Table of Contents


Symptoms

You may receive the following error attempting to log on to a SharePoint 2007 site: An unexpected error has occurred (AD FS 2.0 - "An unexpected error has occurred" Error or Blank Page Displayed Attempting to Log on to SharePoint, Event ID 23 Logged)

On SharePoint 2010, no error will be displayed and instead you will see a blank page in the browser

If you enable AD FS 2.0 tracing, you will see Event ID 23 logged at the same time as the logon failure.

Log Name:      AD FS 2.0 Tracing/Debug
 Source:        AD FS 2.0 Tracing
 Date:          8/6/2010 1:54:41 PM
 Event ID:      23
 Task Category: None
 Level:         Warning
 Keywords:      ADFSAttributeStore
 User:          CONTOSO\adfssrvc
 Computer:      CONTOSOSRV01.contoso.com
 Description:
 LDAPAttributeStoreReader: Attribute value for claimType http://schemas.microsoft.com/ws/2007/08/ldap/mail is not found in attribute cache
 Event Xml:
 <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
   <System>
     <Provider Name="AD FS 2.0 Tracing" Guid="{f1aa12b3-dba2-4cab-b909-2c2b7afcf1fd}" />
     <EventID>23</EventID>
     <Version>0</Version>
     <Level>3</Level>
     <Task>0</Task>
     <Opcode>0</Opcode>
     <Keywords>0x8000000000000010</Keywords>
     <TimeCreated SystemTime="2010-08-06T17:54:41.257599200Z" />
     <EventRecordID>74</EventRecordID>
     <Correlation ActivityID="{79EA24E7-B808-4650-B864-CAF862DA3067}" />
     <Execution ProcessID="3748" ThreadID="3420" ProcessorID="0" KernelTime="2" UserTime="13" />
     <Channel>AD FS 2.0 Tracing/Debug</Channel>
     <Computer>CONTOSOSRV01.contoso.com</Computer>
     <Security UserID="S-1-5-21-3424507853-4201969778-1758407596-1107" />
   </System>
   <UserData>
     <Event xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://schemas.microsoft.com/ActiveDirectoryFederationServices/2.0/Events">
       <EventData>LDAPAttributeStoreReader: Attribute value for claimType http://schemas.microsoft.com/ws/2007/08/ldap/mail is not found in attribute cache</EventData>
     </Event>
   </UserData>
 </Event>

Cause

These symptoms may occur if the correct claim is not being sent from AD FS. For example, if you have a AD FS claim that requires the email address attribute to be populated for an account in Active Directory, and that attribute is not populated, you may see these symptoms.


Resolution

Determine the type of claims you are using and verify the necessary attributes are populated for the claims to work.