I have provisioned a separate Active Directory server to house external accounts. The idea is to add users to this Active Directory for extranet access. My web application is using Claims Based Authentication. I have extended the Web Application (and created an "Extranet" zone) enabling Windows Authentication (NTLM) and FBA. Did this so users can authenticate as they normally do (using internal AD) and externally (using FBA AD). I updated extranet web.config, central admin web.config, and STS web.config with the following:
<membership><providers><add name="ExtranetMembershipProvider"
type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="test_dev_dc1"
port="389"
useSSL="false"
userDNAttribute="distinguishedName"
userNameAttribute="sAMAccountName"
userContainer="CN=Users,DC=testdev,DC=com"
userObjectClass="person"
userFilter="(ObjectClass=person)"
scope="Subtree"
otherRequiredUserAttributes="sn,givenname,cn" /></providers></membership><roleManager><providers><add name="ExtranetRoleManager"
type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
server="test_dev_dc1"
port="389"
useSSL="false"
groupContainer="CN=Users,DC=testdev,DC=com"
groupNameAttribute="cn"
groupNameAlternateSearchAttribute="samAccountName"
groupMemberAttribute="member"
userNameAttribute="sAMAccountName"
dnAttribute="distinguishedName"
groupFilter="(ObjectClass=group)"
userFilter="(ObjectClass=person)"
scope="Subtree" /></providers></roleManager>After modifying 3 web.configs I attempt to authenticate using "Forms Authentication" and receive:
[WebException: The remote server returned an error: (500) Internal Server Error.]
System.Net.HttpWebRequest.GetResponse() +1126
System.ServiceModel.Channels.HttpChannelRequest.WaitForReply(TimeSpan timeout) +81
[ProtocolException: The content type text/html; charset=utf-8 of the response message does not match the content type of the binding (application/soap+msbin1). If using a custom encoder, be sure that the IsContentTypeSupported method is implemented properly. The first 1024 bytes of the response were: '<html><head><title>Configuration Error</title><style>
body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;}
p {font-family:"Verdana";font-weight:normal;color:black;margin-top: -5px}
b {font-family:"Verdana";font-weight:bold;color:black;margin-top: -5px}
H1 { font-family:"Verdana";font-weight:normal;font-size:18pt;color:red }
H2 { font-family:"Verdana";font-weight:normal;font-size:14pt;color:maroon }
pre {font-family:"Lucida Console";font-size: .9em}
.marker {font-weight: bold; color: black;text-decoration: none;}
.version {color: gray;}
.error {margin-bottom: 10px;}
.expandable { text-decoration:underline; font-weight:bold; color:navy; cursor:hand; }</style></head><body bgcolor="white"><span><H1>Server Error in '/SecurityTokenServiceApplication' Application.<hr width=100% size=1 color=silver></H1><h2> <i>Co'.]
System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) +10266458
System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) +539
Microsoft.IdentityModel.Protocols.WSTrust.IWSTrustContract.Issue(Message message) +0
Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr) +61
Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst) +36
Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo) +26740433
Microsoft.SharePoint.SPSecurityContext.SecurityTokenForLegacyLoginContext(Uri context) +59
Microsoft.SharePoint.IdentityModel.SPWindowsClaimsAuthenticationHttpModule.GetSecurityTokenFromWindowsIdentity(WindowsIdentity windowsIdentity, HttpContext httpContext) +32
Microsoft.SharePoint.IdentityModel.SPWindowsClaimsAuthenticationHttpModule.AuthenticateRequest(Object sender, EventArgs e) +1146
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +80
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +171Actually, I am also not able to browse "Intranet Zone" either. I receive the same message. I have researched this, but cannot seem to get it working. I have triple checked web.config files. I think references for role and membership providers are correct. My external AD server name is test_dev_dc1. My domain name is testdev.com. I think the GroupContainer and UserContainer in the web.config files are correct. I am not an AD expert, so not 100% sure. I do not know what to do next or how to resolve. Any help would be very much appreciated.
![Chad Lawson – Awakening: The Stillness Within (2026) [FLAC 24bit/48kHz]](http://imghd.xyz/images/2026/05/09/x5d03jw9bi367_600.jpg)
