Prashant BizTalk And Azure Integration Blogs

Search
Skip to content
  • BizTalk
    • BizTalk Migration
    • BizTalk High Availability & Disaster Recovery
    • ESB Toolkit
  • My YouTube Channel
  • Contact Me
  • About Me

Monthly Archives: July 2020

BizTalk

Bam Portal Error – Could not create Windows user token from the credentials specified in the config file. Error from the operating system ‘The user name or password is incorrect

July 14, 2020 Prashant Singh 1 Comment

Recently we changed password for our BizTalk Service Account and updated it BizTalk Host Instances, ENTSSO, APP Pools and Windows Task programmatically, refer below article for more details – https://prashantbiztalkblogs.wordpress.com/2020/06/12/programmatically-change-service-accounts-password-for-windows-services-iis-app-pools-and-scheduled-tasks/

However, BAM Portal started throwing below error –

Server Error in ‘/BAM/BAMManagementService’ Application.

Configuration Error –

Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

Parser Error Message: Could not create Windows user token from the credentials specified in the config file. Error from the operating system ‘The user name or password is incorrect.’

From the error message it was clear that there is someplace where password change hasn’t reflected, and clearly it was not using the App Pool Credentials(as we updated the app pool credentials and it was working fine).

We also found below article which uses – aspnet_setreg.exe which we couldn’t find.

How to Configure the BAM Portal to Work on an NLB Cluster

After lots of troubleshooting we found the root cause and solution.

Root Cause –

While configuring BAM Portal, it asks for two credentials –

  1. One for the APP Pool to Run BAM Portal – BAMAppPool
  2. Another for BAM Portal(Website) – This is stored in registry in encrypted format. It’s even mentioned in the error message.

So, even after changing the password for App Pools it throws error the for credentials stored in registry for this BAM Portal.

Solution –

Follow below steps to solve this issue –

  1. In Primary Server or Single Server Configuration
  • Open BizTalk Configuration Wizard, it will show the error image for Portal. Double click will show the login error
  • Change the account with correct credentials and “Apply Configuration”

Note – This action can only be performed in primary server. In secondary servers this option will be disabled for already configured BizTalk Server.

2. For Secondary Servers

  • Take Back-up of web. Config file under <BizTalkServerInstallDir>\BAMPortal\BAMQueryService
  • Remove the Identity Tag completely from that Original file (web.config). The below part should be removed. Save the file.
  • Take Back-up of web. Config file under <BizTalkInstallDir>\BAMPortal\BAMManagementService
  • Remove the Identity Tag completely from that Original file (web.config) as like step 2
  • Go to IIS (as ADMIN) -> Sites -> Default web Site -> BAM -> BAM Management Service -> Configuration Editor    (as per below screenshot)
  • Under Section Menu, Choose System.web -> Identity
  • Provide the new password and user name and click Apply. (Apply option will be present in Right side Top)
  • Perform the same password change activity for BAM Query Service => Go to IIS (as ADMIN) -> Sites -> Default web Site -> BAM -> BAM Query Service -> Configuration Editor => Change password and apply.
  • Recycle the App Pool = > BAMAppPool

This activity will change the password, but it will be present in clear text, which may be a security threat.

So, it’s important to encrypt the credentials using – aspnet_regiis.exe

Steps –

  1. Run Command Prompt as ADMIN and Navigate to the path “C:\Windows\Microsoft.NET\Framework\v4.0.30319”
  2. Run the below 2 Queries after changing the correct path for BizTalkInstallDir in below queries –
  • aspnet_regiis.exe -pef “system.web/identity” “<BizTalkInstallDir>\BAMPortal\BAMQueryService” -prov “DataProtectionConfigurationProvider”
  • aspnet_regiis.exe -pef “system.web/identity” “<BizTalkInstallDir>\BAMPortal\BAMManagementService” -prov “DataProtectionConfigurationProvider”

Note – The location of aspnet_regiis.exe may change with .Net Framework version

Restart the app pool and browse the service.

You may also get below error after this change –

Error: Configuration section encryption is not supported

This error occurs because the credentials are encrypted and validation settings are not appropriate to decrypt it.

To solve this either add below section in web.config file for both the services – BAMQueryService and BAMManagementService

  1. To be able to unencrypt the sytem.web/identity section you must have this entry as the last line of your section.
<validation validateIntegratedModeConfiguration="false"/>

2. Or add it from UI as shown below –

BAMQueryService => Configuration => Syste.webServer => Validation

validateIntegratedModelConfiguration = False

Hope this helps.

Contact Me:- 

@Gmail, @Facebook , @Twitter, @LinkedIn , @MSDNTechnet, @My Personal Blog 

Advertisement
aspnet_regiis.exeaspnet_setreg.exeBAMManagementServiceBAMPortalBAMQueryServiceBizTalk BAM Portal Login ErrorConfiguration section encryption is not supportedCOULD NOT CREATE WINDOWS USER TOKEN FROM THE CREDENTIALS SPECIFIED IN THE CONFIG FILEDataProtectionConfigurationProvidervalidateIntegratedModeConfiguration

My Integration Experiences – BizTalk And Azure Integration

Search

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 21 other subscribers

Categories

  • BizTalk (17)
    • BizTalk Automation (6)
    • BizTalk High Availability & Disaster Recovery (1)
    • BizTalk Migration (3)
  • ESB Toolkit (2)

Top Posts & Pages

  • BizTalk Server High Availability and  Disaster Recovery Options
  • Welcome to Prashant BizTalk and Azure Integration Blogs
  • Implementing Scatter Gather Pattern in BizTalk using Self Correlation
  • BizTalk Automated migration Tool
  • Very Strange behavior of XML Disassembler- Property Promotion not happening properly
  • BizTalk Export MSI and Binding files to a Folder programmatically C#
  • Error - "Microsoft .NET Framework 3.5 Service Pack 1 is required"- Specify an alternate source path
  • PROGRAMMATICALLY Change service account's password for Windows Services, iis app pools and scheduled tasks - C#
  • Bam Portal Error - Could not create Windows user token from the credentials specified in the config file. Error from the operating system 'The user name or password is incorrect
  • Planning Migration to BizTalk 2020 - Why and how?
Follow Prashant BizTalk And Azure Integration Blogs on WordPress.com

Connect with me

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube

Recent Posts

  • BizTalk Export MSI and Binding files to a Folder programmatically C#
  • C# Programmatically Create BizTalk Host, Host Instances and Set Orchestration (Xlang) and Messaging Polling Interval (Performance Tuning)
  • BizTalk Server High Availability and  Disaster Recovery Options
  • BizTalk Automated migration Tool
  • Planning Migration to BizTalk 2020 – Why and how?

Archives: Old Blogs

  • July 2022 (2)
  • November 2021 (1)
  • August 2020 (2)
  • July 2020 (1)
  • June 2020 (1)
  • August 2017 (1)
  • May 2016 (1)
  • April 2016 (1)
  • September 2015 (1)
  • August 2015 (2)
  • March 2015 (6)

Blog Stats

  • 95,256 hits

Contact Me

Bangalore, India
+919538426060
Create a free website or blog at WordPress.com.
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy
  • Follow Following
    • Prashant BizTalk And Azure Integration Blogs
    • Already have a WordPress.com account? Log in now.
    • Prashant BizTalk And Azure Integration Blogs
    • Customize
    • Follow Following
    • Sign up
    • Log in
    • Report this content
    • View site in Reader
    • Manage subscriptions
    • Collapse this bar
 

Loading Comments...