AD FS Help AD FS Event Viewer
AD FS Event Viewer
If you're looking for an AD FS event and don't want to log into your server to find it, we've got you covered. We have a full list of all AD FS events spanning several Windows Server versions. Pick your server version, find your event. Just keep in mind that some of the data is specific to when the event is logged, so you won't see that here. That information is represented as %1, %2, etc.
Select the version of Windows Server for which you want to see the AD FS events.
| ID | Event Name | Event Description |
|---|---|---|
| 100 | FsServiceStart | The Federation Service started successfully. The following service hosts have been added: %1 |
| 102 | StartupException | There was an error in enabling endpoints of Federation Service. Fix configuration errors using PowerShell cmdlets and restart the Federation Service. Additional Data Exception details: %1 |
| 103 | FsServiceStop | The Federation Service stopped successfully. |
| 104 | ArtifactServiceNotRunningForReplayDetectionCheck | The artifact resolution service is not running. The service must be running to perform token replay detection. User Action Make sure that the artifact resolution service is configured properly. Or disable token replay detection by using the Set-ADFSProperties cmdlet with the PreventTokenReplays parameter in Windows PowerShell for AD FS. |
| 105 | AuthMethodLoadError | An error occurred loading an authentication provider. Fix configuration errors using PowerShell cmdlets and restart the Federation Service. Identifier: %1 Context: %2 Additional Data Exception details: %3 |
| 106 | AuthMethodLoadSuccess | An authentication provider was successfully loaded: Identifier: '%1', Context: '%2' |
| 111 | WsTrustRequestProcessingError | The Federation Service encountered an error while processing the WS-Trust request. Request type: %1 Additional Data Exception details: %2 |
| 131 | BadConfigurationFormatError | During processing of the Federation Service configuration, the element '%1' was found to have invalid data. The configured value '%2' could not be parsed as type '%3'. Element: %1 Value: %2 Type: %3 The Federation Service will not be able to start until this configuration element is corrected. User Action Correct the specified configuration element to conform to the given type. |
| 132 | BadConfigurationValueMissing | During processing of the Federation Service configuration, the required element '%1' was missing. Element: %1 The Federation Service will not be able to start until this configuration element is configured. User Action Configure the specified configuration element using the AD FS Management snap-in. |
| 133 | BadConfigurationIdentityCertificateHasNoPrivateKey | During processing of the Federation Service configuration, the element '%1' was found to have invalid data. The private key for the certificate that was configured could not be accessed. The following are the values of the certificate: Element: %1 Subject: %2 Thumbprint: %3 storeName: %4 storeLocation: %5 Federation Service identity: %6 The Federation Service will not be able to start until this configuration element is corrected. This condition can occur when the certificate is found in the specified store but there is a problem accessing the certificate's private key. Common causes for this condition include the following: (1) The certificate was installed from a source that did not include the private key, such as a .cer or .p7b file. (2) The certificate's private key was imported (for example, from a .pfx file) into a store that is different from the store specified above. (3) The certificate was generated as part of a certificate request that did not specify the "Machine Key" option. (4) The Federation Service identity '%6' has not been granted read access to the certificate's private key. User Action If the certificate was imported from a source with no private key, choose a certificate that does have a private key, or import the certificate again from a source that includes the private key (for example, a .pfx file). If the certificate was imported in a user context, verify that the store specified above matches the store the certificate was imported into. If the certificate was generated by a certificate request that did not specify the "Machine Key" option and the key is marked as exportable, export the certificate with a private key from the user store to a .pfx file and import it again directly into the store specified in the configuration file. If the key is not marked as exportable, request a new certificate using the "Machine Key" option. If the Federation Service identity has not been granted read access to the certificate's private key, correct this condition using the Certificates snap-in. |
| 134 | BadConfigurationCertificateNotFound | During processing of the Federation Service configuration, the element '%1' was found to have invalid data. The certificate that was identified by the findValue '%2' could not be found. Element: %1 storeName: %3 storeLocation: %4 x509FindType: %5 findValue: %2 The Federation Service will not be able to start until this configuration element is corrected. This condition occurs when the findValue that is specified does not match any certificate in the specified store. Common causes for this condition include the following: (1) The certificate with the specified findValue is from a store that is different from the configured store. (2) The certificate was deleted from the store after configuration. User Action If the certificate exists in a different store, find the location using the certificates snap-in and correct the configuration appropriately. If the certificate has been deleted, configure a different certificate. |
| 135 | BadConfigurationMultipleCertificatesMatch | During processing of the Federation Service configuration, the element '%1' was found to have invalid data. The certificate that was identified by the findValue '%2' was not unique. Element: %1 storeName: %3 storeLocation: %4 x509FindType: %5 findValue: %2 The Federation Service will not be able to start until this configuration element is corrected. This condition can occur when the certificate is found in the specified store but there is more than one certificate that matches the findValue. User Action If the certificate was identified by name and there are multiple certificates of the same name, configure the certificate using the certificate thumbprint. |
| 136 | ConfigurationErrorsException | During processing of the Federation Service configuration, the Federation Service encountered a configuration error. %1 Additional Data %2 The Federation Service will not be able to start until this error has been corrected. User Action Correct the specified configuration error using the AD FS Management snap-in. |
| 143 | UnableToCreateFederationMetadataDocument | The Federation Service was unable to create the federation metadata document as a result of an error. Document Path: %1 Additional Data Exception details: %2 |
| 144 | RequestBlocked | The Federation Service Proxy blocked an illegitimate request made by a client, as there was no matching endpoint registered at the proxy. This could point to a DNS misconfiguration, a partially configured application published through the proxy, or a malicious request. Url Path: %1 |
| 147 | InvalidClaimsProviderError | A token was received from a claims provider identified by the key '%1', but the token could not be validated because the key does not identify any known claims provider trust. Key: %1 This request failed. User Action If this key represents the certificate thumbprint of a claims provider trust, verify that it matches the signing certificate of the claims provider trust in the AD FS configuration database. |
| 149 | AttributeStoreLoadFailure | During processing of the Federation Service configuration, the attribute store '%1' could not be loaded. Attribute store type: %2 User Action If you are using a custom attribute store, verify that the custom attribute store is configured using AD FS Management snap-in. Additional Data %3 |
| 155 | MetadataListenerError | The Federation Service was unable to listen at '%1' for metadata document requests due to an unexpected error. Additional Data %Exception details: %2 |
| 156 | TrustMonitoringInitiated | Trust monitoring cycle initiated. |
| 157 | TrustMonitoringComplete | Trust monitoring cycle completed. |
| 159 | TrustMonitoringConfigurationDatabaseWriteError | The Federation Service encountered an error while writing to the following object in the configuration database. Object Type: %1 Name: %2 Metadata document URL: %3 Additional Data Exception details: %4 Additional details: %5 |
| 163 | TrustMonitoringInitiationError | An error occurred during initialization of trust monitoring. Trust monitoring against the published partner configuration will be disabled for the lifetime of this service. Additional Data Exception details: %1 User Action If you want to try to start the trust monitoring service again, restart the Federation Service. |
| 164 | TrustMonitoringConfigurationDatabaseError | An error occurred during a read operation from the configuration database. Trust monitoring was shut down and will be tried again after an amount of time that corresponds to the trust monitoring interval. Additional Data Exception details: %1 Additional details: %2 |
| 165 | TrustMonitoringGenericError | An error occurred during trust monitoring. The trust monitoring cycle was shut down. Additional Data Exception details: %1 Additional details: %2 |
| 166 | TrustMonitoringMetadataFormatError | Trust monitoring service encountered an error while parsing the metadata document from '%1'. Trust monitoring failed for: Object Type: %2 Name: %3 Additional Data Exception details: %4 Additional details: %5 |
| 167 | TrustMonitoringMetadataProcessingError | Trust monitoring service encountered an error while applying the data in the metadata document from '%1'. Trust monitoring failed for: Object Type: %2 Name: %3 Additional Data Exception details: %4 Additional details: %5 |
| 168 | TrustManagementMetadataRequestError | The Federation Service encountered an error while retrieving the federation metadata document from '%1'. The monitoring for the following trusts failed: Claims providers: %2 Relying parties: %3 Additional Data Exception details: %4 Additional details: %5 User Action Make sure federation metadata URL is accessible. Verify your proxy server setting. For more information about how to verify your proxy server setting, see the AD FS Troubleshooting Guide (http://go.microsoft.com/fwlink/?LinkId=182180). |
| 171 | SuccessfulAutoUpdate | The trust monitoring service automatically updated the trust of '%1' successfully with the partner's published changes. |
| 173 | SuccessfulAutoUpdateWithWarning | The trust monitoring service automatically updated the trust of '%1' successfully with the partner's published changes. Additional Data Warnings: %2 |
| 174 | AutoUpdateSkippedWithWarning | Trust monitoring service detected changes in policy of '%1', but did not automatically apply the changes on the trust partner. Additional Data Warnings: %2 |
| 184 | InvalidRelyingPartyError | A token request was received for a relying party identified by the key '%1', but the request could not be fulfilled because the key does not identify any known relying party trust. Key: %1 This request failed. User Action If this key represents a URI for which a token should be issued, verify that its prefix matches the relying party trust that is configured in the AD FS configuration database. |
| 186 | PolicyDuplicateNameIdentifier | The Federation Service could not fulfill the token-issuance request. More than one claim based on SamlNameIdentifierClaimResource was produced after the issuance See event 500 with the same Instance ID for claims after application of issuance transform rules. Additional Data Instance ID: %1 User Action Ensure that the issuance transform rules that are configured for the relying party do not result in multiple claims based on SamlNameIdentifierClaimResource. |
| 193 | PolicyUnknownAuthenticationTypeError | The Federation Service could not satisfy a token request because the relying party requested an unknown authentication type. Comparison type: %1 Desired authentication type(s): %2 Relying party: %3 This request failed. User Action Use the AD FS PowerShell commands to configure the authentication context order property. Ensure that the relying party is configured to request the correct authentication type. |
| 197 | ConfigurationInvalidAuthenticationTypeError | The Federation Service could not satisfy a token request because the accompanying credentials do not meet the authentication type requirement of '%2' for the relying party '%3'. Authentication type: %1 Desired authentication type(s): %2 Relying party: %3 This request failed. |
| 198 | FsProxyServiceStart | The federation server proxy started successfully. |
| 199 | ProxyStartupException | The federation server proxy could not be started. Reason: %1 Additional Data Exception details: %2 |
| 200 | FsProxyServiceStop | The federation server proxy stopped successfully. |
| 201 | ServiceHostOpenAddressAccessDeniedError | The Federation Service %1 encountered an Access Denied error while trying to register one or more endpoint URLs. This condition typically occurs when the ACL for the endpoint URL is missing or the HTTP namespace in the ACL is not a prefix match of the endpoint URL. The %1 could not be opened. User Action Ensure that a valid ACL for each of the URLs has been configured on this computer. Additional Data Exception details: %2 |
| 202 | ServiceHostOpenError | The Federation Service %1 could not be opened. Additional Data Exception details: %2 |
| 203 | ServiceHostAbortError | The Federation Service %1 could not be shut down properly. Additional Data Exception details: %2 |
| 204 | ServiceHostCloseError | The Federation Service %1 could not be closed. Additional Data Exception details: %2 |
| 206 | EmptyOrMissingWSFederationPassiveEndpoint | The Federation Service could not fulfill the token-issuance request because the relying party '%1' is missing a WS-Federation Passive endpoint address. Relying party: %1 This request failed. User Action Use the AD FS Management snap-in to configure a WS-Federation Passive endpoint on this relying party. |
| 207 | FailureWritingToAuditLog | An attempt to write to the Security event log failed. Additional Data Windows error code: %1 Exception details: %2 |
| 208 | InsufficientPrivilegesWritingToAuditLogError | An error occurred during an attempt to register the event source for the Security log. User Action Ensure that the Federation Service has the correct permissions to write to the Security log. |
| 209 | AuditLogEventSourceCouldNotBeRegisteredError | The Security log event source for the Federation Service could not be registered. Additional Data Windows error code: %1 Exception details: %2 |
| 215 | FsProxyNoEndpointsConfigured | The Federation Service at '%1' did not return any WS-Trust endpoints to be published by the federation server proxy. User Action If you want to publish WS-Trust endpoints to the federation server proxy, make sure that the endpoints are enabled for proxy use on the federation server. |
| 217 | BindingConfigurationError | A WS-Trust endpoint that was configured could not be opened. Additional Data Address: %1 Mode: %2 Error: %3 |
| 218 | FsProxyServiceConnectionFailedServiceUnavailable | The federation server proxy received error code '%2' while making a request to the Federation Service at '%1'. This could mean that the Federation Service is not started on the remote host. User Action Verify that the Federation Service is running on the remote host. |
| 220 | ServiceConfigurationInitializationError | The Federation Service configuration could not be loaded correctly from the AD FS configuration database. Additional Data Error: %1 |
