search

lithnet / access-manager

Access Manager provides web-based access to local admin (LAPS) passwords, BitLocker recovery keys, and just-in-time administrative access to Windows computers in a modern, secure, and user-friendly way.
Other
238 stars 20 forks source link

Page can't currently handle this request #195

Closed Outlawpete285 closed 1 year ago

Outlawpete285 commented 1 year ago

Hi, I installed the AMS successfully but cannot access the webpage. Either a logon-window appears or the page shows "can't currently handle this request." I created a spn for the host containing the alias, but also access from the local machine via each possibility (localhost, servername, fqdn) doesn´t work. WebApp-Log shows:

2022-12-19 16:47:20.7896|TRACE|7460||||Lithnet.AccessManager.Server.Workers.AuditWorker|Stopping audit worker background processing thread 2022-12-19 16:47:29.5282|TRACE|5740||||Lithnet.AccessManager.Server.Workers.AuditWorker|Starting audit worker background processing thread 2022-12-19 16:47:29.6460|TRACE|5740||||Lithnet.AccessManager.WebApp.Startup|Waiting for database to become ready 2022-12-19 16:47:29.6460|TRACE|5740||||Lithnet.AccessManager.WebApp.Startup|Database is ready 2022-12-19 16:49:49.7040| INFO|5740|00-d9c521ea8c770664a2c134a282001977-df9a30ffb4e96712-00|::1||Lithnet.AccessManager.Enterprise.AmsLicenseManager|No license information was found on the system 2022-12-19 16:49:49.7733|TRACE|5740|00-eea1c65edefcdf3c02e0404546110aab-e0cf58633a9b72e7-00|::1||Lithnet.AccessManager.ActiveDirectory.DiscoveryServices|Local DCLocator: Finding domain controller for domain xxx.de with flags 0 2022-12-19 16:49:49.7854|TRACE|5740|00-eea1c65edefcdf3c02e0404546110aab-e0cf58633a9b72e7-00|::1||Lithnet.AccessManager.ActiveDirectory.DiscoveryServices|Local DCLocator: Found DC FQDN for domain xxx.de, with flags 0 2022-12-19 16:49:49.9237|ERROR|5740|00-eea1c65edefcdf3c02e0404546110aab-e0cf58633a9b72e7-00|::1||Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware|An unhandled exception has occurred while executing the request. System.ArgumentNullException: Value cannot be null. (Parameter 'value') at System.Security.Claims.Claim..ctor(String type, String value, String valueType, String issuer, String originalIssuer, ClaimsIdentity subject, String propertyKey, String propertyValue) at System.Security.Claims.Claim..ctor(String type, String value) at Lithnet.AccessManager.WebApp.Authentication.WindowsAccountNameClaimProvider.TransformAsync(ClaimsPrincipal principal) in D:\a\1\s\src\Lithnet.AccessManager\Lithnet.AccessManager.WebApp\Authentication\WindowsAccountNameClaimProvider.cs:line 24 at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme) at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.ResponseCaching.ResponseCachingMiddleware.Invoke(HttpContext httpContext) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.gAwaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task) 2022-12-19 16:49:50.0060|ERROR|5740|00-eea1c65edefcdf3c02e0404546110aab-e0cf58633a9b72e7-00|::1||Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware|An exception was thrown attempting to execute the error handler. System.ArgumentNullException: Value cannot be null. (Parameter 'value') at System.Security.Claims.Claim..ctor(String type, String value, String valueType, String issuer, String originalIssuer, ClaimsIdentity subject, String propertyKey, String propertyValue) at System.Security.Claims.Claim..ctor(String type, String value) at Lithnet.AccessManager.WebApp.Authentication.WindowsAccountNameClaimProvider.TransformAsync(ClaimsPrincipal principal) in D:\a\1\s\src\Lithnet.AccessManager\Lithnet.AccessManager.WebApp\Authentication\WindowsAccountNameClaimProvider.cs:line 24 at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme) at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.ResponseCaching.ResponseCachingMiddleware.Invoke(HttpContext httpContext) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.HandleException(HttpContext context, ExceptionDispatchInfo edi) 2022-12-19 16:49:50.0060|ERROR|5740|00-eea1c65edefcdf3c02e0404546110aab-e0cf58633a9b72e7-00|::1||Microsoft.AspNetCore.Server.HttpSys.HttpSysListener|ProcessRequestAsync System.ArgumentNullException: Value cannot be null. (Parameter 'value') at System.Security.Claims.Claim..ctor(String type, String value, String valueType, String issuer, String originalIssuer, ClaimsIdentity subject, String propertyKey, String propertyValue) at System.Security.Claims.Claim..ctor(String type, String value) at Lithnet.AccessManager.WebApp.Authentication.WindowsAccountNameClaimProvider.TransformAsync(ClaimsPrincipal principal) in D:\a\1\s\src\Lithnet.AccessManager\Lithnet.AccessManager.WebApp\Authentication\WindowsAccountNameClaimProvider.cs:line 24 at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme) at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.ResponseCaching.ResponseCachingMiddleware.Invoke(HttpContext