I need your help to try to solve a mysterious problem that I am having with my Sharepoint 2016. We have a Sharepoint Farm with 2 Front-Ends servers (IIS Servers). In my “Server A” all the user can log in to all websites at anytime with their accounts without any problem but, in the “server B”, for some reasons, sometimes they are denied access and other times they can connect without any problem.
Since all the connections are works correctly without any problem on one node (Server A), I understand that problem is not related to any Central Administration settings because if the problem was there, both nodes would be affected.
I reviewed and compared both server and they are completely with the same configuration, permissions, policy rules, etc.
Below, I explain how I have configured my servers:
All the websites are configured to use NTLM (no Kerberos).
All the website are configured with pass-through authentication.
All the websites have its own IIS AppPool and all the IIS AppPool is using the same domainAccount.
This DomainAccount is member of the local Administrator Group, IISUSR, WSS-Admin_Group and WSS_Group
The DomainAccount are joined to these security policies: Logon as a Batch Job, Log On as a Service and Impersonate a client after authentication.
But I already installed in both servers and I can find the .dll in the GAC folder and in the Program Filesreference Assemblies folder.
Also, in the ULS logs I am getting this message:
“Claims Windows Sign-In: Sending 401 for request ‘https://<oneofmysites.domain.net>’ because the user is not authenticated and resource requires authentication”
Any idea is welcome to solve this issue because, I don’t know what else I should look for to find the problem.
Thanks in advance.
Things that I have tried to do to fix the problem:
Cleaned up all the Sharepoint cache configuration on this node
Created a new IIS AppPool to the website
Try to used other Domainaccounts in the IIS AppPool
Copy the web.conf file from the good node to the bad node
Copy the hosting.conf file from the good node to the bad node
Reviewed and compared all the folder permissions in the inetpub folder
Reviewed that both sever have all the same features and Sharepoint pre requisites installed.
Both servers have the latest STS update installed
Remove and added the server again to the farm
A lot of IISReset after all the tests and restart server.
In the ULS and Event Viewer Logs, when A connection fails I am getting always this message:
“An exception occurred when trying to establish endpoint for the context: Could not load file or assembly ‘Microsoft.identityModel.Extensions, Version=2.0.0.0, Culture=neutral, PublicKey Token=69c3241e6f0468ca’ or one of its dependencies. Provider type not defined. (Exception from HRESULT: 0x80090017)”