| 221 | ServiceConfigurationReloadError | A change to the token service configuration was detected, but there was an error reloading the changes to configuration. Additional Data Error: %1 |
| 222 | FsProxyServiceConnectionFailedTimeout | The federation server proxy was unable to complete a request to the Federation Service at address '%1' because of a time-out. This might mean that the Federation Service is currently unavailable. User Action Verify that the Federation Service is running. |
| 223 | ClaimDescriptionReloadError | Claim description could not be loaded correctly from the database. Additional Data Error: %1 |
| 224 | ProxyConfigurationInitializationError | The federation server proxy configuration could not be loaded correctly from the configuration file '%1'. Additional Data Error: %2 User Action: A configuration element specified in the data above is misconfigured. Correct the specified error in the AD FS configuration database. |
| 230 | ProxyCongestionWindowMinimumSize | The federation server proxy has detected congestion, caused by high latency response times, on the Federation Service. The load might be above the Federation Service operating capacity, or there might be network connectivity issues. Request throttling has been enforced to limit the number of concurrent requests to the following size: %1. User Action Verify that the Federation Service is operating within its operating capacity. Verify that the Federation Service is not experiencing network outages. |
| 238 | AttributeStoreFindDCFailedError | The Federation Service failed to find a domain controller for the domain %1. Additional Data Domain Name: %1 Error: %2 User Action Use Nltest to determine why DC locator is failing. Nltest is part of the Windows Support Tools. |
| 244 | MetadataExchangeListenerError | The Federation Service was unable to listen at '%1' for WS-MetadataExchange requests due to an unexpected error. Additional Data %Exception details: %2 |
| 245 | ProxyMetadataRetrieved | The federation server proxy successfully retrieved its configuration from the Federation Service '%1'. |
| 246 | LdapDCConnectionError | The Federation Service encountered an error during an attempt to connect to a LDAP server at %1. Additional Data Domain Name: %1 LDAP server hostname: %2 Error from LDAP server: %3 Exception Details: %4 User Action Check the network connectivity to the LDAP server. Also, check whether the LDAP server is configured properly. |
| 247 | LdapGCConnectionError | The Federation Service encountered an error while connecting to a global catalog server at %1. Additional Data Domain Name: %1 Global Catalog hostname (if available): %2 Error from server (if available): %3 Exception Details: %4 User Action Troubleshoot the network connectivity to the global catalog server. Also, verify that the global catalog server is configured properly. |
| 248 | ProxyEndpointsRetrievalError | The federation server proxy was not able to retrieve the list of endpoints from the Federation Service at %1. The error message is '%2'. User Action Make sure that the Federation Service is running. Troubleshoot network connectivity. If the trust between the federation server proxy and the Federation Service is lost, run the Federation Server Proxy Configuration Wizard again. |
| 249 | AdditionalCertificateLoadWarning | The certificate identified by thumbprint '%1' could not be found in the certificate store. In certificate rollover scenarios, this can potentially cause a failure when the Federation Service is signing or decrypting using this certificate. User Action Ensure that the certificate that is identified by thumbprint '%1' has been added to the Localmachine "My" store and that it is accessible by the service account of the Federation Service. |
| 250 | ArtifactExpirationError | Expiration of the artifact failed. Additional Data Exception message: %1 User Action Ensure that the artifact storage server is configured properly. Troubleshoot network connectivity to the artifact storage server. |
| 251 | AttributeStoreLoadSuccess | Attribute store '%1' is loaded successfully. |
| 252 | ProxyHttpListenerStartupInfo | The AD FS proxy service made changes to the endpoints it is listening on based on the configuration it retrieved from the Federation Service. Endpoints added: %1 Endpoints removed: %2 |
| 253 | ProxyHttpListenerStartupError | AD FS proxy service failed to start a listener for the endpoint '%1' Exceptiondetails: %2 User action: Ensure that no conflicting SSL bindings are configured for the specified endpoint. |
| 258 | ConfigurationMissingAssertionConsumerServicesError | The relying party '%1' is not configured with SAML Assertion Consumer Services. Relying party: %1 This request failed. User Action Use the AD FS Management snap-in to configure one or more Assertion Consumer Services for this relying party. |
| 259 | ConfigurationAssertionConsumerServiceIndexDoesNotMatchError | The request specified an Assertion Consumer Service index '%1' that is not configured on the relying party '%2'. Assertion Consumer Service index: %1 Relying party: %2 This request failed. User Action Use the AD FS Management snap-in to configure an Assertion Consumer Service with the specified index for this relying party. |
| 260 | ConfigurationAssertionConsumerServiceProtocolBindingDoesNotMatchError | The request specified an Assertion Consumer Service protocol binding '%1' that is not configured on the relying party '%2'. Assertion Consumer Service protocol binding: %1 Relying party: %2 This request failed. User Action Use the AD FS Management snap-in to configure an Assertion Consumer Service with the specified protocol binding for this relying party. |
| 261 | ConfigurationAssertionConsumerServiceUrlDoesNotMatchError | The request specified an Assertion Consumer Service URL '%1' that is not configured on the relying party '%2'. Assertion Consumer Service URL: %1 Relying party: %2 This request failed. User Action Use the AD FS Management snap-in to configure an Assertion Consumer Service with the specified URL for this relying party. |
| 262 | ArtifactResolutionFailed | The artifact resolution request failed. Additional Data Exception message: %1 |
| 273 | ConfigurationAssertionConsumerServiceNotFoundError | The request specified an assertion consumer service that is not configured or not supported on the relying party '%4'. Request parameters: '%1', '%2', '%3' Relying party: %4 This request failed. User Action Use the AD FS Management snap-in to configure an assertion consumer service with the specified parameters for this relying party. Also, check whether the artifact resolution service is enabled if the SAML artifact is requested. |
| 274 | FsProxyEndpointListenerAccessDeniedError | The federation server proxy encountered an error while trying to listen on one of the proxy endpoints. The federation server proxy will not be able to start until it can listen on all required proxy endpoints. Proxy Endpoints: %1 User Action Ensure that the permissions on the URLs of the proxy endpoints allow the federation server proxy security account (the default is Network Service) to listen on them. |
| 275 | FsProxySslTrustError | The federation server proxy could not establish a trust relationship for the SSL secure channel with the Federation Service %1. Error Message: %2 User Action Ensure that the SSL certificate for Federation Service '%1' is valid and trusted by the federation server proxy. |
| 276 | FsProxyServiceNotTrustedOnStsError | The federation server proxy was not able to authenticate to the Federation Service. User Action Ensure that the proxy is trusted by the Federation Service. To do this, log on to the proxy computer with the host name that is identified in the certificate subject name and re-establish trust between the proxy and the Federation Service using the Install-WebApplicationProxy cmdlet. Additional Data Certificate details: Subject Name: %1 Thumbprint: %2 NotBefore Time: %3 NotAfter Time: %4 |
| 277 | UnhandledExceptionError | The Federation Service encountered an unexpected exception and has shut down. Additional Data Exception details: %1 |
| 278 | ArtifactResolutionEndpointNotConfiguredError | The SAML artifact resolution endpoint is not configured or it is disabled. The artifact resolution service is not started. User Action If the artifact resolution service is required, use the AD FS Management snap-in to configure or enable the SAML artifact resolution endpoint. |
| 279 | SamlArtifactResolutionClaimsProviderNotFoundError | Unable to find a claims provider trust for SAML artifact resolution in the AD FS configuration database. SAML artifact: %1 This request failed. User Action Verify that a claims provider trust exists in the AD FS configuration database. Make sure that the data for the claims provider trust is up to date. |
| 280 | ClaimsProviderMissingArtifactServiceError | Unable to resolve the SAML artifact from the claims provider because the claims provider trust does not have the artifact resolution service configured. Claims provider trust: %1 This request failed. User Action Verify that the claims provider trust in the AD FS configuration database is up to date. Add the artifact resolution service endpoint to the claims provider trust. |
| 281 | SamlArtifactResolutionEndpointNotFoundError | Unable to resolve the SAML artifact from the claims provider because the claims provider trust does not have the required artifact resolution endpoint with the specified index configured. Claims provider trust: %1 Required endpoint index: %2 This request failed. User Action Verify that the claims provider trust in the AD FS configuration database is up to date. Use the AD FS Management snap-in to configure the artifact resolution endpoint with the specified index. |
| 282 | SamlArtifactResolutionSignatureVerificationFailureAudit | Unable to resolve the SAML artifact. Verification of the artifact response signature failed. Claims provider: %1 This request failed. User Action Verify that the claims provider trust in the AD FS configuration database is up to date using AD FS Management snap-in. Verify that the claims provider trust's certificate is up to date. |
| 283 | SamlArtifactResolutionRequestError | Unable to resolve the SAML artifact. The artifact resolution request to the claims provider failed. See inner exception for more details. SAML Artifact: %1 Claims provider: %2 Inner exception: %3 This request failed. User Action Verify that the claims provider trust in the AD FS configuration database is up to date. Verify network connectivity. Verify your proxy server setting. For more information about how to verify your proxy server setting, see the AD FS Troubleshooting Guide (http://go.microsoft.com/fwlink/?LinkId=182180). |
| 284 | SamlArtifactResolutionResponseVerificationError | Unable to resolve the SAML artifact. A malformed response was received from the claims provider. See inner exception for more details. SAML artifact: %1 Claims provider: %2 This request failed. User Action Verify that the claims provider trust in the AD FS configuration database is up to date. |
| 285 | SamlArtifactResolutionBadResponseError | The SAML artifact was resolved, but the response is empty or does not contain expected assertions. SAML artifact: %1 Claims provider: %2 This request failed. User Action For more information, contact the claims provider. |
| 286 | ArtifactStorageConnectionOpenError | Cannot connect to the artifact database. Connection string: %1 Error message: %2 User Action Ensure that the artifact database is configured properly. Use the Set-ADFSProperties cmdlet with the ArtifactDbConnection parameter in the Windows PowerShell for AD FS to modify the connection string, if necessary. Troubleshoot the connectivity to the artifact storage . |
| 287 | ArtifactStorageAddError | Cannot add the artifact to the artifact database. See exception message for more details. Artifact ID: %1 Inner exception details: %2 User Action Ensure that the artifact database is configured properly. Troubleshoot the connectivity to the artifact database. |
| 288 | ArtifactStorageGetError | Cannot get the artifact from storage. See exception message for more details. ArtifactId: %1 Inner exception details: %2 User Action Ensure that the artifact storage in the AD FS configuration database is configured properly. Troubleshoot connectivity to the artifact storage in the AD FS configuration database. |
| 289 | ArtifactStorageRemoveError | Cannot remove the artifact from storage. See inner exception message for more details. ArtifactId: %1 Inner exception details: %2 User Action Ensure that the artifact storage in the AD FS configuration database is configured properly. Troubleshoot connectivity to the artifact storage in the AD FS configuration database. |
| 290 | ArtifactStorageExpireError | Cannot set expiration for the artifacts in storage. See inner exception message for more details. Inner exception details: %1 User Action Ensure that the artifact storage in the AD FS configuration database is configured properly. Troubleshoot connectivity to the artifact storage in the AD FS configuration database. |
| 291 | ArtifactServiceStartupException | The artifact resolution service could not be started. Additional Data Exception details: %1 User Action Make sure artifact resolution service is properly configured. |
| 292 | ArtifactResolutionServiceSignatureVerificationFailureAudit | The Artifact Resolution Service could not verify request signature. Additional Data Exception details: %1 |
| 293 | ArtifactRequestedButDisabledError | A SAML request for the required artifact was rejected because the artifact resolution service is not enabled. Relying party: %1 This request failed. User Action Enable the artifact resolution service. Use the AD FS Management snap-in to configure or enable the SAML artifact resolution endpoint. |
| 294 | ArtifactResolutionServiceIdentityNotFoundError | The SAML artifact resolution request specified an issuer that is not configured for the relying party. Relying party: %1 Artifact resolution request issuer: %2 This artifact resolution request failed. User Action Ensure that the relying party is configured properly using the AD FS Management snap-in. |
| 296 | ArtifactResolutionServiceNoSignatureFailureAudit | A SAML artifact resolution request was received without a signature. Request issuer: %1 This artifact resolution request failed. |
| 297 | ArtifactResolutionServiceBadEndpointIndexError | The SAML artifact resolution request required an artifact resolution service endpoint with an index that is not configured. Endpoint index: %1 Configured endpoint index: %2 This artifact resolution request failed. |
| 299 | TokenIssuanceSuccessAudit | A token was successfully issued for the relying party '%3'. See audit 500 with the same Instance ID for issued claims. See audit 501 with the same Instance ID for caller identity. See audit 502 with the same Instance ID for OnBehalfOf identity, if any. See audit 503 with the same Instance ID for ActAs identity, if any. Instance ID: %1 Activity ID: %2 Relying party: %3 |
| 300 | WSTrustRequestProcessingGeneralTokenIssuanceFailureAudit | The Federation Service failed to issue a token as a result of an error during processing of the WS-Trust request. Activity ID: %1 Request type: %2 Additional Data Exception details: %3 |
| 301 | ActAsAuthorizationTokenIssuanceFailureAudit | The Federation Service could not authorize token issuance for the caller '%3' as the subject '%4' to the relying party '%5'. See audit 501 with the same Instance ID for caller identity. See audit 503 with the same Instance ID for ActAs identity, if any. Additional Data Instance ID: %1 Activity ID: %2 Relying party: %5 |
| 302 | ActAsAuthorizationError | The Federation Service could not authorize token issuance for caller '%2' as subject '%3' to the relying party '%4'. See event 501 with the same Instance ID for caller identity. See event 503 with the same Instance ID for ActAs identity, if any. Additional Data Instance ID: %1 Relying party: %4 Exception details: %5 User Action Use the AD FS Management snap-in to ensure that the caller is authorized to act as the subject to the relying party. |
