Hi Chris,
Thank you very much for your fast replies.
I have indeed configured both servers with the same configurations, going through this article. so both had the same configurations. however, I found the issue which seems to be strange to me.

I did the following:
1- Open IIS Manager.
2- Clicked on securityTokenServiceApplication -> features View -> Connection Strings.
3- Here I noticed that I have different Connection strings that are pointing to different server, once I fixed it everything worked fine.

I checked the web.config again and found that the connection strings have been added there.

Thank you so much for your time and effort.

My guess is that something is configured differently in web1 than web2. Have you checked to make sure all of the .config file changes are the same? Are you sure that the connection string properly connects to the sql server from web1? Shouldn’t be, but is it possible that the app pool account is different between the two servers and only the web2 account has permissions to the fba database?

Another possibility is if you are using the encrypted password format instead of hashed (you should use hashed). The encrypted password format requires the same machine key values set on all servers.

I tried to turn off the WEB1 IIS and everything worked fine. but still I need both of them the stay up.

any thoughts?

Yeah, it should be fine in a multi server environment, as long as all the machine.config files and securetokenservice web.configs are all configured the same.

Thank you for quick reply.

Yes, I have made changes to SecureTokenService web.config as mentioned.
When I do the FBA configuration on my dev box with is single server environment it works just fine. The only difference on the staging environment is its multiple server architecture. I will double check my web.config though.

Here are few errors I find in ULS log.
SPSecurityContext: Request for security token failed with exception. Exception: ‘System.ServiceModel.FaultException: The security token username and password could not be validated.
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst)
at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo, SPRequestSecurityTokenProperties properties)’.

SetupUserValidationType: Password not set. Defaulting to sign-in operation. Username:

An exception occurred when trying to issue security token: The security token username and password could not be validated..

You don’t need to make the machine.config change on SQL Server, only on SharePoint servers.

As for the error, did you make the SecureTokenService web.config changes? If so, I think there’s some differences in the membership settings in that web.config and the machine.config.

I have a multiple server environment with 1 WEF, 1 APP, and 1 Sql server. As you mention in the blog we need to change the machine.config on all the environment. Is this applicable to sql server environment also?

When i try to login with FBA users i get below errors in ULS log though i used the hashed passwordFormat

STS Call: Failed to issue new security token. Exception: ‘System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password could not be validated. (Fault Detail is equal to Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The security token username and password could not be validated.).’.

Please advice
Regards

Hi Steve,

The tutorial still works, the only thing that has really changed is that to use it in Chrome you need to be accessing the site via https/ssl. But nothing to do with the above error.

That error just means that the FBA Pack can’t access the database specified in the config file/FBA Setup. I’d say 90% of the time it is due to a permissions issue. The database requests happen as the SharePoint app pool user, and that user doesn’t have permission to the DB. There’s information in Part 1 about assigning the proper permissions to the DB.

Hi Chris,

I am experiencing the same error when attempting to manage forms based users… “A Membership Provider has not been configured correctly. Check the web.config setttings for this web application”. In this case, this is a brand new Sharepoint 2019 installation. I have followed your tutorial exactly, and I have not modified any of the config files except as specified in the tutorial. Just to prove the point, I completely removed my Sharepoint server and database installations, and still end up with the exact same error. Your post is now fairly old, is it possible that something has changed in Sharepoint that would cause your tutorial to no longer function?

Are you using Chrome? Does it work fine in Internet Explorer (Not Edge)?

Chrome made changes to it’s cookie security a while ago, and Microsoft put out a patch to SharePoint 2016 to work with it. However the changes they made causes it only to work over SSL in Chrome.

I expect this is your issue. Get an SSL cert for the site and access it via https and I think it will start working properly.