SharePoint 2007: AD FS 2.0 - "An unexpected error has occurred" Error or Blank Page Displayed Attempting to Log on to SharePoint, Event ID 23 Logged

SharePoint 2007: AD FS 2.0 - "An unexpected error has occurred" Error or Blank Page Displayed Attempting to Log on to SharePoint, Event ID 23 Logged

Symptoms

You may receive the following error attempting to log on to a SharePoint 2007 site: An unexpected error has occurred.


On SharePoint 2010, no error will be displayed and instead you will see a blank page in the browser

If you enable AD FS 2.0 tracing, you will see Event ID 23 logged at the same time as the logon failure.

Log Name:      AD FS 2.0 Tracing/Debug
Source:        AD FS 2.0 Tracing
Date:          8/6/2010 1:54:41 PM
Event ID:      23
Task Category: None
Level:         Warning
Keywords:      ADFSAttributeStore
User:          CONTOSO\adfssrvc
Computer:      CONTOSOSRV01.contoso.com
Description:
LDAPAttributeStoreReader: Attribute value for claimType http://schemas.microsoft.com/ws/2007/08/ldap/mail is not found in attribute cache
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="AD FS 2.0 Tracing" Guid="{f1aa12b3-dba2-4cab-b909-2c2b7afcf1fd}" />
    <EventID>23</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000010</Keywords>
    <TimeCreated SystemTime="2010-08-06T17:54:41.257599200Z" />
    <EventRecordID>74</EventRecordID>
    <Correlation ActivityID="{79EA24E7-B808-4650-B864-CAF862DA3067}" />
    <Execution ProcessID="3748" ThreadID="3420" ProcessorID="0" KernelTime="2" UserTime="13" />
    <Channel>AD FS 2.0 Tracing/Debug</Channel>
    <Computer>CONTOSOSRV01.contoso.com</Computer>
    <Security UserID="S-1-5-21-3424507853-4201969778-1758407596-1107" />
  </System>
  <UserData>
    <Event xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://schemas.microsoft.com/ActiveDirectoryFederationServices/2.0/Events">
      <EventData>LDAPAttributeStoreReader: Attribute value for claimType http://schemas.microsoft.com/ws/2007/08/ldap/mail is not found in attribute cache</EventData>
    </Event>
  </UserData>
</Event>

Cause

These symptoms may occur if the correct claim is not being sent from AD FS. For example, if you have a AD FS claim that requires the email address attribute to be populated for an account in Active Directory, and that attribute is not populated, you may see these symptoms.


Resolution

Determine the type of claims you are using and verify the necessary attributes are populated for the claims to work.
Leave a Comment
  • Please add 2 and 7 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
  • Naomi  N edited Revision 4. Comment: Minor edit

  • Richard Mueller edited Revision 3. Comment: Removed (en-US) from title

  • Craig Lussier edited Revision 1. Comment: added en-US to tags and title

  • Ed Price MSFT edited Original. Comment: Updated title.

Page 1 of 1 (4 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • Ed Price MSFT edited Original. Comment: Updated title.

  • Craig Lussier edited Revision 1. Comment: added en-US to tags and title

  • Richard Mueller edited Revision 3. Comment: Removed (en-US) from title

  • Naomi  N edited Revision 4. Comment: Minor edit

  • Picture is not shown

Page 1 of 1 (5 items)