| 303 | SamlRequestProcessingError | The Federation Service encountered an error while processing the SAML authentication request. Additional Data Exception details: %1 |
| 304 | SamlRequestProcessingGeneralTokenIssuanceFailureAudit | The Federation Service failed to issue a token as a result of an error during processing of the SAML authentication request. Additional Data Activity ID: %1 Exception details: %2 |
| 305 | LdapDCServerError | The Federation Service encountered an error while querying a LDAP server at %1. Additional Data Domain name: %1 LDAP server hostname (if available): %2 Error from LDAP server (if available): %3 Exception Details: %4 |
| 306 | LdapGCServerError | The Federation Service encountered an error while querying a global catalog server at %1. Additional Data Domain name: %1 Global catalog server hostname (if available): %2 Error from server (if available): %3 Exception Details: %4 |
| 307 | ConfigurationChangeSuccessAudit | The Federation Service configuration was changed. Subject: Security ID: %2 Account: %3 See audit 510 with the same Instance ID for change details. Additional Data Instance ID: %1 Security ID: %2 Account: %3 |
| 308 | ConfigurationChangeFailureAudit | An attempt to change the Federation Service configuration failed. Error: %1 Subject: Security ID: %2 Account: %3 |
| 309 | WmiConfigurationChangeSuccessAudit | The Federation Service configuration was changed. Subject: Security ID: %1 Account: %2 Old Value: %3 New Value: %4 |
| 310 | WmiConfigurationChangeFailureAudit | An attempt to change the Federation Service configuration failed. Error : %1 Subject: Security ID: %2 Account: %3 Current Value: %4 Attempted Change: %5 |
| 311 | PerformanceCounterFailure | An attempt to update AD FS performance counters failed. Additional Data Exception details: %1 |
| 315 | ClaimsProviderSigningCertificateCrlCheckFailure | An error occurred during an attempt to build the certificate chain for the claims provider trust '%1' certificate identified by thumbprint '%2'. Possible causes are that the certificate has been revoked, the certificate chain could not be verified as specified by the claims provider trust's signing certificate revocation settings or certificate is not within its validity period. You can use Windows PowerShell commands for AD FS to configure the revocation settings for the claims provider trust's signing certificate. Claims provider trust's signing certificate revocation settings: %3 The following errors occurred while building the certificate chain: %4 User Action: Ensure that the claims provider trust's signing certificate is valid and has not been revoked. Ensure that AD FS can access the certificate revocation list if the revocation setting does not specify "none" or a "cache only" setting. Verify your proxy server setting. For more information about how to verify your proxy server setting, see the AD FS Troubleshooting Guide (http://go.microsoft.com/fwlink/?LinkId=182180). |
| 316 | RelyingPartySigningCertificateCrlCheckFailure | An error occurred during an attempt to build the certificate chain for the relying party trust '%1' certificate identified by thumbprint '%2'. Possible causes are that the certificate has been revoked, the certificate chain could not be verified as specified by the relying party trust's signing certificate revocation settings or certificate is not within its validity period. You can use Windows PowerShell commands for AD FS to configure the revocation settings for the relying party signing certificate. Relying party trust's signing certificate revocation settings: %3 The following errors occurred while building the certificate chain: %4 User Action: Ensure that the relying party trust's signing certificate is valid and has not been revoked. Ensure that AD FS can access the certificate revocation list if the revocation setting does not specify "none" or a "cache only" setting. Verify your proxy server setting. For more information about how to verify your proxy server setting, see the AD FS Troubleshooting Guide (http://go.microsoft.com/fwlink/?LinkId=182180). |
| 317 | RelyingPartyEncryptionCertificateCrlCheckFailure | An error occurred during an attempt to build the certificate chain for the relying party trust '%1' certificate identified by thumbprint '%2'. Possible causes are that the certificate has been revoked, the certificate chain could not be verified as specified by the relying party trust's encryption certificate revocation settings or certificate is not within its validity period. You can use Windows PowerShell commands for AD FS to configure the revocation settings for the relying party encryption certificate. Relying party trust's encryption certificate revocation settings: %3 The following errors occurred while building the certificate chain: %4 User Action: Ensure that the relying party trust's encryption certificate is valid and has not been revoked. Ensure that AD FS can access the certificate revocation list if the revocation setting does not specify "none" or a "cache only" setting. Verify your proxy server setting. For more information about how to verify your proxy server setting, see the AD FS Troubleshooting Guide (http://go.microsoft.com/fwlink/?LinkId=182180). |
| 319 | ClientCertificateCrlCheckFailure | An error occurred while the certificate chain for the client certificate identified by thumbprint '%1' was being built. The certificate chain could not be built. The certificate has been revoked, the certificate chain could not be verified as specified by the encryption certificate revocation settings or certificate is not within its validity period. You can use the Set-ADFSProperties cmdlet with the ProxyCertRevocationCheck parameter in Windows PowerShell for AD FS to configure the client certificate revocation settings. Client Certificate Revocation Settings: %2 The following errors occurred while building the certificate chain: %3 User Action: Ensure that the client certificate is valid and has not been revoked. Ensure that the Federation Service can access the certificate revocation list if the revocation setting does not specify "none" or a "cache only" setting. Verify your proxy server setting. For more information about how to verify your proxy server setting, see the AD FS Troubleshooting Guide (http://go.microsoft.com/fwlink/?LinkId=182180). |
| 320 | SamlProtocolSignatureVerificationError | The verification of the SAML message signature failed. Message issuer: %1 Exception details: %2 This request failed. User Action Verify that the message issuer configuration in the AD FS configuration database is up to date. Configure the signing certificate for the specified issuer. Verify that the issuer's certificate is up to date. Verify the issuer and server message signing requirements. |
| 321 | InvalidNameIdPolicyError | The SAML authentication request had a NameID Policy that could not be satisfied. Requestor: %1 Name identifier format: %2 SPNameQualifier: %3 Exception details: %4 This request failed. User Action Use the AD FS Management snap-in to configure the configuration that emits the required name identifier. |
| 322 | OnBehalfOfAuthorizationTokenIssuanceFailureAudit | The Federation Service could not authorize token issuance for the caller '%3' on behalf of the subject '%4' to the relying party '%5'. See audit 501 with the same Instance ID for caller identity. See audit 502 with the same Instance ID for OnBehalfOf identity, if any. Additional Data Instance ID: %1 Activity ID: %2 Relying party: %5 |
| 323 | OnBehalfOfAuthorizationError | The Federation Service could not authorize token issuance for the caller '%2' on behalf of the subject '%3' to the relying party '%4'. See event 501 with the same Instance ID for caller identity. See event 502 with the same Instance ID for OnBehalfOf identity, if any. Additional Data Instance ID: %1 Exception details: %5 User Action Use the Windows PowerShell Get-ADFSClaimsProviderTrust or Get-ADFSRelyingPartyTrust cmdlet to ensure the caller is authorized on behalf of the subject to the relying party. |
| 324 | CallerAuthorizationTokenIssuanceFailureAudit | The Federation Service could not authorize token issuance for caller '%3' to relying party '%4'. See audit 501 with the same Instance ID for caller identity. Additional Data Instance ID: %1 Activity ID: %2 Relying party: %4 |
| 325 | CallerAuthorizationError | The Federation Service could not authorize token issuance for caller '%2'. The caller is not authorized to request a token for the relying party '%3'. See event 501 with the same Instance ID for caller identity. Additional Data Instance ID: %1 Relying party: %3 Exception details: %4 User Action Use the AD FS Management snap-in to ensure that the caller is authorized to request a token for the relying party. |
| 326 | ClaimsPolicyInvalidPolicyTypeError | Failed to load the AD FS claims policy engine using policy type '%1' User Action Make sure AD FS is installed correctly. |
| 327 | SamlSingleLogoutError | An error occurred during processing of the SAML logout request. Additional Data Caller identity: %1 Logout initiator identity: %2 Error message: %3 Exception details: %4 User Action Ensure that the single logout service is configured properly for this relying party trust or claims provider trust in the AD FS configuration database. |
| 328 | SamlArtifactResolutionNoAssertion | The SAML artifact resolution request was resolved, but the response does not contain the expected assertions. Additional Data: SAML artifact: %1 Status code: %2 SubStatus code: %3 Status message: %4 This request failed. User Action Contact the claims provider for more information. |
| 329 | AdditionalBlobCertificateLoadWarning | The certificate that is identified by thumbprint '%1' could not be decrypted using the keys for X.509 certificate private key sharing. Additional Data: X.509 certificate private key sharing diagnosis: %2 User Action You may have to restore all Active Directory objects underneath the specified distinguished name in the diagnostic information above for X.509 certificate private key sharing. |
| 331 | CertificateManagementDecryptionError | The certificate management service encountered an error during decryption of the keys. storeName: %2 storeLocation: %1 x509FindType: %4 findValue: %3 Additional Data: X.509 certificate private key sharing diagnosis: %5 User Action You may have to restore all Active Directory objects underneath the distinguished name that is specified in the diagnosis for X.509 certificate private key sharing above. |
| 332 | CertificateManagementEncryptionError | The certificate management service encountered an error during encryption of the keys. Subject: %1 Diagnosis: %2 User Action You may have to restore all Active Directory objects underneath the distinguished name that is specified in the diagnosis above for X.509 certificate private key sharing. |
| 333 | CertificateManagementConfigurationError | The certificate management service encountered an error during database access. Additional Data: Diagnosis: %1 User Action Confirm that the SQL store is online. |
| 334 | CertificateManagementWarning | Certificate rollover service needs to rollover %1 certificates urgently. Partners will not be able to apply the update in time. |
| 335 | CertificateManagementInfo | %1 |
| 336 | CertificateManagementInitiated | The certificate management cycle was initiated. |
| 337 | CertificateManagementComplete | The certificate management cycle was completed. |
| 338 | CertificateManagementGenericError | An error was encountered during certificate rollover. The monitoring cycle was shut down. Additional Data Exception details: %1 Additional details: %2 |
| 339 | CertificateManagementInitiationError | An error occurred during initialization of certificate rollover. Certificates will not be rolled over. Additional Data Exception details: %1 |
| 340 | ArtifactResolutionSuccessAudit | An SAML artifact resolution request was successfully resolved for the relying party '%1'. Relying party: %1 SAML artifact: %2 |
| 341 | SecurityTokenNotYetValidError | The NotBefore attribute for the token has a value that is set to a future time. See inner exception for more details. Additional Data Token Type: %1 Exception details: %2 This request failed. User Action Verify that system clock is synchronized. |
| 342 | SecurityTokenValidationError | Token validation failed. Additional Data Token Type: %1 %Error message: %2 Exception details: %3 |
| 343 | ConfigurationDatabaseSynchronizationInitiationError | There was an error during initialization of synchronization. Synchronization of data from the primary federation server to the secondary federation server will not occur. Additional Data Exception details: %1 |
| 344 | ConfigurationDatabaseSynchronizationSyncError | There was an error doing synchronization. Synchronization of data from the primary federation server to a secondary federation server did not occur. Additional data Exception details: %1 User Action Make sure the primary federation server is available or the service account identity of this machine matches the service account identity of the primary federation server. |
| 345 | ConfigurationDatabaseSynchronizationCommunicationError | There was a communication error during AD FS configuration database synchronization. Synchronization of data from the primary federation server to a secondary federation server did not occur. Additional Data Master Name : %1 Endpoint Uri : %2 Exception details: %3 |
| 346 | ConfigurationDatabaseReadOnlyTransferError | There was an error during retrieving the configuration data for the secondary federation server. Additional Data Exception details: %1 |
| 348 | ConfigurationDatabaseSynchronizationCompleted | Synchronization of configuration data from the primary federation server '%1' is completed. %2 objects were added. %3 objects were deleted. |
| 349 | FsAdministrationServiceStart | The administration service for the Federation Service started successfully. You can now use the Windows Powershell commands for AD FS to modify the Federation Service configuration. The following service hosts have been added: %1 |
| 351 | PolicyStoreSynchronizationPropertiesGetError | There was an error getting synchronization properties. Additional Data Exception details: %1 |
| 352 | ConfigurationDatabaseSqlError | A SQL operation in the AD FS configuration database with connection string %1 failed. Additional Data Exception details: %2 |
| 353 | SamlArtifactResolutionSignatureVerificationError | Unable to resolve the SAML artifact. Verification of the artifact response signature failed. Claims provider: %1 Exception details: %2 This request failed. User Action Verify that the claims provider trust in the AD FS configuration database is up to date. Verify that the claims provider trust's signing certificate is up to date. |
| 354 | ArtifactResolutionServiceSignatureVerificationError | The artifact resolution service could not verify the request signature. Additional Data Exception details: %1 User action: Verify that the relying party trust in the AD FS configuration database is up to date. Configure the relying party certificate for request signing. Verify that relying party certificate is up to date. |
| 356 | SqlNotificationRegistrationError | Failed to register notification to the SQL database with the connection string %1 for cache type '%2'. Changes to settings may not take effect until the Federation Service restarts. Additional Data Exception details: %3 |
| 357 | SqlNotificationRegistrationResumption | Successfully registered notification to the SQL database with the connection string %1. |
| 358 | ServiceHostRestart | Restarting %1. This restart is necessary because a change was detected in the certificates that this service host uses. Requests that are served by endpoints of this service host may fail during restart. |
