I'm experiencing authentication issues with a customer facing Development EP Site built to use Forms Based Authentication following the Technet Article "Deploy an Enterprise Portal site that uses forms-based authentication [AX 2012]" https://technet.microsoft.com/EN-US/library/hh575253.aspx#configurecerts
The Development Environment consists of an AOS Server with DB also hosting an Internal EP Site on SP2013 Foundation Edition, and in a separate SP Farm an Extranet SharePoint 2013 Enterprise Edition App + DB Server. An associated WFE located in a DMZ exists but this has excluded in the initial installation tests.
I have been very careful to follow the guide document and have been rechecking multiple times.
Windows Authentication using the Installer User Account works, but other registered AX AD Users with System Admin Roles receive an Access Denied error. The denied users are however able to access the Internal EP Site hosted on the AOS Server.
Claims users have been successfully created using the Dynamics AX 2012 Management Shell appearing in the aspnetdb and Dynamics AX Users List. Roles have been added to the accounts.
I've captured ULS Logs from each authentication attempt but my experience and knowledge of SharePoint doesn't extend to pinpointing the root cause of the issue.
I do see a great number of errors of the type: Exception trying get context compatibility level: System.IO.FileNotFoundException: https://server.domain:5000/_login/default.aspx?ReturnUrl=%2fsites%2fDynamicsAx%2f_layouts%2fAuthenticate.aspx%3fSource%3d%252Fsites%252Fdynamicsax&Source=%2Fsites%2Fdynamicsax could not be found in the Web application SPWebApplication Name=DynamicsAxEP - 5000. at Microsoft.SharePoint.SPSite.LookupSiteInfo(SPFarm farm, Boolean contextSite, Boolean swapSchemeForPathBasedSites, Uri& requestUri, Boolean& lookupRequiredContext, Guid& applicationId, Guid& contentDatabaseId, Guid& siteId, Guid& siteSubscriptionId, SPUrlZone& zone, String& serverRelativeUrl, Boolean& hostHeaderIsSiteName, Boolean& appWebRequest, String& appHostHeaderRedirectDomain, String& appSiteDomainPrefix, String& subscriptionName, String& appSiteDomainId, Uri& primaryUri) at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.GetContextCompatibilityLevel(Uri requestUri)
Exception trying get context compatibility level: System.IO.FileNotFoundException: The site https://server.domain:5088/_Layouts/FormsAuth/Login.aspx?wa=wsignin1.0&wtrealm=urn%3aserver%3aFormsAuth&wctx=https%3a%2f%2fserver.domain%3a5000%2fsites%2fDynamicsAx%2f_layouts%2fAuthenticate.aspx%3fSource%3d%252Fsites%252Fdynamicsax could not be found in the Web application SPWebApplication Name=DynamicsFormsSTS - server.domain-5088. at Microsoft.SharePoint.SPSite.LookupSiteInfo(SPFarm farm, Boolean contextSite, Boolean swapSchemeForPathBasedSites, Uri& requestUri, Boolean& lookupRequiredContext, Guid& applicationId, Guid& contentDatabaseId, Guid& siteId, Guid& siteSubscriptionId, SPUrlZone& zone, String& serverRelativeUrl, Boolean& hostHeaderIsSiteName, Boolean& appWebRequest, String& appHostHeaderRedirectDomain, String& appSiteDomainPrefix, String& subscriptionName, String& appSiteDomainId, Uri& primaryUri) at Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.GetContextCompatibilityLevel(Uri requestUri)
From what I could find this error related to Web Applications without a Site Collection, which is appears to be the case for the STS Site. I'm not sure about how the Login page has been added to the EP Web Application.
Any suggestions from those who have successfully deployed EP with Forms-based authentication would be gratefully received. Many thanks in advance.