Error 500 Azure Pack tenant portal – Jwt10329 Error

Today I tried to login the Azure Pack Portal. Unfortunately, I received an error 500. Ok that’s weird, yesterday all was still fine, no updates have been done. So let’s troubleshoot this issue.

On the Tenant Website server, I opened the event log and noticed errors:

Error: Unhandled exception: SecurityTokenValidationException: Jwt10329: Unable to validate signature, Configuration.IssuerTokenResolver.ResolveToken returned null

Ok, that’s strange. I wrote a simple C# console app to get a token from ADFS server and that all worked fine. So let’s check what the error really says:

Unable to validate signature, and I see a thumbprint after the 0x…

Ok…

Let’s check ADFS. There my attention is directly on this certificate that has an effective date at 22/11/15. Today is 29/11? So why I didn’t have this error earlier then?

But this triggered me that when we configure Azure Pack to use ADFS as an IDP that we need to run a script. That script stores besides other data the signing certificate thumbprint in the database.

So let’s rerun that part to reconfigure ADFS as an IDP for Azure Pack. Actually this next part is the same as we discussed on Pascal’s blog on renaming ADFS URL in an WAP environment

And after that I was able to successful login to the Azure Pack Portal!
If you use ADFS for the Admin portal and receive the same error you should rerun the part that reconfigures ADFS – Admin Authentication:

Hope it helps!