| 359 | ServiceHostRestartError | An error occurred during an attempt to restart %1. Additional Data Exception details: %2 User Action Restart the Federation Service to recover from the error. |
| 360 | ClientCertificateNotPresentOnProxyEndpointError | A request was made to a certificate transport endpoint, but the request did not include a client certificate. This could be because the root CA certificate that issued the client certificate is not in the Trust CA certificate store or because the client certificate is expired. User Action: Ensure that the CA that issued the client certificate in this request has its certificate in the Trusted Root Certificate Authority store on the Local Computer. Ensure that the client certificate is not expired. |
| 362 | WSFederationPassiveSignOutError | Encountered error during federation passive sign-out. Additional Data Exception details: %1 |
| 363 | WSFederationPassiveServiceCommunicationError | A communication error occurred during an attempt to get a token from the Federation Service. Make sure that the Federation Service is running. Additional Data Exception details: %1 |
| 364 | WSFederationPassiveRequestFailedError | Encountered error during federation passive request. Additional Data Protocol Name: %1 Relying Party: %2 Exception details: %3 |
| 365 | RelyingPartyNotEnabled | A token request was received for the relying party '%1', but the request could not be fulfilled because the relying party trust is not enabled. Relying party: %1 This request failed. User Action If this relying party trust should be enabled, enable it by using the AD FS Management snap-in or Windows PowerShell for AD FS. |
| 366 | ClaimsProviderNotEnabled | A token was received from claims provider '%1', but the token could not be validated because the claims provider trust is not enabled. Claims provider: %1 This request failed. User Action If this claims provider trust should be enabled, enable it by using the AD FS Management snap-in or Windows PowerShell for AD FS. |
| 367 | AudienceUriValidationFailed | The audience restriction was not valid because the specified audience identifier is not present in the acceptable identifiers list of this Federation Service. User Action See the exception details for the audience identifier that failed validation. If the audience identifier identifies this Federation Service, add the audience identifier to the acceptable identifiers list by using Windows PowerShell for AD FS. Note that the audience identifier is used to verify whether the token was sent to this Federation Service. If you think that the audience identifier does not identify your Federation Service, adding it to the acceptable identifiers list may open a security vulnerability in your system. Additional Data Token Type: %1 Exception details: %2 |
| 368 | SamlLogoutNameIdentifierNotFoundError | The SAML Single Logout request does not correspond to the logged-in session participant. Requestor: %1 Request name identifier: %2 Logged-in session participants: %3 This request failed. User Action Verify that the claim provider trust or the relying party trust configuration is up to date. If the name identifier in the request is different from the name identifier in the session only by NameQualifier or SPNameQualifier, check and correct the name identifier policy issuance rule using the AD FS Management snap-in. |
| 369 | WSFederationPassiveTtpRequestError | Processing TTP request failed with the following exception. Additional Data Exception details: %1 User Action Ensure that user has enabled cookies in browser settings. |
| 370 | WSFederationPassiveTtpResponseError | Incoming TTP response is not valid. Processing response failed with following exception. Additional Data Exception details: %1 User Action Ensure that partner federation provider is configured properly to send valid TTP response. |
| 371 | AuthorityCertificateResolveError | Cannot find certificate to validate message/token signature obtained from claims provider. Claims provider: %1 This request failed. User Action Check that Claim Provider Trust configuration is up to date. |
| 372 | WeakSignatureAlgorithmError | Authentication Failed. The token used to authenticate the user is signed using a weaker signature algorithm than expected. Additional Data Token Type: %1 Issuer: %2 Actual token signature algorithm: %3 Expected token signature algorithm: %4 User Action Check that Claim Provider is configured to accept tokens with expected signature algorithm. Use the AD FS PowerShell commands to configure the signature algorithm property. |
| 373 | ArtifactResolutionServiceWeakSignatureAlgorithmError | The artifact request from the replying party is signed with a weaker signature algorithm. Additional Data Relying party identity: %1 Actual message signature algorithm: %2 Expected message signature algorithm: %3 User action: Check that relying party is configured to accept artifact resolution request with expected signature algorithm. Use the AD FS PowerShell commands to configure the signature algorithm property. |
| 374 | AuthorityEncryptionCertificateCrlCheckFailure | An error occurred while building the certificate chain for the claims provider trust '%1' certificate identified by thumbprint '%2'. The certificate chain could not be built, the certificate has been revoked, or the certificate chain could not be verified as specified by the claims provider trust's encryption certificate revocation settings. AD FS powershell commands can be used to configure the claims provider trust encryption certificate revocation settings. Claims Provider Trust Encryption Certificate Revocation Settings: %3 The following errors occurred while building the certificate chain: %4 User Action: Ensure that the claims provider trust's encryption certificate is valid and has not been revoked. Ensure that AD FS can access the certificate revocation list if the revocation setting does not specify "none" or a "cache only" setting. Verify your proxy server setting. For more information about how to verify your proxy server setting, see the AD FS Troubleshooting Guide (http://go.microsoft.com/fwlink/?LinkId=182180). |
| 375 | PolicyStoreSynchronizationInitiated | Policy store synchronization initiated. |
| 376 | SqlAttributeStoreQueryExecutionError | An Error occurred while executing a query in SQL attribute store. Additional Data Connection information: %1 Query: %2 Parameters: %3 User Action Examine the exception details to take one or more of the following actions if applicable. Verify that the connection string to the SQL attribute store is valid. Make sure that the SQL attribute store can be reached by the connection string and the SQL attribute store exists. Verify that the SQL query and parameters are valid. Exception details: %4 |
| 377 | AttributeStoreError | A processing error occurred in an attribute store. User Action Exception details: %1 |
| 378 | SAMLRequestUnsupportedSignatureAlgorithm | SAML request is not signed with expected signature algorithm. SAML request is signed with signature algorithm %1 . Expected signature algorithm is %2 User Action: Verify that signature algorithm for the partner is configured as expected. |
| 379 | InvalidIssuanceInstantError | A security token was rejected as the specified IssueInstant was before the allowed time frame. Token Type: %1 User Action: To allow tokens for a larger timeframe, use the AD FS PowerShell commands to adjust the value of the ReplayCacheExpirationInterval. |
| 380 | BadConfigurationIdentityCertificateNotValid | During processing of the Federation Service configuration, the element '%1' was found to have invalid data. The certificate that was configured could not be used. The certificate has been revoked, the certificate chain could not be verified or certificate is not within its validity period. The following are the values of the certificate: Element: %1 Subject: %2 Thumbprint: %3 The Federation Service will not be able to start until this configuration element is corrected. User Action Verify whether the certificate chain for the certificate configured has been revoked by its certificate authority. If the certificate has been revoked or expired, the AD FS service must be issued a new certificate. |
| 381 | AdditionalCertificateValidationFailure | An error occurred during an attempt to build the certificate chain for configuration certificate identified by thumbprint '%1'. Possible causes are that the certificate has been revoked or certificate is not within its validity period. The following errors occurred while building the certificate chain: %2 User Action: Ensure that the certificate is valid and has not been revoked or expired. |
| 382 | SynchronizationThresholdViolation | AD FS detected that the Federation Service has more than %1 %2 trusts configured and that the data in the AD FS configuration database for this Federation Service is stored and synchronized using Windows Internal Database technology. The overall performance of data synchronization between configuration databases that are stored locally on federation servers across the farm will degrade as you add more than %1 trusts when you use the Windows Internal Database to store the AD FS configuration database. User Action: To improve synchronization performance across your federation server farm, we recommend that you migrate the data in the AD FS configuration database to SQL server. For more information about how to do this, see AD FS Operations Guide (http://go.microsoft.com/fwlink/?LinkId=181189). |
| 383 | WSFederationPassiveWebConfigMalformedError | The Web request failed because the web.config file is malformed. User Action: Fix the malformed data in the web.config file. Exception details: %1 |
| 384 | WSFederationPassiveInvalidValueInWebConfigError | The request to the Federation Service failed because the web.config file has an invalid configuration for '%1' that the Federation Service does not support. User Action: Ensure that the configuration of the property '%1' is supported by the Federation Service. |
| 385 | ConfigurationHasExpiredCertsWarning | AD FS detected that one or more certificates in AD FS configuration database need to be updated manually because they are expired, or will expire soon. See additional details for more information Additional Details: %1 |
| 386 | ConfigurationHealthyCertsInfo | AD FS detected that none of the service certificates that are configured to be managed by the administrator are due to expire. |
| 387 | CertPrivateKeyInaccessibleError | AD FS detected that one or more of the certificates specified in the Federation Service were not accessible to the service account used by the AD FS Windows Service. User Action: Ensure that the AD FS service account has read permissions on the certificate private keys. Additional Details: %1 |
| 388 | CertPrivateKeyAccessibleInfo | AD FS detected that all the service certificates have appropriate access given to the AD FS service account. |
| 389 | TrustsHaveExpiredCertsWarning | AD FS detected that one or more of your trusts require their certificates to be updated manually because they are expired, or will expire soon. See additional details for more information Additional Details: %1 |
| 390 | TrustsHaveHealthyCertsInfo | AD FS detected that none of the partner certificates that are configured to be managed by the administrator are due to expire. |
| 391 | FsProxyTrustTokenRetrievalSuccess | The federation server proxy was able to successfully establish a trust with the Federation Service. |
| 392 | FsProxyTrustTokenRenewalSuccess | The federation server proxy was able to renew its trust with the Federation Service. |
| 393 | FsProxyTrustTokenRetrievalError | The federation server proxy could not establish a trust with the Federation Service. Additional Data Exception details: %1 User Action Ensure that the credentials being used to establish a trust between the federation server proxy and the Federation Service are valid and that the Federation Service can be reached. |
| 394 | FsProxyTrustTokenRenewalError | The federation server proxy could not renew its trust with the Federation Service. Additional Data Exception details: %1 User Action Ensure that the federation server proxy is trusted by the Federation Service. If the trust does not exist or has been revoked, establish a trust between the proxy and the Federation Service using the Federation Service Proxy Configuration Wizard by logging on to the proxy computer. |
| 395 | ProxyTrustTokenIssuanceSuccess | The trust between the federation server proxy and the Federation Service was established successfully using the account '%1'. Proxy trust id: %2. |
| 396 | ProxyTrustTokenRenewalSuccess | The trust between the federation server proxy and the Federation Service was renewed successfully. |
| 397 | HttpProxyConfigurationInfo | The federation server loaded the HTTP proxy configuration from WinHTTP settings. HTTP Proxy: %1 HTTPS Proxy: %2 Bypass proxy for local addresses: %3 Bypass proxy for addresses: %4 To learn more about how to set the HTTP proxy settings for the federation server, see http://go.microsoft.com/fwlink/?LinkId=182180. |
| 398 | ConfigurationHasArchivedCertsWarning | AD FS detected that one or more certificates in the AD FS configuration database need to be updated manually because they are archived. Additional Details: %1 |
| 399 | ConfigurationHealthyUnarchivedCertsInfo | AD FS detected that none of the service certificates that are configured to be managed by the administrator are archived. |
| 400 | GiveUserVSSAccess | VSS writer permissions have been granted to user %1. |
| 401 | RevokeUserVSSAccess | VSS writer permissions have been revoked from user %1. |
| 402 | CertificateClaimUnknownError | Failed to add some of the certificate claims. |
| 403 | RequestReceivedSuccessAudit | An HTTP request was received. Activity ID: %1 Request Details: Date And Time: %2 Client IP: %3 HTTP Method: %4 Url Absolute Path: %5 Query string: %6 Local Port: %7 Local IP: %8 User Agent: %9 Content Length: %10 Caller Identity: %11 Certificate Identity (if any): %12 Targeted relying party: %13 Through proxy: %14 Proxy DNS name: %15 |
| 404 | ResponseSentSuccessAudit | An HTTP response was dispatched with: Activity ID: %1 Response Details: Date And Time: %2 Status Code: %3 Status Description: %4 |
| 405 | PasswordChangeSuccessAudit | Password change succeeded for following user: Activity ID: %1 User: %2 Device Certificate: %3 Device ID: %4 Device Name: %5 Server on which password change was attempted: %6 |
| 406 | PasswordChangeFailureAudit | Password change failed for following user: Additional Data Activity ID: %1 User: %2 Device Certificate: %3 Server on which password change was attempted: %4 Client IP: %6 Error details: %5 |
| 407 | PasswordChangeError | Password change failed for following user: Additional Data User: %1 Device Certificate: %2 Server on which password change was attempted: %3 Error details: %4 |
| 408 | DeviceAuthenticationFailureAudit | Device authentication failed for following device: Additional Data Activity ID: %1 User: %2 Client IP: %3 Target Application: %4 Device Certificate: %5 Device ID: %6 Device Name: %7 Error Message: %8 |
| 409 | DeviceAuthenticationSuccessAudit | Device authentication successful for following device: Additional Data Activity ID: %1 User: %2 Client IP: %3 Target Application: %4 Device Certificate: %5 Device ID: %6 Device Name: %7 Registered owner's sid: %8 Is current User registered: %9 |
| 410 | RequestContextHeadersSuccessAudit | Following request context headers present : Activity ID: %1 %2: %3 %4: %5 %6: %7 %8: %9 %10: %11 %12: %13 |
| 411 | SecurityTokenValidationFailureAudit | Token validation failed. See inner exception for more details. Additional Data Activity ID: %1 Token Type: %2 Client IP: %5 Error message: %3 Exception details: %4 |
| 412 | AuthenticationSuccessAudit | A token of type '%3' for relying party '%4' was successfully authenticated. See audit 501 with the same Instance ID for caller identity. Instance ID: %1 Activity ID: %2 |
