I was setting up FBA with AD LDS for SP2010. I created some test users in AD LDS and was able to see them in the PeoplePicker and grant them access. I couldn’t login as these users however, and was seeing the below in the ULS:
Request for security token failed with exception: System.ServiceModel.FaultException: The security token username and password could not be validated.
An exception occurred when trying to issue security token: The security token username and password could not be validated..
Turning on Verbose logging for Claims Authentication category and you can see other things, in particular the below, which suggests the STS configuration is OK.
Authenticated with login provider. Validating request security token.
It turns out that the problem is because the AD LDS user account is disabled!! When you create a user in AD LDS, depending on the current AD policy on your computer, the LDS account may be disabled by default! To enable it, edit the account and set the msDS-UserAccountDisabled attribute to FALSE!!
Another issue that could cause login to fail is that the STS does not have access to the AD LDS user store. I have written about this here.
I’m experiencing an issue with a custom solution that I have developed. Our FBA mostly works except it’s supposed to redirect a user to change their password after they reset their password. They properly receive an email with their new password but upon logging in for the first time they DO NOT get redirected to the password change form. The only error that I am receiving is this:
Negating the minimum value of a twos complement number is invalid.
Everything else works flawlessly: the account is created in AD, the password is created, etc, but the system does not redirect to the password change field. I have the same thing set up in our dev environment and it works 100%. The only thing I can think of is a gpo issue. Any help you can provide would be awesome. Thanks again for any insight you can provide.
Is this error coming from you custom code or some framework code? Without knowing much about your custom solution it is a bit hard to help you.
Does the error always occur or is there a pattern? I did a quick search on the error message and there could be a couple of reasons for it, e.g. this http://stackoverflow.com/questions/3614540/cache-key-causes-error-negating-the-minimum-value-of-a-twos-complement-number-i or http://stackoverflow.com/questions/6265381/c-sharp-short-error-negating-the-minimum-value-of-a-twos-complement-number-is-i.