This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 49%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENT%3C/text%3E%3C/svg%3E)
I have issue with ADFS authentication on My exchange server. The problem encountered in the ADFS 3.0 of the window server 2012 and exchange server 2013 cu22. I followed the below instruction link to config AD FS claims-based authentication with Outlook Web App and EAC:
https://learn.microsoft.com/en-us/exchange/using-ad-fs-claims-based-authentication-with-outlook-web-app-and-eac-exchange-2013-help
In my web browser (Chrome, Firefox), I sign in OWA, response returns the http error 401. I try to sign in EAC by type my username (domain\user) and password, EAC show message "An error occurred. Contact your administrator for more information". I check event viewer of Exchange Server, there are no errors in event viewer. I check event viewer of ADFS server, the following error was reported:
ncountered error during federation passive request.
Additional Data
Protocol Name:
wsfed
Relying Party:
https://mailsrv.contoso.com/ecp/
Exception details:
Microsoft.IdentityServer.Web.InvalidRequestException: MSIS7042: The same client browser session has made '6' requests in the last '1' seconds. Contact your administrator for details.
at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.UpdateLoopDetectionCookie(WrappedHttpListenerContext context)
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.SendSignInResponse(WSFederationContext context, MSISSignInResponse response)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
I already search in google about error MSIS7042 but nothing can solve my problem.
Any idea to help me?
Thank for your help.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYS%3C/text%3E%3C/svg%3E)
Hi @Nguyen Thanh Tung ,
According to your description, the issue is related to adfs, so I'll add the "adfs" tag for the case to be visible by more community members who are familar with ADFS.
Also during my research, found the thread below which disucsses the same error under the adfs tag, you may have a look and see if it could be of some help:
ADFS 3.0 error 364 (msis 7042) on ADFS + error 224 on ADFS PROXY maybe after windows update.
By the way, considering that it's a public forum, I'll remove the domain name in your original post for privacy-related concerns. Please remember to obfuscating any sensitive information involved in your future post to protect the personal information.
Because web application proxy is optional, so in my dev enviroment I don't use web application proxy server. The thread "ADFS 3.0 error 364 (msis 7042) on ADFS + error 224 on ADFS PROXY maybe after windows update" is not same as my case.
Thank you for remove my domain name in my original post.
My first thought is a browser add-in is causing this.
Can you try disabling the add-ins on the one you are using?
Also try in incognito mode.
I think browser add-in is not reason because chrome/firefox have just installed. I also try in incognito mode before I create this issue.
I send SAML-Tracer image and SAML trace log.
can anyone help me? Thank you so much.
Hard to say what's wrong looking at base64 screenshots :)
Common reasons for tha loop to take place can be:
The token is not accepted by Exchange and Exchange redirects to ADFS again. Are they any logs on Exchange at the time this happens? Maybe there is something wrong in the URIs. Hard to say with screenshots.
ADFS is passive here. Just does what it's asked.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 72%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERU%3C/text%3E%3C/svg%3E)
@Nguyen Thanh Tung were you able to solve this?
Im getting the exact error with ADFS and exchange 2013.
When accessing /OWA i get 401. When accessing /ecp it loops with an error at ADFS about 6 requests in 2 sec.
Were you able to conclude this?
Any response is highly appreciated.
Thanks
@Nguyen Thanh Tung I have the exact same issue. OWA gives me 401 and ECP access loops and ends up at ADFS with an error.
Were you able to solve this?
Thanks in Advance