| 413 | CallerIdFailureAudit | An error occurred during processing of a token request. The data in this event may have the identity of the caller (application) that made this request. The data includes an Activity ID that you can cross-reference to error or warning events to help diagnose the problem that caused this error. Additional Data Activity ID: %1 Caller: %2 OnBehalfOf user: %3 ActAs user: %4 Target Relying Party: %5 Device identity: %6 Client IP: %7 User action: Use the Activity ID data in this message to search and correlate the data to events in the Event log using Event Viewer. This Activity ID will also be shown as additional information in the error page when an error occurs in the federation passive Web application. |
| 414 | InvalidMsisHttpRequestAudit | An error occurred during processing of a token request. The data includes an Activity ID that you can cross-reference to error or warning events to help diagnose the problem that caused this error. Additional Data Activity ID: %1 Target Relying Party: %2 Is Application Proxy Configured: %3 Is Request From the Extranet: %4 User action: Use the Activity ID data in this message to search and correlate the data to events in the Event log using Event Viewer. This Activity ID will also be shown as additional information in the error page when an error occurs in the federation passive Web application. |
| 415 | UnregisteredDrsUpnSuffixes | %1 |
| 416 | WebConfigurationError | Web configuration error: %1 |
| 417 | CertificateClaimError | Unable to add the certificate claim %1. |
| 420 | StsProxyTrustTokenEstablishmentAuditSuccess | The trust between the federation server proxy and the Federation Service was successfully established. Additional Data User: %1 Server from which request was made: %2 Certificate Thumbprint: %3 |
| 421 | StsProxyTrustTokenEstablishmentAuditFailure | The trust between the federation server proxy and the Federation Service could not be established. Additional Data User: %1 Server from which request was made: %2 |
| 422 | FsProxyConfigurationRetrievalFailure | Unable to retrieve proxy configuration data from the Federation Service. Additional Data Trust Certificate Thumbprint: %1 Status Code: %2 Exception details: %3 |
| 423 | FsProxyConfigurationRetrievalSuccess | Successfully retrieved proxy configuration data from the Federation Service |
| 424 | ClientCertNotTrustedOnStsAuditFailure | The federation server proxy was not able to authenticate the client certificate presented in the request. Activity ID: %1 Client certificate thumbprint: %2 Client certificate subject name: %3 Inner exception: %4 User Action Ensure that the request is using the certificate used to establish the trust between the Federation Server Proxy and the Federation Service. |
| 425 | ApplicationProxyConfigurationStoreChangeAuditSuccess | The following update was successful to the application proxy store on the federation server. Activity ID: %1 Authentication information: %2 HTTP method: %3 Key: %4 Value: %5 Version: %6 |
| 426 | ApplicationProxyConfigurationStoreChangeAuditFailure | The following update attempt to the application proxy store on the federation server failed. Activity ID: %1 Authentication information: %2 HTTP method: %3 Key: %4 Value: %5 Version: %6 Error information: %7 |
| 427 | ApplicationProxyTrustUpdateAuditSuccess | The following update attempt to the application proxy relying party trust on the federation server succeeded. Activity ID: %1 Authentication information: %2 HTTP method: %3 Identifier: %4 |
| 428 | ApplicationProxyTrustUpdateAuditFailure | The following update attempt to the application proxy relying party trust on the federation server failed. Activity ID: %1 Authentication information: %2 HTTP method: %3 Identifier: %4 Error information: %5 |
| 429 | RelyingPartyTrustUpdateAuditSuccess | The following update attempt to the relying party trust on the federation server succeeded. Activity ID: %1 Authentication information: %2 HTTP method: %3 Relying party trust identifier: %4 Internal Url: %5 External Url: %6 Published identifier: %7 |
| 430 | RelyingPartyTrustUpdateAuditFailure | The following update attempt to the relying party trust on the federation server failed. Activity ID: %1 Authentication information: %2 HTTP method: %3 Relying party trust identifier: %4 Internal url: %5 External url: %6 Published identifier: %7 Error information: %8 |
| 431 | ActiveRequestRSTSuccessAudit | An active request was received at STS with RST containing: Activity ID: %1 RST Details: KeySize: %2 KeyType: %3 RequestType: %4 TokenType: %5 SignatureAlgorithm: %6 |
| 432 | ProxyConfigurationEndpointError | Error handling request from proxy at %1 Additional Data Exception details: %2 |
| 500 | IssuedIdentityClaims | More information for the event entry with Instance ID %1. There may be more events with the same Instance ID with more information. Instance ID: %1 Issued identity: %2 %3 %4 %5 %6 %7 %8 %9 %10 %11 %12 %13 %14 %15 %16 %17 %18 %19 %20 %21 |
| 501 | CallerIdentityClaims | More information for the event entry with Instance ID %1. There may be more events with the same Instance ID with more information. Instance ID: %1 Caller identity: %2 %3 %4 %5 %6 %7 %8 %9 %10 %11 %12 %13 %14 %15 %16 %17 %18 %19 %20 %21 |
| 502 | OnBehalfOfUserIdentityClaims | More information for the event entry with Instance ID %1. There may be more events with the same Instance ID with more information. Instance ID: %1 OnBehalfOf identity: %2 %3 %4 %5 %6 %7 %8 %9 %10 %11 %12 %13 %14 %15 %16 %17 %18 %19 %20 %21 |
| 503 | ActAsUserIdentityClaims | More information for the event entry with Instance ID %1. There may be more events with the same Instance ID with more information. Instance ID: %1 ActAs identity: %2 %3 %4 %5 %6 %7 %8 %9 %10 %11 %12 %13 %14 %15 %16 %17 %18 %19 %20 %21 |
| 504 | ApplicationProxyConfigurationStoreChangeSuccess | The following update was successful to the application proxy store on the federation server. Authentication information: %1 HTTP method: %2 Key: %3 Value: %4 Version: %5 |
| 505 | ApplicationProxyConfigurationStoreChangeFailure | The following update attempt to the application proxy store on the federation server failed. Authentication information: %1 HTTP method: %2 Key: %3 Value: %4 Version: %5 Error information: %6 |
| 506 | ApplicationProxyTrustUpdateSuccess | The following update attempt to the application proxy relying party trust on the federation server succeeded. Authentication information: %1 HTTP method: %2 Identifier: %3 |
| 507 | ApplicationProxyTrustUpdateFailure | The following update attempt to the application proxy relying party trust on the federation server failed. Authentication information: %1 HTTP method: %2 Identifier: %3 Error information: %4 |
| 508 | RelyingPartyTrustUpdateSuccess | The following update attempt to the relying party trust on the federation server succeeded. Authentication information: %1 HTTP method: %2 Relying party trust identifier: %3 Internal Url: %4 External Url: %5 Published identifier: %6 |
| 509 | RelyingPartyTrustUpdateFailure | The following update attempt to the relying party trust on the federation server failed. Authentication information: %1 HTTP method: %2 Relying party trust identifier: %3 Internal url: %4 External url: %5 Published identifier: %6 Error information: %7 |
| 510 | LongText | More information for the event entry with Instance ID %1. There may be more events with the same Instance ID with more information. Instance ID: %1 Details: %2 %3 %4 %5 %6 %7 %8 %9 %10 %11 %12 %13 %14 %15 %16 %17 %18 %19 %20 %21 |
| 511 | InvalidMsisHttpSigninRequestFailure | The incoming sign-in request is not allowed due to an invalid Federation Service configuration. Request url: %1 User Action: Examine the Federation Service configuration and take the following actions: Verify that the sign-in request has all the required parameters and is formatted correctly. Verify that a web application proxy relying party trust exists, is enabled, and has identifiers which match the sign-in request parameters. Verify that the target relying party trust object exists, is published through the web application proxy, and has identifiers which match the sign-in request parameters. |
| 512 | ExtranetLockoutAccountThrottledAudit | The account for the following user is locked out. A login attempt is being allowed due to the system configuration. Additional Data Activity ID: %1 User: %2 Client IP: %3 Bad Password Count: %4 nLast Bad Password Attempt: %5 |
| 513 | ArtifactRestEndpointRequestFailureAudit | The Artifact REST service failed to return an artifact as a result of an error during processing. Additional Data Activity ID: %1 Request Details: Client IP: %2 Requested Uri: %3 Exception details: %4 |
| 514 | ArtifactRestEndpointRequestSuccessAudit | The Artifact REST service successfully returned an artifact. Additional Data Activity ID: %1 Request Details: Client IP: %2 Requested Uri: %3 |
| 515 | ExtranetLockoutUserThrottleTransitionAudit | The following user account was in a locked out state and the correct password was just provided. This account may be compromised. Additional Data Activity ID: %1 User: %2 Device Certificate: %3 Client IP: %4 |
| 516 | ExtranetLockoutAccountRestrictedAudit | The following user account has been locked out due to too many bad password attempts. Additional Data Activity ID: %1 User: %2 Client IP: %3 nBad Password Count: %4 nLast Bad Password Attempt: %5 |
| 517 | TargetRelyingPartyPublishedButAppProxyDisabledFailure | The incoming sign-in request is not allowed due to an invalid Federation Service configuration. Request url: %1 User Action: Verify that either an enabled web application proxy relying party trust exists in your Federation Service configuration or that the target relying party trust object is not published through a web application proxy. |
| 518 | TargetRelyingPartyPublishedButAppProxyDisabledFailureAudit | An error occurred during processing of a token request. The data includes an Activity ID that you can cross-reference to error or warning events to help diagnose the problem that caused this error. Additional Data Activity ID: %1 User action: Use the Activity ID data in this message to search and correlate the data to events in the Event log using Event Viewer. This Activity ID will also be shown as additional information in the error page when an error occurs in the federation passive Web application. |
| 519 | PrimayServerRequestHandlerResponseSuccessAudit | A successful response status code was received from the primary server. The data includes an Activity ID that you can cross-reference to the events on the primary server to help diagnose the problem. Activity ID: %1 Authentication information: %2 Raw URL of the incoming request: %3 Response status code: %4 IP address from which the request originated: %5 |
| 520 | PrimayServerRequestHandlerResponseFailureAudit | An error response status code was received from the primary server. The data includes an Activity ID that you can cross-reference to error or warning events on the primary server to help diagnose the problem. Activity ID: %1 Authentication information: %2 Raw URL of the incoming request: %3 Response status code: %4 WebException response code: %5 IP address from which the request originated: %6 |
| 1000 | CallerId | An error occurred during processing of a token request. The data in this event may have the identity of the caller (application) that made this request. The data includes an Activity ID that you can cross-reference to error or warning events to help diagnose the problem that caused this error. Additional Data Caller: %1 OnBehalfOf user: %2 ActAs user: %3 Target Relying Party: %4 Device identity: %5 User action: Use the Activity ID data in this message to search and correlate the data to events in the Event log using Event Viewer. This Activity ID will also be shown as additional information in the error page when an error occurs in the federation passive Web application. |
| 1020 | OAuthAuthorizationRequestFailedError | Encountered error during OAuth authorization request. Additional Data Exception details: %1 |
| 1021 | OAuthTokenRequestFailedError | Encountered error during OAuth token request. Additional Data Exception details: %1 |
| 1022 | OAuthAuthorizationCodeIssuanceSuccessAudit | An OAuth authorization code was successfully issued to client '%5'. Activity ID: %1 Authorization Code ID: %2 Request Details: Date And Time: %3 Client IP: %4 Client Identifier: %5 Client Redirect URI: %6 Resource: %7 User Identity: %8 Device Identity: %9 |
| 1023 | OAuthAccessTokenIssuanceSuccessAudit | An OAuth access token was successfully issued to client '%6' for the relying party '%8'. See audit 500 with the same Instance ID for issued claims. See audit 501 with the same Instance ID for caller identity. Instance ID: %1 Activity ID: %2 Authorization Code ID (if authorization code request): %3 Request Details: Date And Time: %4 Client IP: %5 Client Identifier: %6 Client Redirect URI: %7 Resource: %8 User Identity: %9 Device Identity: %10 |
| 1024 | OAuthRefreshTokenIssuanceSuccessAudit | An OAuth refresh token was successfully issued to client '%6' for the relying party '%8'. See audit 500 with the same Instance ID for issued claims. Instance ID: %1 Activity ID: %2 Authorization Code ID (if authorization code request): %3 Request Details: Date And Time: %4 Client IP: %5 Client Identifier: %6 Client Redirect URI: %7 Resource: %8 User Identity: %9 Device Identity: %10 |
| 1025 | OAuthAuthorizationCodeIssuanceFailureAudit | The Federation Service failed to issue an OAuth authorization code as a result of an error during processing of the OAuth authorization code request. Additional Data Activity ID: %1 Request Details: Client IP: %2 Client Identifier: %3 Client Redirect URI: %4 Resource: %5 User Identity: %6 Device Identity: %7 Exception details: %8 |
| 1026 | OAuthAccessTokenIssuanceFailureAudit | The Federation Service failed to issue an OAuth access token as a result of an error during processing of the OAuth access token request. Additional Data Activity ID: %1 Request Details: Client IP: %2 Client Identifier: %3 Client Redirect URI: %4 Resource: %5 User Identity: %6 Device Identity: %7 Exception details: %8 |
| 1027 | OAuthAccessTokenResponseIssuanceSuccessAudit | An OAuth access token response was successfully issued to client '%5' for the relying party '%7'. See audit 1023 with the same authorization code ID for issued access token. In an AD FS farm setup, this audit may be found on another farm node. See audit 1024 with the same authorization code ID for the refresh token if it is issued. In an AD FS farm setup, this audit may be found on another farm node. Activity ID: %1 Authorization Code ID: %2 Request Details: Date And Time: %3 Client IP: %4 Client Identifier: %5 Client Redirect URI: %6 Resource: %7 |
| 1100 | RestEndpointAuthorizationFailureError | The Federation Service could not authorize a request to one of the REST endpoints. Additional Data Exception details: %1 |
| 1101 | RestEndpointAuthorizationFailureAudit | The Federation Service could not authorize a request to one of the REST endpoints. Additional Data Activity ID: %1 Request Details: Client IP: %2 Requested URI: %3 Exception details: %4 |
| 1102 | RestEndpointAuthorizationSuccessAudit | The Federation Service authorized a request to one of the REST endpoints. Additional Data Activity ID: %1 Request Details: Client IP: %2 Requested URI: %3 Additional details: %4 |
| ID | Event Name | Event Description |
|---|---|---|
| 100 | FsServiceStart | The Federation Service started successfully. The following service hosts have been added: %1 |
| 102 | StartupException | There was an error in enabling endpoints of Federation Service. Fix configuration errors using PowerShell cmdlets and restart the Federation Service. Additional Data Exception details: %1 |
| 103 | FsServiceStop | The Federation Service stopped successfully. |
