You are here

Luminis 4 GCF connector to Office 365 Errors

Submitted by dougnsmith on Tue, 09/16/2014 - 14:31

Has anyone encountered any errors (see attached) with their GCF connector going to Office 365 (via ADFS) in that past few days? We are on Luminis 4.3.0.173 and all of a sudden we are getting the error attached from our users accessing Office 365 via a GCF connector that has been working fine for about 6 months or so. We did have MS updates applied in our environment (ADFS servers involved) close to the time this error started so I am wondering if that came into play?

Luminis Version:

Hi,

I do not have the GCF for O365 currently in-use but I've found whenever there is a patch to an external application and a GCF stops working, it usually helps to review the application login page and login process. If a field name was changed on the login form or something was added that your connector isn't passing, the SSO could certainly break.

My second recommendation would be to increase the CPIP logging to DEBUG in your TEST environment and review the transactions in the log. You should see the credentials POST'd to the external application and the server response could potentially provide some additional information.

Hope that helps!
Tom

Thank you for the reply Tom, appreciated!

We don't seem to be getting an error in the connection logs (with DEBUG turned on), it appears to be on the ADFS side as that is the error we are getting. The login appears to be successful as far as the GCF is concerned it just ends there with entry past the ADFS servers. Also, per any changes in the login screen, that does not seem like the problem as it does work once in a while (also see comment below).

What we have found out is that there were MS updates applied to our ADFS servers around the time this connector broke. We have backed out all the MS updates on 1 ADFS server (and pointed the GCF to that specific server) and things started working again! We started applying the updates back one by one and sure enough, one of the .NET v3.5 security updates seemed to break things. So, we are looking closer at that update.

I will provide updates as we progress more!

Cheers!
Doug

Hrm I tried removing all security updates and I still am having a problem. I didn't have the specific one you mentioned so I removed them all. What's odd is that in my case the GCF only doesn't work for outside users, AND it only happens on one of the ADFS servers in our NLB cluster. We have proxies but in this case I'm having to expose our other Internal ADFS server (albeit secured) via NAT to the outside to allow people to connect because our NLB is throwing 403 FORBIDDEN errors when it tries to check in with the affected ADFS server (at least thats what I suspect).

Two other weird things. 1: If I go to portal.microsoftonline.com and login manually there everything works fine (even our proxy servers). This leads me to believe something is happening with the GCF connector and what's it's passing in its pickup. Anyone mind sharing their pickup file? Maybe its there. 2: We have a test system that using a test o365 tenant with this GCF connector and it works fine and exhibits none of these problems. Ive tried copying the mscloud.properties Perhaps mine is not right or something.

I'm stumped here. Also rebuilding the server is out of the question because this is the primary server that is having trouble. I read I can move the rights to another if necessary, which is going to be my next step if I can't figure this out and rebuild it. Right now we can get by with the one server but i'd really like to get things functioning right.

I should note we just installed this GCF connector last week to replace our aging MSLive connector which was de-supported as of today.

Any ideas?