even though not prompt admin rights), or if launched through mozilla firefox, believe security feature need disable/give exceptions for. esc disabled both users , administrators now. all our group policies apply our windows 8.1 (ie11) installs being applied server, , java runs fine there. i've run ie standard user , administrator , checked every setting in internet settings identical, , i've gone through rsop both accounts , both same in terms of internet settings/add-on management. i'm absolutely stumped. has had similar set-up, or similar issues? hi cartman, have disabled both users , admin now. intend re-enable admins when working. what ended doing work installing 64bit java , publishing 64bit ie. i'm not ...

i have client computer running win 7. it's on domain running server 2012. had 3 folders mapped computer, , 1 of folders set sync offline files, wrong one. unchecked "make available offline" setting. un indexed folder. tried set correct folder "make available offline", it's greyed out. i've tried multiple fixes nothing works. can show me how make correct folder available offline files. thank you. do mean always available offline ? you may need initalize/reset offline files database... http://www.networknet.nl/apps/wp/archives/1093 best, howtodo Windows Server  >  Windows Server 2012 General

hi, i'm noobie in windows servers change it. first question not issue directly related server, think it's important. put server in home lan? mean, server have right after router, following server , switch enable connect other computers or doesn't matter? second question similar first first, guess have tell how lan set. there router purchase upc. router connected desktop computer, server , wifi switch. yestarday after connected  not configured, installed trial version of server 2008r2 router couldn't go internet laptop, connects wifi switch. guess have set network connection on server (which have time), why effects laptops when server connect directly router , wifi switch too. thank answer , forgive me english :-) depends on how router configured. try connecting server switch port instead. check see if router using supports vpn. lots of routers today have vpn capabilities. so configure router act basig firewall/ vpn router (if has abilities). ...

hello all we have auditing configured on our dcs, user account management. none of events created in security event log. tried create new event log file , restart. didnt help. rsop shows policy configured correctly. any ideas? hi, thanks posting in forum. regarding current issue, please first try collect following information see if gpo settings have applied client correctly. gpmc.log ================== a. on domain controller, click start ->run, type gpmc.msc, load gpmc console. b. right click on "group policy result" , choose wizard generate report problematic computer , user account (please place appropriately). (choose computer , select proper user in wizard) c. right click   the resulting group policy result , click "save report…" => save report save report html file. in addition, please try refer following article see if help. troubleshooting event viewer http://technet.microsoft.com/en-us/library/cc76...

greetings, we having problems files on being edited/read when folder quota enabled of file screen enabled. scenario: i have shared folder on win 2008 r2 server. transfered files folder, enabled quota particular folder 4gb, enabled file screening particular folder prevent other formats saved. problem when opened file in particular folder gives error unable save file or choose different location. upon disabling of quota , screening returns normal, can edit files inside shared folder. whats seems causing read only? i performed following: while quota , filter enabled set security permissions full access everyone, still same results i created new shared folder, enabled quota , filter, created new file inside folder. file created inside folder can edited , can save in location.   thanks!   whether "files" mentioned office files? if so, may caused file screen, office files create temp file when trying edit, "other formats" cannot create...

hi all,   i have questions w32time service:   1.      how config highly precise time(within milliseconds)? please provide reference.   2.      will value of “type”(such as”nt5ds”) under   hkey_local_machine\system\currentcontrolset\services\w32time\parameters take precedence on in “ntpserver”?     3.      is possible delete “ntpserver” entry?   4.      how date format works? example, 149530 13:04:53.4015500s .   any suggestion or reference appreciated. here articles: http://technet.microsoft.com/en-us/library/cc773263(ws.10).aspx if in domain environment, please refer following article: http://technet.microsoft.com/en-us/library/cc773013(ws.10).aspx http://support.microsoft.com/kb/816042/en-us   santhosh sivarajan | mcts, mcse (w2k3/w2k/nt4), mcsa (w2k3/w2k/ms...

hi, can please me resolve issue adfs 2.0. in fact, configured adfs idp signing , encrypting assertions; configured public key of sp certificate (ping federated) encrypt assertions. besides sp use extended validation certificate (with add subject serialnumber in common name of certificate), although got following error message in windows log viewer : encountered error during federation passive request.   additional data exception details: microsoft.identityserver.web.authorizationfailedexception: msis7011: access denied.    @ microsoft.identityserver.web.federationpassiveauthentication.requestbearertoken(httpsamlrequestmessage httpsamlrequest, securitytokenelement onbehalfof, string& samlpsessionstate, string& samlpauthenticationprovider)    @ microsoft.identityserver.web.federationpassiveauthentication.buildsigninresponsecorewithserializedtoken(string signontoken, wsfederationmessage incomingmessage)    @ m...