| 104 | ArtifactServiceNotRunningForReplayDetectionCheck | The artifact resolution service is not running. The service must be running to perform token replay detection. User Action Make sure that the artifact resolution service is configured properly. Or disable token replay detection by using the Set-ADFSProperties cmdlet with the PreventTokenReplays parameter in Windows PowerShell for AD FS. |
| 105 | AuthMethodLoadError | An error occurred loading an authentication provider. Fix configuration errors using PowerShell cmdlets and restart the Federation Service. Identifier: %1 Context: %2 Additional Data Exception details: %3 |
| 106 | AuthMethodLoadSuccess | An authentication provider was successfully loaded: Identifier: '%1', Context: '%2' |
| 111 | WsTrustRequestProcessingError | The Federation Service encountered an error while processing the WS-Trust request. Request type: %1 Additional Data Exception details: %2 |
| 131 | BadConfigurationFormatError | During processing of the Federation Service configuration, the element '%1' was found to have invalid data. The configured value '%2' could not be parsed as type '%3'. Element: %1 Value: %2 Type: %3 The Federation Service will not be able to start until this configuration element is corrected. User Action Correct the specified configuration element to conform to the given type. |
| 132 | BadConfigurationValueMissing | During processing of the Federation Service configuration, the required element '%1' was missing. Element: %1 The Federation Service will not be able to start until this configuration element is configured. User Action Configure the specified configuration element using the AD FS Management snap-in. |
| 133 | BadConfigurationIdentityCertificateHasNoPrivateKey | During processing of the Federation Service configuration, the element '%1' was found to have invalid data. The private key for the certificate that was configured could not be accessed. The following are the values of the certificate: Element: %1 Subject: %2 Thumbprint: %3 storeName: %4 storeLocation: %5 Federation Service identity: %6 The Federation Service will not be able to start until this configuration element is corrected. This condition can occur when the certificate is found in the specified store but there is a problem accessing the certificate's private key. Common causes for this condition include the following: (1) The certificate was installed from a source that did not include the private key, such as a .cer or .p7b file. (2) The certificate's private key was imported (for example, from a .pfx file) into a store that is different from the store specified above. (3) The certificate was generated as part of a certificate request that did not specify the "Machine Key" option. (4) The Federation Service identity '%6' has not been granted read access to the certificate's private key. User Action If the certificate was imported from a source with no private key, choose a certificate that does have a private key, or import the certificate again from a source that includes the private key (for example, a .pfx file). If the certificate was imported in a user context, verify that the store specified above matches the store the certificate was imported into. If the certificate was generated by a certificate request that did not specify the "Machine Key" option and the key is marked as exportable, export the certificate with a private key from the user store to a .pfx file and import it again directly into the store specified in the configuration file. If the key is not marked as exportable, request a new certificate using the "Machine Key" option. If the Federation Service identity has not been granted read access to the certificate's private key, correct this condition using the Certificates snap-in. |
| 134 | BadConfigurationCertificateNotFound | During processing of the Federation Service configuration, the element '%1' was found to have invalid data. The certificate that was identified by the findValue '%2' could not be found. Element: %1 storeName: %3 storeLocation: %4 x509FindType: %5 findValue: %2 The Federation Service will not be able to start until this configuration element is corrected. This condition occurs when the findValue that is specified does not match any certificate in the specified store. Common causes for this condition include the following: (1) The certificate with the specified findValue is from a store that is different from the configured store. (2) The certificate was deleted from the store after configuration. User Action If the certificate exists in a different store, find the location using the certificates snap-in and correct the configuration appropriately. If the certificate has been deleted, configure a different certificate. |
| 135 | BadConfigurationMultipleCertificatesMatch | During processing of the Federation Service configuration, the element '%1' was found to have invalid data. The certificate that was identified by the findValue '%2' was not unique. Element: %1 storeName: %3 storeLocation: %4 x509FindType: %5 findValue: %2 The Federation Service will not be able to start until this configuration element is corrected. This condition can occur when the certificate is found in the specified store but there is more than one certificate that matches the findValue. User Action If the certificate was identified by name and there are multiple certificates of the same name, configure the certificate using the certificate thumbprint. |
| 136 | ConfigurationErrorsException | During processing of the Federation Service configuration, the Federation Service encountered a configuration error. %1 Additional Data %2 The Federation Service will not be able to start until this error has been corrected. User Action Correct the specified configuration error using the AD FS Management snap-in. |
| 143 | UnableToCreateFederationMetadataDocument | The Federation Service was unable to create the federation metadata document as a result of an error. Document Path: %1 Additional Data Exception details: %2 |
| 144 | RequestBlocked | The Federation Service Proxy blocked an illegitimate request made by a client, as there was no matching endpoint registered at the proxy. This could point to a DNS misconfiguration, a partially configured application published through the proxy, or a malicious request. Url Path: %1 |
| 147 | InvalidClaimsProviderError | A token was received from a claims provider identified by the key '%1', but the token could not be validated because the key does not identify any known claims provider trust. Key: %1 This request failed. User Action If this key represents the certificate thumbprint of a claims provider trust, verify that it matches the signing certificate of the claims provider trust in the AD FS configuration database. |
| 149 | AttributeStoreLoadFailure | During processing of the Federation Service configuration, the attribute store '%1' could not be loaded. Attribute store type: %2 User Action If you are using a custom attribute store, verify that the custom attribute store is configured using AD FS Management snap-in. Additional Data %3 |
| 155 | MetadataListenerError | The Federation Service was unable to listen at '%1' for metadata document requests due to an unexpected error. Additional Data %Exception details: %2 |
| 156 | TrustMonitoringInitiated | Trust monitoring cycle initiated. |
| 157 | TrustMonitoringComplete | Trust monitoring cycle completed. |
| 159 | TrustMonitoringConfigurationDatabaseWriteError | The Federation Service encountered an error while writing to the following object in the configuration database. Object Type: %1 Name: %2 Metadata document URL: %3 Additional Data Exception details: %4 Additional details: %5 |
| 163 | TrustMonitoringInitiationError | An error occurred during initialization of trust monitoring. Trust monitoring against the published partner configuration will be disabled for the lifetime of this service. Additional Data Exception details: %1 User Action If you want to try to start the trust monitoring service again, restart the Federation Service. |
| 164 | TrustMonitoringConfigurationDatabaseError | An error occurred during a read operation from the configuration database. Trust monitoring was shut down and will be tried again after an amount of time that corresponds to the trust monitoring interval. Additional Data Exception details: %1 Additional details: %2 |
| 165 | TrustMonitoringGenericError | An error occurred during trust monitoring. The trust monitoring cycle was shut down. Additional Data Exception details: %1 Additional details: %2 |
| 166 | TrustMonitoringMetadataFormatError | Trust monitoring service encountered an error while parsing the metadata document from '%1'. Trust monitoring failed for: Object Type: %2 Name: %3 Additional Data Exception details: %4 Additional details: %5 |
| 167 | TrustMonitoringMetadataProcessingError | Trust monitoring service encountered an error while applying the data in the metadata document from '%1'. Trust monitoring failed for: Object Type: %2 Name: %3 Additional Data Exception details: %4 Additional details: %5 |
| 168 | TrustManagementMetadataRequestError | The Federation Service encountered an error while retrieving the federation metadata document from '%1'. The monitoring for the following trusts failed: Claims providers: %2 Relying parties: %3 Additional Data Exception details: %4 Additional details: %5 User Action Make sure federation metadata URL is accessible. Verify your proxy server setting. For more information about how to verify your proxy server setting, see the AD FS Troubleshooting Guide (http://go.microsoft.com/fwlink/?LinkId=182180). |
| 171 | SuccessfulAutoUpdate | The trust monitoring service automatically updated the trust of '%1' successfully with the partner's published changes. |
| 173 | SuccessfulAutoUpdateWithWarning | The trust monitoring service automatically updated the trust of '%1' successfully with the partner's published changes. Additional Data Warnings: %2 |
| 174 | AutoUpdateSkippedWithWarning | Trust monitoring service detected changes in policy of '%1', but did not automatically apply the changes on the trust partner. Additional Data Warnings: %2 |
| 180 | MinorVersionUpgradeError | An error occurred while upgrading FarmBehaviorLevel '%1' from Minor Version '%2' to Minor Version '%3'. Additional Data Exception details: %4 |
| 184 | InvalidRelyingPartyError | A token request was received for a relying party identified by the key '%1', but the request could not be fulfilled because the key does not identify any known relying party trust. Key: %1 This request failed. User Action If this key represents a URI for which a token should be issued, verify that its prefix matches the relying party trust that is configured in the AD FS configuration database. |
| 186 | PolicyDuplicateNameIdentifier | The Federation Service could not fulfill the token-issuance request. More than one claim based on SamlNameIdentifierClaimResource was produced after the issuance See event 500 with the same Instance ID for claims after application of issuance transform rules. Additional Data Instance ID: %1 User Action Ensure that the issuance transform rules that are configured for the relying party do not result in multiple claims based on SamlNameIdentifierClaimResource. |
| 193 | PolicyUnknownAuthenticationTypeError | The Federation Service could not satisfy a token request because the relying party requested an unknown authentication type. Comparison type: %1 Desired authentication type(s): %2 Relying party: %3 This request failed. User Action Use the AD FS PowerShell commands to configure the authentication context order property. Ensure that the relying party is configured to request the correct authentication type. |
| 197 | ConfigurationInvalidAuthenticationTypeError | The Federation Service could not satisfy a token request because the accompanying credentials do not meet the authentication type requirement of '%2' for the relying party '%3'. Authentication type: %1 Desired authentication type(s): %2 Relying party: %3 This request failed. |
| 198 | FsProxyServiceStart | The federation server proxy started successfully. |
| 199 | ProxyStartupException | The federation server proxy could not be started. Reason: %1 Additional Data Exception details: %2 |
| 200 | FsProxyServiceStop | The federation server proxy stopped successfully. |
| 201 | ServiceHostOpenAddressAccessDeniedError | The Federation Service %1 encountered an Access Denied error while trying to register one or more endpoint URLs. This condition typically occurs when the ACL for the endpoint URL is missing or the HTTP namespace in the ACL is not a prefix match of the endpoint URL. The %1 could not be opened. User Action Ensure that a valid ACL for each of the URLs has been configured on this computer. Additional Data Exception details: %2 |
| 202 | ServiceHostOpenError | The Federation Service %1 could not be opened. Additional Data Exception details: %2 |
| 203 | ServiceHostAbortError | The Federation Service %1 could not be shut down properly. Additional Data Exception details: %2 |
| 204 | ServiceHostCloseError | The Federation Service %1 could not be closed. Additional Data Exception details: %2 |
| 206 | EmptyOrMissingWSFederationPassiveEndpoint | The Federation Service could not fulfill the token-issuance request because the relying party '%1' is missing a WS-Federation Passive endpoint address. Relying party: %1 This request failed. User Action Use the AD FS Management snap-in to configure a WS-Federation Passive endpoint on this relying party. |
| 207 | FailureWritingToAuditLog | An attempt to write to the Security event log failed. Additional Data Windows error code: %1 Exception details: %2 |
| 208 | InsufficientPrivilegesWritingToAuditLogError | An error occurred during an attempt to register the event source for the Security log. User Action Ensure that the Federation Service has the correct permissions to write to the Security log. |
| 209 | AuditLogEventSourceCouldNotBeRegisteredError | The Security log event source for the Federation Service could not be registered. Additional Data Windows error code: %1 Exception details: %2 |
| 215 | FsProxyNoEndpointsConfigured | The Federation Service at '%1' did not return any WS-Trust endpoints to be published by the federation server proxy. User Action If you want to publish WS-Trust endpoints to the federation server proxy, make sure that the endpoints are enabled for proxy use on the federation server. |
| 217 | BindingConfigurationError | A WS-Trust endpoint that was configured could not be opened. Additional Data Address: %1 Mode: %2 Error: %3 |
| 218 | FsProxyServiceConnectionFailedServiceUnavailable | The federation server proxy received error code '%2' while making a request to the Federation Service at '%1'. This could mean that the Federation Service is not started on the remote host. User Action Verify that the Federation Service is running on the remote host. |
| 220 | ServiceConfigurationInitializationError | The Federation Service configuration could not be loaded correctly from the AD FS configuration database. Additional Data Error: %1 |
| 221 | ServiceConfigurationReloadError | A change to the token service configuration was detected, but there was an error reloading the changes to configuration. Additional Data Error: %1 |
| 222 | FsProxyServiceConnectionFailedTimeout | The federation server proxy was unable to complete a request to the Federation Service at address '%1' because of a time-out. This might mean that the Federation Service is currently unavailable. User Action Verify that the Federation Service is running. |
| 223 | ClaimDescriptionReloadError | Claim description could not be loaded correctly from the database. Additional Data Error: %1 |
| 224 | ProxyConfigurationRefreshError | The federation server proxy configuration could not be updated with the latest configuration on the federation service. Additional Data Error: %1 |