httpContext) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.HandleException(HttpContext context, ExceptionDispatchInfo edi) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.gAwaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task) at Microsoft.AspNetCore.Diagnostics.StatusCodePagesMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Server.HttpSys.RequestContext1.ExecuteAsync() at Microsoft.AspNetCore.Server.HttpSys.RequestContext1.ExecuteAsync() 2022-12-19 16:49:52.8657|ERROR|5740|00-9cdc892c2b9f19d56154cda677ec3f1e-d6407c792f4999ef-00|::1||Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware|An unhandled exception has occurred while executing the request. System.ArgumentNullException: Value cannot be null. (Parameter 'value') at System.Security.Claims.Claim..ctor(String type, String value, String valueType, String issuer, String originalIssuer, ClaimsIdentity subject, String propertyKey, String propertyValue) at System.Security.Claims.Claim..ctor(String type, String value) at Lithnet.AccessManager.WebApp.Authentication.WindowsAccountNameClaimProvider.TransformAsync(ClaimsPrincipal principal) in D:\a\1\s\src\Lithnet.AccessManager\Lithnet.AccessManager.WebApp\Authentication\WindowsAccountNameClaimProvider.cs:line 24 at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme) at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.ResponseCaching.ResponseCachingMiddleware.Invoke(HttpContext httpContext) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.gAwaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task) 2022-12-19 16:49:52.8814|ERROR|5740|00-9cdc892c2b9f19d56154cda677ec3f1e-d6407c792f4999ef-00|::1||Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware|An exception was thrown attempting to execute the error handler. System.ArgumentNullException: Value cannot be null. (Parameter 'value') at System.Security.Claims.Claim..ctor(String type, String value, String valueType, String issuer, String originalIssuer, ClaimsIdentity subject, String propertyKey, String propertyValue) at System.Security.Claims.Claim..ctor(String type, String value) at Lithnet.AccessManager.WebApp.Authentication.WindowsAccountNameClaimProvider.TransformAsync(ClaimsPrincipal principal) in D:\a\1\s\src\Lithnet.AccessManager\Lithnet.AccessManager.WebApp\Authentication\WindowsAccountNameClaimProvider.cs:line 24 at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme) at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.ResponseCaching.ResponseCachingMiddleware.Invoke(HttpContext httpContext) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.HandleException(HttpContext context, ExceptionDispatchInfo edi) 2022-12-19 16:49:52.8814|ERROR|5740|00-9cdc892c2b9f19d56154cda677ec3f1e-d6407c792f4999ef-00|::1||Microsoft.AspNetCore.Server.HttpSys.HttpSysListener|ProcessRequestAsync System.ArgumentNullException: Value cannot be null. (Parameter 'value') at System.Security.Claims.Claim..ctor(String type, String value, String valueType, String issuer, String originalIssuer, ClaimsIdentity subject, String propertyKey, String propertyValue) at System.Security.Claims.Claim..ctor(String type, String value) at Lithnet.AccessManager.WebApp.Authentication.WindowsAccountNameClaimProvider.TransformAsync(ClaimsPrincipal principal) in D:\a\1\s\src\Lithnet.AccessManager\Lithnet.AccessManager.WebApp\Authentication\WindowsAccountNameClaimProvider.cs:line 24 at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme) at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.ResponseCaching.ResponseCachingMiddleware.Invoke(HttpContext httpContext) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.HandleException(HttpContext context, ExceptionDispatchInfo edi) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.gAwaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task) at Microsoft.AspNetCore.Diagnostics.StatusCodePagesMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Server.HttpSys.RequestContext1.ExecuteAsync() at Microsoft.AspNetCore.Server.HttpSys.RequestContext1.ExecuteAsync()

We already installed DecemberUpdates on all DCs, so I hope I can exclude this as a source for the problem. This is a new installation. Any ideas what might be the problem?

Best Regards Oliver

ryannewington commented 1 year ago

Hi Oliver,

It looks like the AMS service is unable to read the msDS-PrincipalName attribute from AD. Do you have attribute read restrictions in place?

Can you try adding the AMS service account to the Pre-Windows 2000 Compatible Access group as a quick way to confirm or deny this

Ryan

Outlawpete285 commented 1 year ago

Hi Ryan, thanks for the quick and completely right answer. We cleaned the Pre-Windows 2000 Compatible Access group following some security advices. I thought the Windows Authorization Access Group and Access Control Assistance Operators would replace this functionality. It works now. I love this tool and really appreciate your work. Best Regards Oliver