7. Troubleshooting

7.1. Diagnostic Mode

If module doesn’t work as you expect, it’s worth to enable “Diagnostic Mode”. This will output logs that describes how the module is working. They can also diagnose issues that can occur like: config errors, failed login process, etc. Logs are created in file that is located in ~\Portals\_default\LogsYYYY.MM.DD.logs.resources, see log example below:


Logs are created only when plugin is working in “Diagnostic Mode”, to enable it please follow steps below:

  1. Open log4net configuration file DotNetNuke.log4net.config, it can be found in DNN root folder, see figure below:

  2. Inside that file set log level to ALL, see code snippet below:

        <level value="ALL" />
        <appender-ref ref="RollingFile" />
  3. Go to “AD-Pro Azure AD Connector” then “Other Settings” tab and enable option Diagnostic Mode, see figure below

  4. Logging mechanism is turned on, reproduce the sign-in process and check the log file.

7.2. How generate diagnostic logs

Please follow the instructions below on how to generate valuable logs.

  1. First enable diagnostic mode, to do that see instructions from section Diagnostic Mode

  2. Log file is usually very big, which makes it difficult to parse. To remove unncecessary informations, delete log file, before you will reproduce the issue.

    Default path to log file is: ~\Portals\_default\Logs\YYYY.MM.DD.resoures

  3. Reproduce the issue to generate log entries.

  4. Compress log file, and send it to support@glanton.com

7.3. JavaScript issues

7.3.1. Overview

User interface is created at the top of AngularJS framework. JavaScript can be moody although it’s very fast. If you will see interface issues, for example view can’t be loaded or displayed, buttons aren’t responding, it’s worth to check JavaScript errors. Depending what browser you are using, check following articles that are describing how to display these errors in your browser:

If you have any problems with your plugin, please send above error messages to support@glanton.com

7.3.2. Edit & Delete buttons doesn’t work

When you can’t update module settings, and JavaScript throws error like Method Not Allowed... or requests throws 405 HTTP error code, please make sure that WebDAV is disabled. To disable WebDAV, please add following lines to the web.config file, in the section system.webServer-> modules add following line:

    <remove name="WebDAVModule"/> <!-- add this -->

in the section system.webServer-> handlers add following line:

    <remove name="WebDAV" />

the ExtensionlessUrl-Integrated-4.0 handler under the system.webServer-> handlers also applies the verb PUT:

    <remove name="ExtensionlessUrl-Integrated-4.0" />
    <add name="ExtensionlessUrl-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />

Here you can read more about WebDAV.

7.3.3. View can’t be loaded

If you see situation like on figure below, where only upper part of interface is loaded and instead of bottom part of interface is displayed message Top level state template, probably it’s caused by minified js file.


To fix that issue sign in as DNN host and go to menu “Servers-> Server Settings”. At the bottom is section responsible for reducing Java Script files, please disable Minify JS attribute. See figure below for more info.


7.4. Could not load ‘Microsoft.IdentityModel.Protocol.Extensions’

If error message from figure below appears, disable OWIN pipeline.


Usually this message informs about missing librarie(s), in this case it’s Microsoft.IdentityModel.Protocol.Extensions.dll library. Disabling OWIN won’t fix this issue, but at least it should allow start DNN website.

7.5. OwinStartupAttribute

If you get an error message like:

The following errors occurred while attempting to load the app.
- No assembly found containing an OwinStartupAttribute.
- No assembly found containing a Startup or [AssemblyName].Startup class.
To disable OWIN startup discovery,
add the appSetting owin:AutomaticAppStartup with a value of "false" in your web.config.

Same error message is on figure below:


This error message is displayed because in web.config file, the OWIN startup library wasn’t declared. To fix that issue please do one of the following:

  • disable OWIN in web.config file by applying code snippet below, see this section for more details:

    <add key="owin:AutomaticAppStartup" value="false" />
  • remove GS.AzureADConnector.dll file from DNN bin directory. This will exclude “AD-Pro Azure AD Connector” from DNN, but I hope that your DNN website will start.