| 230 | ProxyCongestionWindowMinimumSize | The federation server proxy has detected congestion, caused by high latency response times, on the Federation Service. The load might be above the Federation Service operating capacity, or there might be network connectivity issues. Request throttling has been enforced to limit the number of concurrent requests to the following size: %1. User Action Verify that the Federation Service is operating within its operating capacity. Verify that the Federation Service is not experiencing network outages. |
| 238 | AttributeStoreFindDCFailedError | The Federation Service failed to find a domain controller for the domain %1. Additional Data Domain Name: %1 Error: %2 User Action Use Nltest to determine why DC locator is failing. Nltest is part of the Windows Support Tools. |
| 244 | MetadataExchangeListenerError | The Federation Service was unable to listen at '%1' for WS-MetadataExchange requests due to an unexpected error. Additional Data %Exception details: %2 |
| 245 | ProxyConfigurationRefreshSuccess | The federation server proxy successfully retrieved and updated its configuration from the Federation Service '%1'. |
| 246 | LdapDCConnectionError | The Federation Service encountered an error during an attempt to connect to a LDAP server at %1. Additional Data Domain Name: %1 LDAP server hostname (if available): %2 Authentication type: %3 SSL mode: %4 Username (if available): %5 Error code (if available): %6 Error from LDAP server (if available): %7 Exception Details: %8 User Action Check the network connectivity to the LDAP server. Also, check whether the LDAP server is configured properly. |
| 247 | LdapGCConnectionError | The Federation Service encountered an error while connecting to a global catalog server at %1. Additional Data Domain Name: %1 Global Catalog hostname (if available): %2 Authentication type: %3 SSL mode: %4 Username (if available): %5 Error code (if available): %6 Error from server (if available): %7 Exception Details: %8 User Action Troubleshoot the network connectivity to the global catalog server. Also, verify that the global catalog server is configured properly. |
| 248 | ProxyEndpointsRetrievalError | The federation server proxy was not able to retrieve the list of endpoints from the Federation Service at %1. The error message is '%2'. User Action Make sure that the Federation Service is running. Troubleshoot network connectivity. If the trust between the federation server proxy and the Federation Service is lost, run the Federation Server Proxy Configuration Wizard again. |
| 249 | AdditionalCertificateLoadWarning | The certificate identified by thumbprint '%1' could not be found in the certificate store. In certificate rollover scenarios, this can potentially cause a failure when the Federation Service is signing or decrypting using this certificate. User Action Ensure that the certificate that is identified by thumbprint '%1' has been added to the Localmachine "My" store and that it is accessible by the service account of the Federation Service. |
| 250 | ArtifactExpirationError | Expiration of the artifact failed. Additional Data Exception message: %1 User Action Ensure that the artifact storage server is configured properly. Troubleshoot network connectivity to the artifact storage server. |
| 251 | AttributeStoreLoadSuccess | Attribute store '%1' is loaded successfully. |
| 252 | ProxyHttpListenerStartupInfo | The AD FS proxy service made changes to the endpoints it is listening on based on the configuration it retrieved from the Federation Service. Endpoints added: %1 Endpoints removed: %2 |
| 253 | ProxyHttpListenerStartupError | AD FS proxy service failed to start a listener for the endpoint '%1' Exceptiondetails: %2 User action: Ensure that no conflicting SSL bindings are configured for the specified endpoint. |
| 258 | ConfigurationMissingAssertionConsumerServicesError | The relying party '%1' is not configured with SAML Assertion Consumer Services. Relying party: %1 This request failed. User Action Use the AD FS Management snap-in to configure one or more Assertion Consumer Services for this relying party. |
| 259 | ConfigurationAssertionConsumerServiceIndexDoesNotMatchError | The request specified an Assertion Consumer Service index '%1' that is not configured on the relying party '%2'. Assertion Consumer Service index: %1 Relying party: %2 This request failed. User Action Use the AD FS Management snap-in to configure an Assertion Consumer Service with the specified index for this relying party. |
| 260 | ConfigurationAssertionConsumerServiceProtocolBindingDoesNotMatchError | The request specified an Assertion Consumer Service protocol binding '%1' that is not configured on the relying party '%2'. Assertion Consumer Service protocol binding: %1 Relying party: %2 This request failed. User Action Use the AD FS Management snap-in to configure an Assertion Consumer Service with the specified protocol binding for this relying party. |
| 261 | ConfigurationAssertionConsumerServiceUrlDoesNotMatchError | The request specified an Assertion Consumer Service URL '%1' that is not configured on the relying party '%2'. Assertion Consumer Service URL: %1 Relying party: %2 This request failed. User Action Use the AD FS Management snap-in to configure an Assertion Consumer Service with the specified URL for this relying party. |
| 262 | ArtifactResolutionFailed | The artifact resolution request failed. Additional Data Exception message: %1 |
| 273 | ConfigurationAssertionConsumerServiceNotFoundError | The request specified an assertion consumer service that is not configured or not supported on the relying party '%4'. Request parameters: '%1', '%2', '%3' Relying party: %4 This request failed. User Action Use the AD FS Management snap-in to configure an assertion consumer service with the specified parameters for this relying party. Also, check whether the artifact resolution service is enabled if the SAML artifact is requested. |
| 274 | FsProxyEndpointListenerAccessDeniedError | The federation server proxy encountered an error while trying to listen on one of the proxy endpoints. The federation server proxy will not be able to start until it can listen on all required proxy endpoints. Proxy Endpoints: %1 User Action Ensure that the permissions on the URLs of the proxy endpoints allow the federation server proxy security account (the default is Network Service) to listen on them. |
| 275 | FsProxySslTrustError | The federation server proxy could not establish a trust relationship for the SSL secure channel with the Federation Service %1. Error Message: %2 User Action Ensure that the SSL certificate for Federation Service '%1' is valid and trusted by the federation server proxy. |
| 276 | FsProxyServiceNotTrustedOnStsError | The federation server proxy was not able to authenticate to the Federation Service. User Action Ensure that the proxy is trusted by the Federation Service. To do this, log on to the proxy computer with the host name that is identified in the certificate subject name and re-establish trust between the proxy and the Federation Service using the Install-WebApplicationProxy cmdlet. Additional Data Certificate details: Subject Name: %1 Thumbprint: %2 NotBefore Time: %3 NotAfter Time: %4 Client endpoint: %5 |
| 277 | UnhandledExceptionError | The Federation Service encountered an unexpected exception and has shut down. Additional Data Exception details: %1 |
| 278 | ArtifactResolutionEndpointNotConfiguredError | The SAML artifact resolution endpoint is not configured or it is disabled. User Action If SAML artifact resolution is required, use the AD FS Management snap-in to configure or enable the SAML artifact resolution endpoint. |
| 279 | SamlArtifactResolutionClaimsProviderNotFoundError | Unable to find a claims provider trust for SAML artifact resolution in the AD FS configuration database. SAML artifact: %1 This request failed. User Action Verify that a claims provider trust exists in the AD FS configuration database. Make sure that the data for the claims provider trust is up to date. |
| 280 | ClaimsProviderMissingArtifactServiceError | Unable to resolve the SAML artifact from the claims provider because the claims provider trust does not have the artifact resolution service configured. Claims provider trust: %1 This request failed. User Action Verify that the claims provider trust in the AD FS configuration database is up to date. Add the artifact resolution service endpoint to the claims provider trust. |
| 281 | SamlArtifactResolutionEndpointNotFoundError | Unable to resolve the SAML artifact from the claims provider because the claims provider trust does not have the required artifact resolution endpoint with the specified index configured. Claims provider trust: %1 Required endpoint index: %2 This request failed. User Action Verify that the claims provider trust in the AD FS configuration database is up to date. Use the AD FS Management snap-in to configure the artifact resolution endpoint with the specified index. |
| 282 | SamlArtifactResolutionSignatureVerificationFailureAudit | Unable to resolve the SAML artifact. Verification of the artifact response signature failed. Claims provider: %1 This request failed. User Action Verify that the claims provider trust in the AD FS configuration database is up to date using AD FS Management snap-in. Verify that the claims provider trust's certificate is up to date. |
| 283 | SamlArtifactResolutionRequestError | Unable to resolve the SAML artifact. The artifact resolution request to the claims provider failed. See inner exception for more details. SAML Artifact: %1 Claims provider: %2 Inner exception: %3 This request failed. User Action Verify that the claims provider trust in the AD FS configuration database is up to date. Verify network connectivity. Verify your proxy server setting. For more information about how to verify your proxy server setting, see the AD FS Troubleshooting Guide (http://go.microsoft.com/fwlink/?LinkId=182180). |
| 284 | SamlArtifactResolutionResponseVerificationError | Unable to resolve the SAML artifact. A malformed response was received from the claims provider. See inner exception for more details. SAML artifact: %1 Claims provider: %2 This request failed. User Action Verify that the claims provider trust in the AD FS configuration database is up to date. |
| 285 | SamlArtifactResolutionBadResponseError | The SAML artifact was resolved, but the response is empty or does not contain expected assertions. SAML artifact: %1 Claims provider: %2 This request failed. User Action For more information, contact the claims provider. |
| 286 | ArtifactStorageConnectionOpenError | Cannot connect to the artifact database. Connection string: %1 Error message: %2 User Action Ensure that the artifact database is configured properly. Use the Set-ADFSProperties cmdlet with the ArtifactDbConnection parameter in the Windows PowerShell for AD FS to modify the connection string, if necessary. Troubleshoot the connectivity to the artifact storage . |
| 287 | ArtifactStorageAddError | Cannot add the artifact to the artifact database. See exception message for more details. Artifact ID: %1 Inner exception details: %2 User Action Ensure that the artifact database is configured properly. Troubleshoot the connectivity to the artifact database. |
| 288 | ArtifactStorageGetError | Cannot get the artifact from storage. See exception message for more details. ArtifactId: %1 Inner exception details: %2 User Action Ensure that the artifact storage in the AD FS configuration database is configured properly. Troubleshoot connectivity to the artifact storage in the AD FS configuration database. |
| 289 | ArtifactStorageRemoveError | Cannot remove the artifact from storage. See inner exception message for more details. ArtifactId: %1 Inner exception details: %2 User Action Ensure that the artifact storage in the AD FS configuration database is configured properly. Troubleshoot connectivity to the artifact storage in the AD FS configuration database. |
| 290 | ArtifactStorageExpireError | Cannot set expiration for the artifacts in storage. See inner exception message for more details. Inner exception details: %1 User Action Ensure that the artifact storage in the AD FS configuration database is configured properly. Troubleshoot connectivity to the artifact storage in the AD FS configuration database. |
| 291 | ArtifactServiceStartupException | The artifact resolution service could not be started. Additional Data Exception details: %1 User Action Make sure artifact resolution service is properly configured. |
| 292 | ArtifactResolutionServiceSignatureVerificationFailureAudit | The Artifact Resolution Service could not verify request signature. Additional Data Exception details: %1 |
| 293 | ArtifactRequestedButDisabledError | A SAML request for the required artifact was rejected because the artifact resolution service is not enabled. Relying party: %1 This request failed. User Action Enable the artifact resolution service. Use the AD FS Management snap-in to configure or enable the SAML artifact resolution endpoint. |
| 294 | ArtifactResolutionServiceIdentityNotFoundError | The SAML artifact resolution request specified an issuer that is not configured for the relying party. Relying party: %1 Artifact resolution request issuer: %2 This artifact resolution request failed. User Action Ensure that the relying party is configured properly using the AD FS Management snap-in. |
| 296 | ArtifactResolutionServiceNoSignatureFailureAudit | A SAML artifact resolution request was received without a signature. Request issuer: %1 This artifact resolution request failed. |
| 297 | ArtifactResolutionServiceBadEndpointIndexError | The SAML artifact resolution request required an artifact resolution service endpoint with an index that is not configured. Endpoint index: %1 Configured endpoint index: %2 This artifact resolution request failed. |
| 299 | TokenIssuanceSuccessAudit | A token was successfully issued for the relying party '%3'. See audit 500 with the same Instance ID for issued claims. See audit 501 with the same Instance ID for caller identity. See audit 502 with the same Instance ID for OnBehalfOf identity, if any. See audit 503 with the same Instance ID for ActAs identity, if any. Instance ID: %1 Activity ID: %2 Relying party: %3 |
| 300 | WSTrustRequestProcessingGeneralTokenIssuanceFailureAudit | The Federation Service failed to issue a token as a result of an error during processing of the WS-Trust request. Activity ID: %1 Request type: %2 Additional Data Exception details: %3 |
| 301 | ActAsAuthorizationTokenIssuanceFailureAudit | The Federation Service could not authorize token issuance for the caller '%3' as the subject '%4' to the relying party '%5'. See audit 501 with the same Instance ID for caller identity. See audit 503 with the same Instance ID for ActAs identity, if any. Additional Data Instance ID: %1 Activity ID: %2 Relying party: %5 |
| 302 | ActAsAuthorizationError | The Federation Service could not authorize token issuance for caller '%2' as subject '%3' to the relying party '%4'. See event 501 with the same Instance ID for caller identity. See event 503 with the same Instance ID for ActAs identity, if any. Additional Data Instance ID: %1 Relying party: %4 Exception details: %5 User Action Use the AD FS Management snap-in to ensure that the caller is authorized to act as the subject to the relying party. |
| 303 | SamlRequestProcessingError | The Federation Service encountered an error while processing the SAML authentication request. Additional Data Exception details: %1 |
| 304 | SamlRequestProcessingGeneralTokenIssuanceFailureAudit | The Federation Service failed to issue a token as a result of an error during processing of the SAML authentication request. Additional Data Activity ID: %1 Exception details: %2 |
| 305 | LdapDCServerError | The Federation Service encountered an error while querying a LDAP server at %1. Additional Data Domain name: %1 LDAP server hostname (if available): %2 Authentication type: %3 SSL mode: %4 Username (if available): %5 Error code (if available): %6 Error from LDAP server (if available): %7 Exception Details: %8 |
