IIS 7 and Above
NTLM authentication via ARR Reverse Proxy and Identity Server gives 5...
Last post Aug 17, 2018 05:36 AM by DevPreSupport_MSFT
Jul 25, 2018 06:51 AM|bhavay11|LINK
Server 1: ARR Reverse Proxy
Server 2: App Server
Server 3: Identity Server (Identity Server 3).
Both the App Server and Identity Server are behind DMZ and accessible only via Reverse Proxy.
App Server redirects unauthenticated requests to Identity Server for AuthN.
Identity Server uses Active Directory as Identity Provider. Application uses OpenIDConnect as the AuthN Middleware.
All the URL Rewrite rules are working properly and the redirections happen correctly.
Browser popup asks for credentials after redirection to Identity Server (401 challenge). After entering the credentials ARR returns 502.3 (Server returned invalid response) error. Response to 401 challenge is not even sent to the Identity Server. ARR throws
the above error.
Error in ARR IIS Log: 502.3 sc-win32-status: 12018 (The type of handle supplied is incorrect for this operation).
Any pointers will really help.
Jul 26, 2018 02:24 AM|deepakpanchal10|LINK
I try to check the thread and try to find information regarding error 502.3 sc-win32-status: 12018 (The type of handle supplied is incorrect for this operation).
I find that not much information are available in the documentation that can inform us the possible reasons for a cause or steps to troubleshoot the issue.
So for better response and solution for your issue, I escalate this thread to some senior engineers.
Further, They will try to look into this issue and try to provide you the helpful suggestions to solve the issue.
Thanks for your understanding.
Jul 26, 2018 06:46 AM|gtscdsi|LINK
For ARR 502.3 error, you can capture failed request tracing for more info, https://docs.microsoft.com/en-us/iis/troubleshoot/using-failed-request-tracing/troubleshooting-failed-requests-using-tracing-in-iis
for ARR works with windows authentication, it's kind of complicated, you can refer this blog to see if you have configured correctly: https://blogs.msdn.microsoft.com/benjaminperkins/2015/08/03/configure-application-request-routing-with-windows-authentication-Kerberos/
Jul 27, 2018 07:19 AM|bhavay11|LINK
I had already verified "failed request logs" but there is no information. It only say 502.3, the web server returned invalid response.
I have already gone through the Benjamin Perkins article to setup Windows AuthN with ARR. But I am still facing the same issue. My setup is a bit different then suggested in his blog.
Jul 27, 2018 12:19 PM|bhavay11|LINK
Please let me know if you or your team needs any more information.
Aug 17, 2018 05:36 AM|DevPreSupport_MSFT|LINK
Thanks for your posting!
According to your description about the error message, it seems that ARR server didn't handle the request response.
About this question, please confirm these issues: