Server error 500 after upgrade to AMS 2.0 from 1.0

[Slinters]

I recently upgraded AMS to 2.0 and after that i cant get it to work.

I had authentication on Integrated Windows Security and NTLM when running it on v.1.0 and it worked.
Upgrade process went smoth with no errors, and i went throug all settings and everything seams ok. but when trying to access the site it dont get anywhere.

When using Negotiate i get a blank page and in the log webapp.logg i can see the following:

2024-04-30 09:01:30.5578| INFO|6212|00-ddc350b3a14e90b49af3a58df273f2d2-2f567fdd6e84b35d-00|192.168.1.154||Microsoft.AspNetCore.Hosting.Diagnostics|Request starting HTTP/2 GET https://am.company.com/Computer/AccessRequest - - 2024-04-30 09:01:30.5678| INFO|6212|00-ddc350b3a14e90b49af3a58df273f2d2-2f567fdd6e84b35d-00|192.168.1.154||Microsoft.AspNetCore.Hosting.Diagnostics|Request finished HTTP/2 GET https://am.company.com/Computer/AccessRequest - - - 401 - text/html;+charset=utf-8 9.9453ms 2024-04-30 09:01:30.6017| INFO|6212|00-0ef51f5fbbcc0631b24c54029a450630-7008b6876bdb77a5-00|192.168.1.154||Microsoft.AspNetCore.Hosting.Diagnostics|Request starting HTTP/1.1 GET https://am.company.com/Computer/AccessRequest - - 2024-04-30 09:01:30.6082| INFO|6212|00-0ef51f5fbbcc0631b24c54029a450630-7008b6876bdb77a5-00|192.168.1.154||Microsoft.AspNetCore.Hosting.Diagnostics|Request finished HTTP/1.1 GET https://am.company.com/Computer/AccessRequest - - - 401 - text/html;+charset=utf-8 6.5280ms 2024-04-30 09:01:30.6302| INFO|6212|00-08ceadcf50b3ed5c381592373d439415-9b19f7a4ce34fcef-00|192.168.1.154||Microsoft.AspNetCore.Hosting.Diagnostics|Request starting HTTP/1.1 GET https://am.company.com/Computer/AccessRequest - - 2024-04-30 09:01:30.6602|ERROR|6212|00-08ceadcf50b3ed5c381592373d439415-9b19f7a4ce34fcef-00|192.168.1.154||Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware|An unhandled exception has occurred while executing the request. System.ArgumentNullException: Value cannot be null. (Parameter 'value') at System.Security.Claims.Claim..ctor(String type, String value, String valueType, String issuer, String originalIssuer, ClaimsIdentity subject, String propertyKey, String propertyValue) at System.Security.Claims.Claim..ctor(String type, String value) at Lithnet.AccessManager.WebApp.Authentication.WindowsAccountNameClaimProvider.TransformAsync(ClaimsPrincipal principal) in D:\a\1\s\src\Lithnet.AccessManager\Lithnet.AccessManager.WebApp\Authentication\WindowsAccountNameClaimProvider.cs:line 24 at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme) at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.ResponseCaching.ResponseCachingMiddleware.Invoke(HttpContext httpContext) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task) 2024-04-30 09:01:30.6762|ERROR|6212|00-08ceadcf50b3ed5c381592373d439415-9b19f7a4ce34fcef-00|192.168.1.154||Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware|An exception was thrown attempting to execute the error handler. System.ArgumentNullException: Value cannot be null. (Parameter 'value') at System.Security.Claims.Claim..ctor(String type, String value, String valueType, String issuer, String originalIssuer, ClaimsIdentity subject, String propertyKey, String propertyValue) at System.Security.Claims.Claim..ctor(String type, String value) at Lithnet.AccessManager.WebApp.Authentication.WindowsAccountNameClaimProvider.TransformAsync(ClaimsPrincipal principal) in D:\a\1\s\src\Lithnet.AccessManager\Lithnet.AccessManager.WebApp\Authentication\WindowsAccountNameClaimProvider.cs:line 24 at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme) at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.ResponseCaching.ResponseCachingMiddleware.Invoke(HttpContext httpContext) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.HandleException(HttpContext context, ExceptionDispatchInfo edi) 2024-04-30 09:01:30.6762|ERROR|6212|00-08ceadcf50b3ed5c381592373d439415-9b19f7a4ce34fcef-00|192.168.1.154||Microsoft.AspNetCore.Server.HttpSys.HttpSysListener|ProcessRequestAsync System.ArgumentNullException: Value cannot be null. (Parameter 'value') at System.Security.Claims.Claim..ctor(String type, String value, String valueType, String issuer, String originalIssuer, ClaimsIdentity subject, String propertyKey, String propertyValue) at System.Security.Claims.Claim..ctor(String type, String value) at Lithnet.AccessManager.WebApp.Authentication.WindowsAccountNameClaimProvider.TransformAsync(ClaimsPrincipal principal) in D:\a\1\s\src\Lithnet.AccessManager\Lithnet.AccessManager.WebApp\Authentication\WindowsAccountNameClaimProvider.cs:line 24 at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme) at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.ResponseCaching.ResponseCachingMiddleware.Invoke(HttpContext httpContext) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.HandleException(HttpContext context, ExceptionDispatchInfo edi) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task) at Microsoft.AspNetCore.Diagnostics.StatusCodePagesMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Server.HttpSys.RequestContext1.ExecuteAsync()
at Microsoft.AspNetCore.Server.HttpSys.RequestContext1.ExecuteAsync() 2024-04-30 09:01:30.6762| INFO|6212|00-08ceadcf50b3ed5c381592373d439415-9b19f7a4ce34fcef-00|192.168.1.154||Microsoft.AspNetCore.Hosting.Diagnostics|Request finished HTTP/1.1 GET https://am.company.com/Computer/AccessRequest - - - 500 - - 52.3065ms

And when using NTML i see this in the log:
2024-04-30 09:05:17.9942| INFO|2540|00-8d7cddb02a5768afa252909548203284-758f885d315bb0dd-00|192.168.1.154||Microsoft.AspNetCore.Hosting.Diagnostics|Request starting HTTP/2 GET https://am.company.com/Computer/AccessRequest - - 2024-04-30 09:05:18.2866| INFO|2540|00-8d7cddb02a5768afa252909548203284-758f885d315bb0dd-00|192.168.1.154||Lithnet.AccessManager.Enterprise.AmsLicenseManager|No license information was found on the system 2024-04-30 09:05:18.3317| INFO|2540|00-8d7cddb02a5768afa252909548203284-758f885d315bb0dd-00|192.168.1.154||Microsoft.AspNetCore.Hosting.Diagnostics|Request finished HTTP/2 GET https://am.company.com/Computer/AccessRequest - - - 401 - text/html;+charset=utf-8 339.7562ms 2024-04-30 09:05:18.3793| INFO|2540|00-34bf8454a92016473f8ec16be8a2bc71-767d32bb46b8cc4d-00|192.168.1.154||Microsoft.AspNetCore.Hosting.Diagnostics|Request starting HTTP/1.1 GET https://am.company.com/Computer/AccessRequest - - 2024-04-30 09:05:18.3988| INFO|2540|00-34bf8454a92016473f8ec16be8a2bc71-767d32bb46b8cc4d-00|192.168.1.154||Microsoft.AspNetCore.Hosting.Diagnostics|Request finished HTTP/1.1 GET https://am.company.com/Computer/AccessRequest - - - 401 - text/html;+charset=utf-8 19.5387ms 2024-04-30 09:05:18.4243| INFO|2540|00-25641d42df16502b781444275c5a74a2-b8098bc3acf2d5a5-00|192.168.1.154||Microsoft.AspNetCore.Hosting.Diagnostics|Request starting HTTP/1.1 GET https://am.company.com/Computer/AccessRequest - - 2024-04-30 09:05:18.4419|TRACE|2540|00-25641d42df16502b781444275c5a74a2-b8098bc3acf2d5a5-00|192.168.1.154||Lithnet.AccessManager.ActiveDirectory.DiscoveryServices|Local DCLocator: Finding domain controller for domain acme.local with flags 0 2024-04-30 09:05:18.4419|TRACE|2540|00-25641d42df16502b781444275c5a74a2-b8098bc3acf2d5a5-00|192.168.1.154||Lithnet.AccessManager.ActiveDirectory.DiscoveryServices|Local DCLocator: Found DC SRV1.acme.local for domain acme.local, with flags 0 2024-04-30 09:05:18.5177|ERROR|2540|00-25641d42df16502b781444275c5a74a2-b8098bc3acf2d5a5-00|192.168.1.154||Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware|An unhandled exception has occurred while executing the request. System.ArgumentNullException: Value cannot be null. (Parameter 'value') at System.Security.Claims.Claim..ctor(String type, String value, String valueType, String issuer, String originalIssuer, ClaimsIdentity subject, String propertyKey, String propertyValue) at System.Security.Claims.Claim..ctor(String type, String value) at Lithnet.AccessManager.WebApp.Authentication.WindowsAccountNameClaimProvider.TransformAsync(ClaimsPrincipal principal) in D:\a\1\s\src\Lithnet.AccessManager\Lithnet.AccessManager.WebApp\Authentication\WindowsAccountNameClaimProvider.cs:line 24 at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme) at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.ResponseCaching.ResponseCachingMiddleware.Invoke(HttpContext httpContext) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task) 2024-04-30 09:05:18.5723|ERROR|2540|00-25641d42df16502b781444275c5a74a2-b8098bc3acf2d5a5-00|192.168.1.154||Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware|An exception was thrown attempting to execute the error handler. System.ArgumentNullException: Value cannot be null. (Parameter 'value') at System.Security.Claims.Claim..ctor(String type, String value, String valueType, String issuer, String originalIssuer, ClaimsIdentity subject, String propertyKey, String propertyValue) at System.Security.Claims.Claim..ctor(String type, String value) at Lithnet.AccessManager.WebApp.Authentication.WindowsAccountNameClaimProvider.TransformAsync(ClaimsPrincipal principal) in D:\a\1\s\src\Lithnet.AccessManager\Lithnet.AccessManager.WebApp\Authentication\WindowsAccountNameClaimProvider.cs:line 24 at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme) at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.ResponseCaching.ResponseCachingMiddleware.Invoke(HttpContext httpContext) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.HandleException(HttpContext context, ExceptionDispatchInfo edi) 2024-04-30 09:05:18.5723|ERROR|2540|00-25641d42df16502b781444275c5a74a2-b8098bc3acf2d5a5-00|192.168.1.154||Microsoft.AspNetCore.Server.HttpSys.HttpSysListener|ProcessRequestAsync System.ArgumentNullException: Value cannot be null. (Parameter 'value') at System.Security.Claims.Claim..ctor(String type, String value, String valueType, String issuer, String originalIssuer, ClaimsIdentity subject, String propertyKey, String propertyValue) at System.Security.Claims.Claim..ctor(String type, String value) at Lithnet.AccessManager.WebApp.Authentication.WindowsAccountNameClaimProvider.TransformAsync(ClaimsPrincipal principal) in D:\a\1\s\src\Lithnet.AccessManager\Lithnet.AccessManager.WebApp\Authentication\WindowsAccountNameClaimProvider.cs:line 24 at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme) at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.ResponseCaching.ResponseCachingMiddleware.Invoke(HttpContext httpContext) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.HandleException(HttpContext context, ExceptionDispatchInfo edi) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task) at Microsoft.AspNetCore.Diagnostics.StatusCodePagesMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Server.HttpSys.RequestContext1.ExecuteAsync()
at Microsoft.AspNetCore.Server.HttpSys.RequestContext1.ExecuteAsync() 2024-04-30 09:05:18.5799| INFO|2540|00-25641d42df16502b781444275c5a74a2-b8098bc3acf2d5a5-00|192.168.1.154||Microsoft.AspNetCore.Hosting.Diagnostics|Request finished HTTP/1.1 GET https://am.company.com/Computer/AccessRequest - - - 500 - -

