deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 05:47:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

updates for ADFS issues

Browse Source
This commit is contained in:
mapalko 2020-06-30 10:58:25 -07:00
parent 13f5490faa
commit 439ef0410a
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
View File

@ -38,7 +38,8 @@ A new Active Directory Federation Services farm should have a minimum of two fed
Prepare the Active Directory Federation Services deployment by installing and updating two Windows Server 2016 Servers. Ensure the update listed below is applied to each server before continuing. Prepare the Active Directory Federation Services deployment by installing and updating two Windows Server 2016 Servers. Ensure the update listed below is applied to each server before continuing.
> [!NOTE] For AD FS 2019, if Windows Hello for Business with a Hybrid Certificate trust is performed, a known PRT issue exists. You may encounter this error in ADFS Admin event logs: Received invalid Oauth request. The client 'NAME' is forbidden to access the resource with scope 'ugs'. To remediate this error: > [!NOTE]
>For AD FS 2019, if Windows Hello for Business with a Hybrid Certificate trust is performed, a known PRT issue exists. You may encounter this error in ADFS Admin event logs: Received invalid Oauth request. The client 'NAME' is forbidden to access the resource with scope 'ugs'. To remediate this error:
> >
> 1. Launch AD FS management console. Brose to "Services > Scope Descriptions" > 1. Launch AD FS management console. Brose to "Services > Scope Descriptions"
> 2. Right click "Scope Descriptions" and select "Add Scope Description" > 2. Right click "Scope Descriptions" and select "Add Scope Description"

3
windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md
View File

@ -64,7 +64,8 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva
6. Click **OK** to return to **Active Directory Users and Computers**. 6. Click **OK** to return to **Active Directory Users and Computers**.
7. Restart the AD FS server. 7. Restart the AD FS server.
> [!NOTE] For AD FS 2019, if Windows Hello for Business with a Hybrid Certificate trust is performed, a known PRT issue exists. You may encounter this error in ADFS Admin event logs: Received invalid Oauth request. The client 'NAME' is forbidden to access the resource with scope 'ugs'. To remediate this error: > [!NOTE]
>For AD FS 2019, if Windows Hello for Business with a Hybrid Certificate trust is performed, a known PRT issue exists. You may encounter this error in ADFS Admin event logs: Received invalid Oauth request. The client 'NAME' is forbidden to access the resource with scope 'ugs'. To remediate this error:
> >
> 1. Launch AD FS management console. Brose to "Services > Scope Descriptions" > 1. Launch AD FS management console. Brose to "Services > Scope Descriptions"
> 2. Right click "Scope Descriptions" and select "Add Scope Description" > 2. Right click "Scope Descriptions" and select "Add Scope Description"