(2016-09-13) Failing To Activate Mobile App Against The On-Premises Azure AD MFA Server
Posted by Jorge on 2016-09-13
You have setup the Azure AD MFA server, the Azure AD MFA User Portal, the Azure AD MFA MFA Mobile App Web Service and the Azure AD MFA Web Service.
You logon to the Azure AD MFA User Portal and then click on “Activate Mobile App” on the left side of the screen. In addition you click on [Generate New Activation Code] and you will see a screen similar to the one below
Figure 1: Activating The Azure AD MFA Mobile App Through A Secure Web URL And A One-Time Activation Code
On your mobile phone, you can now either choose specify the information yourself or you can just scan de QR-code. Whichever method you choose, you will see a similar message on your mobile phone as the one shown below. You can try as many times as you want, but unfortunately that will not help.
Figure 2: Activation Error On Your Mobile Phone
Activation failed. Please verify you have network connectivity and check the URL to ensure it is correct.
Error details: The operation couldn’t be completed. (Fault error –1.)
This error basically tells you something is wrong with the URL displayed previously on screen. The rest of the error is rather useless.
As the authenticator app will hit the mobile app web service URL, it is a good idea to put that URL in a browser to see what happens.
As soon as you do you might see the following error.
Figure 3: IIS Server Error For The MultiFactorAuthMobileAppWebService Application
Now this is something you can work with! Something appears to be wrong in the “web.config” of the MultiFactorAuthMobileAppWebService Application, so that is where you should look
Figure 4: The “web.config” Of The MultiFactorAuthMobileAppWebService Application WITHOUT The Required Key
So just before “</appSettings>”, add the following line
<add key="WEB_SERVICE_SDK_AUTHENTICATION_CLIENT_CERTIFICATE_THUMBPRINT" value=""/>
…so that it looks like the following
Figure 5: The “web.config” Of The MultiFactorAuthMobileAppWebService Application WITH The Required Key
When done, save the “web.config” of the MultiFactorAuthMobileAppWebService
Now you retry the URL in the browser and you should see something like…
Figure 6: The MultiFactorAuthMobileAppWebService Application Now Working Correctly
On your mobile phone, you can now retry the activation by either choosing to specify the information yourself or by just scanning de QR-code. Whichever method you choose, you should not succeed in activating the mobile app.
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/
############### Jorge’s Quest For Knowledge #############
######### http://JorgeQuestForKnowledge.wordpress.com/ ########