And running with value of Basic:
2024-04-30 09:08:22.1453| INFO|8348|00-60ec0e2c0aac0b6c8d13d7d303467309-395d4722f67c3181-00|192.168.1.154||Microsoft.AspNetCore.Hosting.Diagnostics|Request starting HTTP/2 GET https://am.company.com/Computer/AccessRequest - - 2024-04-30 09:08:22.4327| INFO|8348|00-60ec0e2c0aac0b6c8d13d7d303467309-395d4722f67c3181-00|192.168.1.154||Lithnet.AccessManager.Enterprise.AmsLicenseManager|No license information was found on the system 2024-04-30 09:08:22.4823| INFO|8348|00-60ec0e2c0aac0b6c8d13d7d303467309-395d4722f67c3181-00|192.168.1.154||Microsoft.AspNetCore.Hosting.Diagnostics|Request finished HTTP/2 GET https://am.company.com/Computer/AccessRequest - - - 401 - text/html;+charset=utf-8 339.1057ms 2024-04-30 09:08:22.6053| INFO|8348|00-44494f08e65eb578c921e73a161140c2-3674b19bd1454e32-00|192.168.1.154||Microsoft.AspNetCore.Hosting.Diagnostics|Request starting HTTP/2 GET https://am.company.com/Computer/AccessRequest - - 2024-04-30 09:08:22.6247|TRACE|8348|00-44494f08e65eb578c921e73a161140c2-3674b19bd1454e32-00|192.168.1.154||Lithnet.AccessManager.ActiveDirectory.DiscoveryServices|Local DCLocator: Finding domain controller for domain acme.local with flags 0 2024-04-30 09:08:22.6331|TRACE|8348|00-44494f08e65eb578c921e73a161140c2-3674b19bd1454e32-00|192.168.1.154||Lithnet.AccessManager.ActiveDirectory.DiscoveryServices|Local DCLocator: Found DC SRV1.acme.local for domain acme.local, with flags 0 2024-04-30 09:08:22.6981|ERROR|8348|00-44494f08e65eb578c921e73a161140c2-3674b19bd1454e32-00|192.168.1.154||Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware|An unhandled exception has occurred while executing the request. System.ArgumentNullException: Value cannot be null. (Parameter 'value') at System.Security.Claims.Claim..ctor(String type, String value, String valueType, String issuer, String originalIssuer, ClaimsIdentity subject, String propertyKey, String propertyValue) at System.Security.Claims.Claim..ctor(String type, String value) at Lithnet.AccessManager.WebApp.Authentication.WindowsAccountNameClaimProvider.TransformAsync(ClaimsPrincipal principal) in D:\a\1\s\src\Lithnet.AccessManager\Lithnet.AccessManager.WebApp\Authentication\WindowsAccountNameClaimProvider.cs:line 24 at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme) at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.ResponseCaching.ResponseCachingMiddleware.Invoke(HttpContext httpContext) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task) 2024-04-30 09:08:22.7603|ERROR|8348|00-44494f08e65eb578c921e73a161140c2-3674b19bd1454e32-00|192.168.1.154||Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware|An exception was thrown attempting to execute the error handler. System.ArgumentNullException: Value cannot be null. (Parameter 'value') at System.Security.Claims.Claim..ctor(String type, String value, String valueType, String issuer, String originalIssuer, ClaimsIdentity subject, String propertyKey, String propertyValue) at System.Security.Claims.Claim..ctor(String type, String value) at Lithnet.AccessManager.WebApp.Authentication.WindowsAccountNameClaimProvider.TransformAsync(ClaimsPrincipal principal) in D:\a\1\s\src\Lithnet.AccessManager\Lithnet.AccessManager.WebApp\Authentication\WindowsAccountNameClaimProvider.cs:line 24 at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme) at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.ResponseCaching.ResponseCachingMiddleware.Invoke(HttpContext httpContext) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.HandleException(HttpContext context, ExceptionDispatchInfo edi) 2024-04-30 09:08:22.7603|ERROR|8348|00-44494f08e65eb578c921e73a161140c2-3674b19bd1454e32-00|192.168.1.154||Microsoft.AspNetCore.Server.HttpSys.HttpSysListener|ProcessRequestAsync System.ArgumentNullException: Value cannot be null. (Parameter 'value') at System.Security.Claims.Claim..ctor(String type, String value, String valueType, String issuer, String originalIssuer, ClaimsIdentity subject, String propertyKey, String propertyValue) at System.Security.Claims.Claim..ctor(String type, String value) at Lithnet.AccessManager.WebApp.Authentication.WindowsAccountNameClaimProvider.TransformAsync(ClaimsPrincipal principal) in D:\a\1\s\src\Lithnet.AccessManager\Lithnet.AccessManager.WebApp\Authentication\WindowsAccountNameClaimProvider.cs:line 24 at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme) at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.ResponseCaching.ResponseCachingMiddleware.Invoke(HttpContext httpContext) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.HandleException(HttpContext context, ExceptionDispatchInfo edi) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task) at Microsoft.AspNetCore.Diagnostics.StatusCodePagesMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Server.HttpSys.RequestContext1.ExecuteAsync()
at Microsoft.AspNetCore.Server.HttpSys.RequestContext1.ExecuteAsync() 2024-04-30 09:08:22.7603| INFO|8348|00-44494f08e65eb578c921e73a161140c2-3674b19bd1454e32-00|192.168.1.154||Microsoft.AspNetCore.Hosting.Diagnostics|Request finished HTTP/2 GET https://am.company.com/Computer/AccessRequest - - - 500 - - 163.0071ms

Something is missing that cannot be null but what?
What am i missing?

[ryannewington]

@Slinters

The ams service doesn't have permission to read the msds-principalname and a few others, on user objects.

This is usually granted because "authenticated users" is by default a member of the "pre-windows 2000 compatible access" group. In some environments this membership is removed and users by default can't read properties of other users.

Either add the service account to the pre win2k group, or manually delegate "read" permissions on user objects in the domain to the ams service account.

AMSv1 resolved user attributes differently to V2. Hence the issue appearing here.

[Slinters]

Thank, spot on the solution. It's now working.