none
Getting CardRequestFailedException

    Question

  • Hi,

    I have ADFS RC setup at Windows 2008 Server Standard Edition SP2 64 bit. As soon as I login to provisioning.aspx using domain user account CardRequestFailedException occurs. Details of exception are:

    Microsoft.IdentityServer.CardIssuance.CardRequestFailedException: MSIS7621: Failed to retrieve a information card for the user. ---> System.ServiceModel.FaultException: The server was unable to process the request due to an internal error.  For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework 3.0 SDK documentation and inspect the server trace logs.


    How do I turn on IncludeExceptionDetailInFaults to get more information about the error?

    Regards,
    Piyush
    Wednesday, February 10, 2010 5:36 AM

All replies

  • You should be able to get diagnostic information on the ADFS server machine.
    See http://blogs.msdn.com/card/archive/2010/01/21/diagnostics-in-ad-fs-2-0.aspx for more details.

    Just to clarify, were you using the "silent information card provisioning" (http://blogs.msdn.com/card/archive/2009/06/15/silent-information-card-provisioning.aspx)? 
    If not, then use the URL https://<server>/adfs/card
    Wednesday, February 10, 2010 6:32 PM
  • Hi Rakesh,

    Thanks for the response!

    #1 I checked the diagnostic logs, ADFS eventing logs and security logs of the machine but could not find anything relevant to this exception.

    #2 I'm not using silent card provisioning method the users have to use the URL https://<server>/adfs/card


    What I found was when I give credentials of Domain Admin user it downloads the card but username in card is localmachine\administrator.

    When I login to card website using another domain user it gives me CardRequestFailedException failed exception during card download i.e. in provision.aspx. I used Debug.WriteLine to get information of error. Please have a look at the stack trace:

    CardRequestFailedException
    Microsoft.IdentityServer.CardIssuance.CardRequestFailedException: MSIS7621: Failed to retrieve a information card for the user. ---> System.ServiceModel.FaultException: The server was unable to process the request due to an internal error.  For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework 3.0 SDK documentation and inspect the server trace logs.    
        at Microsoft.IdentityServer.CardIssuance.CardProvisioningClient.GetCardsHelper(CardProvisioningProxy proxy, RequestInformationCards request)    
        at Microsoft.IdentityServer.CardIssuance.CardProvisioningClient.GetCards(RequestInformationCards request)    
        at Microsoft.IdentityServer.CardIssuance.CardProvisioningClient.GetCard(Uri cardType, X509Certificate2 clientCertReference)    
     --- End of inner exception stack trace ---    
        at Microsoft.IdentityServer.CardIssuance.CardProvisioningClient.GetCard(Uri cardType, X509Certificate2 clientCertReference)    
        at Provision.Page_Load(Object sender, EventArgs e) in c:\inetpub\adfs\card\Provision.aspx.cs:line 77    




    Thursday, February 11, 2010 7:33 AM
  • Hi Rakesh,

    Update:

    I did cleanup and re-installation and encountered same exception again. This time ADFS admin log shows the following error:

    -------------------------------------------------------------------------------------------------------------------------------------
    The Information Card issuance service encountered an internal error while processing the request.

    Additional Data
    Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.AttributeStoreDSGetDCFailedException: Exception of type 'Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.AttributeStoreDSGetDCFailedException' was thrown.
       at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.EnterpriseLdapAttributeStore.GetLdapAttributeStoreForDomain(String domainFlatName)
       at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.EnterpriseLdapAttributeStore.ReaderFactory(String userName)
       at Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.LdapAttributeStore.BeginExecuteQuery(String query, String[] parameters, AsyncCallback callback, Object state)
       at Microsoft.IdentityServer.Service.CardIssuance.IssuanceUtilities.GetAttributeForUser(String attributeName, String userName)
       at Microsoft.IdentityServer.Service.CardIssuance.IssuanceUtilities.GetUPNFromUserName(String userName)
       at Microsoft.IdentityServer.Service.CardIssuance.IssuanceUtilities.GetTokenServiceList(String userName, X509Certificate2 clientCertificate, List`1& tokenServiceList, LanguageNeutralCardTemplateData langNeutralCardData, LanguageSpecificCardTemplateData langSpecificCardData, Boolean& certificateEndpointOmitted, AdministrationServiceState serviceState)
       at Microsoft.IdentityServer.Service.CardIssuance.CardIssuer.BuildCard(WindowsIdentity id, CardTemplateInfo cardTemplateInfo, X509Certificate2 referenceCertificate, CardSignatureFormatType cardSignatureFormat)
       at Microsoft.IdentityServer.Service.CardIssuance.CardIssuer.GetCards(RequestInformationCards request, WindowsIdentity wi)
       at Microsoft.IdentityServer.Service.CardIssuance.CardProvisioningService.GetCards(Message requestMessage)

    User Action
    To investigate the root cause of the problem, enable tracing for the Information Card issuance service.
    -------------------------------------------------------------------------------------------------------------------------------------

    Where is Information Card issuance service located on local disk?
    How do I enable tracing in Information Card issuance service to get root cause of the problem?
    Thursday, February 11, 2010 11:56 AM
  • Hi Rakesh,

    Further update:

    I tried the same on another network and it works fine.

    The machine where I'm getting the error is on client side and I use CISCO VPN Client to connect to these machines . I have noticed that  all machines have two NICs one for VPN access and one for internal network .


    I also tried taking remote of machines from within one machine using the internal network IP addresses but it doesn't work.

    Is there something related to public and private IPs of the machines?
    Does connecting through VPN cause such problem?

    Its getting out of my reach now I have configured the whole setup 3-4 times but it has never worked on those machines.

    Please help!
    Friday, February 12, 2010 1:39 PM
  • Does a generic windows integrated auth website work in your setup?
    Tuesday, February 16, 2010 10:57 PM
  • Yes Rakesh a generic windows inegrated website works in the setup. I enabled tracing the web.config file of card website and found that it is impersonating the user but failing to send the card.

    I have the ".e2e" log file. Can you have a look at it? Please let me know how can I send the file to you.
    Thursday, February 18, 2010 4:37 AM
  • You can upload it to skydrive.live.com
    Friday, February 19, 2010 8:01 PM
  • Wednesday, February 24, 2010 7:17 AM