7.6. Response status code does not indicate success

When playing with “AD-Pro Azure AD Connector” you can come across some errors. Below are some examples of one and the same error: Unable to get document from.

  • response message with status code 400

  • exception like Response status code does not indicate success

  • below is example of exception stack:

    Response status code does not indicate success: 400 (Bad Request).
    [HttpRequestException: Response status code does not indicate success: 400 (Bad Request).]
    [IOException: Unable to get document from:
    [InvalidOperationException: IDX10803: Unable to create to obtain configuration from:
  • print screen with exception


This could be raised be the wrong Tenant. Please double make sure that Tenant is correct, and it’s without https:// at the begining.

7.7. Newtonsoft library issue

If you get exception like:

Could not load file or assembly 'Newtonsoft.Json' or one of its dependencies.
The located assembly's manifest definition does not match the assembly reference.
(Exception from HRESULT: 0x80131040)

same error is on print screen below:


Check version of Newtonsoft.dll library and corresponding entry in web.config file.

7.8. AADSTS50011: Reply url

If you get error message like:

AADSTS50011: The reply address ‘https://dnn804v2.dev/’ does not match the reply addresses configured for the application: ‘c7b299aa-0abd-4fb5-a5a1-25b22375773d’. More details: not specified


Please double check Redirect URI in:

  • Azure AD Application,
  • and “AD-Pro Azure AD Connector”,

If you get message like:

AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application: ‘03f6bf15-2f44-4854-96a5-5d1298bdc181’. More details: Reply address did not match because of case sensitivity.


Double check the case sensitivity of “reply address” specified in DNN “Azure AD Connector” options and “reply address” specified in Azure Application settings.

Section with more info about Redirect URI.

7.9. User or administrator has not consented

If you get an error like:

AADSTS65001: The user or administrator has not consented to use the application with ID {your app id} named {your app name}. Send an interactive authorization request for this user and resource. Trace ID: 48c289ae-b6b9-4b4a-bb7b-e7f553ff0500 Correlation ID: 8918cc39-ed83-4076-b849-aabcb4fefba3 Timestamp: 2018-09-10 05:38:52Z


You need to grant admin consent for your app. To do that:

  1. Sign in to Azure.

  2. Go to Azure Active Directory.

  3. Go to Enterprise Applications and select your appplication.

  4. Go to Permissions tab and click on Grant admin consent for {YourDirectoryName}, see figure below.

  5. This will redirect you to the login popup, and then to the permission popup. Click on Accept button, see figure below.


7.10. AADSTS70001 Application disabled

If at the login process you get message like on figure below.

Sorry, but we’re having trouble signing you in. AADSTS70001: Application ‘{Your-AzureApplication-ID}’ is disabled.

Probably “Azure AD” application is disabled for users to sign in. Please execute steps below to enable application.

  1. Sign in to Azure.

  2. Go to Azure Active Directory.

  3. Go to Enterprise Applications and select your appplication.

  4. Under Properties tab, make sure that option Enabled for users to sign-in is enabled, see figure below.

  5. Save settings, wait few minutes that changes will be propagated.

7.11. AADSTS50020 MSA token redemption

If you get an error message like:

AADSTS50020: MSA guest token redemption attempt on v2 common endpoint. Trace ID: 94f89166-5972-48d9-b14f-413040aa0d00 Correlation ID: db30ed0e-f0ff-49a5-8fde-fab6edc87289 Timestamp: 2018-09-10 07:55:55Z


7.12. AADSTS70000: Request denied

If at the login process you get error mesage like

AADSTS70000: The request was denied because one or more scopes requested are unauthorized or expired. The user must first sign in and grant the client application access to the requested scope. Trace ID: ddc6de4c-59ac-47d7-8962-b90a0aff7a00 Correlation ID: f0db342c-678d-495b-83c0-b44474731e33 Timestamp: 2018-11-22 08:54:12Z

7.13. IDX10222: Lifetime validation

If at the login process you get error mesage like

IDX10222: Lifetime validation failed. The token is not yet valid. ValidFrom: ‘12/12/2018 10:14:19’ Current time: ‘12/11/2018 23:48:52’.


Make sure that date and time on your end is valid.