| 306 | LdapGCServerError | The Federation Service encountered an error while querying a global catalog server at %1. Additional Data Domain name: %1 Global catalog server hostname (if available): %2 Authentication type: %3 SSL mode: %4 Username (if available): %5 Error code (if available): %6 Error from server (if available): %7 Exception Details: %8 |
| 307 | ConfigurationChangeSuccessAudit | The Federation Service configuration was changed. Subject: Security ID: %2 Account: %3 See audit 510 with the same Instance ID for change details. Additional Data Instance ID: %1 Security ID: %2 Account: %3 |
| 308 | ConfigurationChangeFailureAudit | An attempt to change the Federation Service configuration failed. Error: %1 Subject: Security ID: %2 Account: %3 |
| 309 | WmiConfigurationChangeSuccessAudit | The Federation Service configuration was changed. Subject: Security ID: %1 Account: %2 Old Value: %3 New Value: %4 |
| 310 | WmiConfigurationChangeFailureAudit | An attempt to change the Federation Service configuration failed. Error : %1 Subject: Security ID: %2 Account: %3 Current Value: %4 Attempted Change: %5 |
| 311 | PerformanceCounterFailure | An attempt to update AD FS performance counters failed. Additional Data Exception details: %1 |
| 315 | ClaimsProviderSigningCertificateCrlCheckFailure | An error occurred during an attempt to build the certificate chain for the claims provider trust '%1' certificate identified by thumbprint '%2'. Possible causes are that the certificate has been revoked, the certificate chain could not be verified as specified by the claims provider trust's signing certificate revocation settings or certificate is not within its validity period. You can use Windows PowerShell commands for AD FS to configure the revocation settings for the claims provider trust's signing certificate. Claims provider trust's signing certificate revocation settings: %3 The following errors occurred while building the certificate chain: %4 User Action: Ensure that the claims provider trust's signing certificate is valid and has not been revoked. Ensure that AD FS can access the certificate revocation list if the revocation setting does not specify "none" or a "cache only" setting. Verify your proxy server setting. For more information about how to verify your proxy server setting, see the AD FS Troubleshooting Guide (http://go.microsoft.com/fwlink/?LinkId=182180). |
| 316 | RelyingPartySigningCertificateCrlCheckFailure | An error occurred during an attempt to build the certificate chain for the relying party trust '%1' certificate identified by thumbprint '%2'. Possible causes are that the certificate has been revoked, the certificate chain could not be verified as specified by the relying party trust's signing certificate revocation settings or certificate is not within its validity period. You can use Windows PowerShell commands for AD FS to configure the revocation settings for the relying party signing certificate. Relying party trust's signing certificate revocation settings: %3 The following errors occurred while building the certificate chain: %4 User Action: Ensure that the relying party trust's signing certificate is valid and has not been revoked. Ensure that AD FS can access the certificate revocation list if the revocation setting does not specify "none" or a "cache only" setting. Verify your proxy server setting. For more information about how to verify your proxy server setting, see the AD FS Troubleshooting Guide (http://go.microsoft.com/fwlink/?LinkId=182180). |
| 317 | RelyingPartyEncryptionCertificateCrlCheckFailure | An error occurred during an attempt to build the certificate chain for the relying party trust '%1' certificate identified by thumbprint '%2'. Possible causes are that the certificate has been revoked, the certificate chain could not be verified as specified by the relying party trust's encryption certificate revocation settings or certificate is not within its validity period. You can use Windows PowerShell commands for AD FS to configure the revocation settings for the relying party encryption certificate. Relying party trust's encryption certificate revocation settings: %3 The following errors occurred while building the certificate chain: %4 User Action: Ensure that the relying party trust's encryption certificate is valid and has not been revoked. Ensure that AD FS can access the certificate revocation list if the revocation setting does not specify "none" or a "cache only" setting. Verify your proxy server setting. For more information about how to verify your proxy server setting, see the AD FS Troubleshooting Guide (http://go.microsoft.com/fwlink/?LinkId=182180). |
| 319 | ClientCertificateCrlCheckFailure | An error occurred while the certificate chain for the client certificate identified by thumbprint '%1' was being built. The certificate chain could not be built. The certificate has been revoked, the certificate chain could not be verified as specified by the encryption certificate revocation settings or certificate is not within its validity period. You can use the Set-ADFSProperties cmdlet with the ProxyCertRevocationCheck parameter in Windows PowerShell for AD FS to configure the client certificate revocation settings. Client Certificate Revocation Settings: %2 The following errors occurred while building the certificate chain: %3 User Action: Ensure that the client certificate is valid and has not been revoked. Ensure that the Federation Service can access the certificate revocation list if the revocation setting does not specify "none" or a "cache only" setting. Verify your proxy server setting. For more information about how to verify your proxy server setting, see the AD FS Troubleshooting Guide (http://go.microsoft.com/fwlink/?LinkId=182180). |
| 320 | SamlProtocolSignatureVerificationError | The verification of the SAML message signature failed. Message issuer: %1 Exception details: %2 This request failed. User Action Verify that the message issuer configuration in the AD FS configuration database is up to date. Configure the signing certificate for the specified issuer. Verify that the issuer's certificate is up to date. Verify the issuer and server message signing requirements. |
| 321 | InvalidNameIdPolicyError | The SAML authentication request had a NameID Policy that could not be satisfied. Requestor: %1 Name identifier format: %2 SPNameQualifier: %3 Exception details: %4 This request failed. User Action Use the AD FS Management snap-in to configure the configuration that emits the required name identifier. |
| 322 | OnBehalfOfAuthorizationTokenIssuanceFailureAudit | The Federation Service could not authorize token issuance for the caller '%3' on behalf of the subject '%4' to the relying party '%5'. See audit 501 with the same Instance ID for caller identity. See audit 502 with the same Instance ID for OnBehalfOf identity, if any. Additional Data Instance ID: %1 Activity ID: %2 Relying party: %5 |
| 323 | OnBehalfOfAuthorizationError | The Federation Service could not authorize token issuance for the caller '%2' on behalf of the subject '%3' to the relying party '%4'. See event 501 with the same Instance ID for caller identity. See event 502 with the same Instance ID for OnBehalfOf identity, if any. Additional Data Instance ID: %1 Exception details: %5 User Action Use the Windows PowerShell Get-ADFSClaimsProviderTrust or Get-ADFSRelyingPartyTrust cmdlet to ensure the caller is authorized on behalf of the subject to the relying party. |
| 324 | CallerAuthorizationTokenIssuanceFailureAudit | The Federation Service could not authorize token issuance for caller '%3' to relying party '%4'. See audit 501 with the same Instance ID for caller identity. Additional Data Instance ID: %1 Activity ID: %2 Relying party: %4 |
| 325 | CallerAuthorizationError | The Federation Service could not authorize token issuance for caller '%2'. The caller is not authorized to request a token for the relying party '%3'. See event 501 with the same Instance ID for caller identity. Additional Data Instance ID: %1 Relying party: %3 Exception details: %4 User Action Use the AD FS Management snap-in to ensure that the caller is authorized to request a token for the relying party. |
| 326 | ClaimsPolicyInvalidPolicyTypeError | Failed to load the AD FS claims policy engine using policy type '%1' User Action Make sure AD FS is installed correctly. |
| 327 | SamlSingleLogoutError | An error occurred during processing of the SAML logout request. Additional Data Caller identity: %1 Logout initiator identity: %2 Error message: %3 Exception details: %4 User Action Ensure that the single logout service is configured properly for this relying party trust or claims provider trust in the AD FS configuration database. |
| 328 | SamlArtifactResolutionNoAssertion | The SAML artifact resolution request was resolved, but the response does not contain the expected assertions. Additional Data: SAML artifact: %1 Status code: %2 SubStatus code: %3 Status message: %4 This request failed. User Action Contact the claims provider for more information. |
| 329 | AdditionalBlobCertificateLoadWarning | The certificate that is identified by thumbprint '%1' could not be decrypted using the keys for X.509 certificate private key sharing. Additional Data: X.509 certificate private key sharing diagnosis: %2 User Action You may have to restore all Active Directory objects underneath the specified distinguished name in the diagnostic information above for X.509 certificate private key sharing. |
| 331 | CertificateManagementDecryptionError | The certificate management service encountered an error during decryption of the keys. storeName: %2 storeLocation: %1 x509FindType: %4 findValue: %3 Additional Data: X.509 certificate private key sharing diagnosis: %5 User Action You may have to restore all Active Directory objects underneath the distinguished name that is specified in the diagnosis for X.509 certificate private key sharing above. |
| 332 | CertificateManagementEncryptionError | The certificate management service encountered an error during encryption of the keys. Subject: %1 Diagnosis: %2 User Action You may have to restore all Active Directory objects underneath the distinguished name that is specified in the diagnosis above for X.509 certificate private key sharing. |
| 333 | CertificateManagementConfigurationError | The certificate management service encountered an error during database access. Additional Data: Diagnosis: %1 User Action Confirm that the SQL store is online. |
| 334 | CertificateManagementWarning | Certificate rollover service needs to rollover %1 certificates urgently. Partners will not be able to apply the update in time. |
| 335 | CertificateManagementInfo | %1 |
| 336 | CertificateManagementInitiated | The certificate management cycle was initiated. |
| 337 | CertificateManagementComplete | The certificate management cycle was completed. |
| 338 | CertificateManagementGenericError | An error was encountered during certificate rollover. The monitoring cycle was shut down. Additional Data Exception details: %1 Additional details: %2 |
| 339 | CertificateManagementInitiationError | An error occurred during initialization of certificate rollover. Certificates will not be rolled over. Additional Data Exception details: %1 |
| 340 | ArtifactResolutionSuccessAudit | An SAML artifact resolution request was successfully resolved for the relying party '%1'. Relying party: %1 SAML artifact: %2 |
| 341 | SecurityTokenNotYetValidError | The NotBefore attribute for the token has a value that is set to a future time. See inner exception for more details. Additional Data Token Type: %1 Exception details: %2 This request failed. User Action Verify that system clock is synchronized. |
| 342 | SecurityTokenValidationError | Token validation failed. Additional Data Token Type: %1 %Error message: %2 Exception details: %3 |
| 343 | ConfigurationDatabaseSynchronizationInitiationError | There was an error during initialization of synchronization. Synchronization of data from the primary federation server to the secondary federation server will not occur. Additional Data Exception details: %1 |
| 344 | ConfigurationDatabaseSynchronizationSyncError | There was an error doing synchronization. Synchronization of data from the primary federation server to a secondary federation server did not occur. Additional data Exception details: %1 User Action Make sure the primary federation server is available or the service account identity of this machine matches the service account identity of the primary federation server. |
| 345 | ConfigurationDatabaseSynchronizationCommunicationError | There was a communication error during AD FS configuration database synchronization. Synchronization of data from the primary federation server to a secondary federation server did not occur. Additional Data Master Name : %1 Endpoint Uri : %2 Exception details: %3 |
| 346 | ConfigurationDatabaseReadOnlyTransferError | There was an error during retrieving the configuration data for the secondary federation server. Additional Data Exception details: %1 |
| 348 | ConfigurationDatabaseSynchronizationCompleted | Synchronization of configuration data from the primary federation server '%1' is completed. %2 objects were added. %3 objects were deleted. |
| 349 | FsAdministrationServiceStart | The administration service for the Federation Service started successfully. You can now use the Windows Powershell commands for AD FS to modify the Federation Service configuration. The following service hosts have been added: %1 |
| 351 | PolicyStoreSynchronizationPropertiesGetError | There was an error getting synchronization properties. Additional Data Exception details: %1 |
| 352 | ConfigurationDatabaseSqlError | A SQL operation in the AD FS configuration database with connection string %1 failed. Additional Data Exception details: %2 |
| 353 | SamlArtifactResolutionSignatureVerificationError | Unable to resolve the SAML artifact. Verification of the artifact response signature failed. Claims provider: %1 Exception details: %2 This request failed. User Action Verify that the claims provider trust in the AD FS configuration database is up to date. Verify that the claims provider trust's signing certificate is up to date. |
| 354 | ArtifactResolutionServiceSignatureVerificationError | The artifact resolution service could not verify the request signature. Additional Data Exception details: %1 User action: Verify that the relying party trust in the AD FS configuration database is up to date. Configure the relying party certificate for request signing. Verify that relying party certificate is up to date. |
| 356 | SqlNotificationRegistrationError | Failed to register notification to the SQL database with the connection string %1 for cache type '%2'. Changes to settings may not take effect until the Federation Service restarts. Additional Data Exception details: %3 |
| 357 | SqlNotificationRegistrationResumption | Successfully registered notification to the SQL database with the connection string %1. |
| 358 | ServiceHostRestart | Restarting %1. This restart is necessary because a change was detected in the certificates that this service host uses. Requests that are served by endpoints of this service host may fail during restart. |
| 359 | ServiceHostRestartError | An error occurred during an attempt to restart %1. Additional Data Exception details: %2 User Action Restart the Federation Service to recover from the error. |
| 360 | ClientCertificateNotPresentOnProxyEndpointError | A request was made to a certificate transport endpoint, but the request did not include a client certificate. This could be because the root CA certificate that issued the client certificate is not in the Trust CA certificate store or because the client certificate is expired. User Action: Ensure that the CA that issued the client certificate in this request has its certificate in the Trusted Root Certificate Authority store on the Local Computer. Ensure that the client certificate is not expired. |
| 362 | WSFederationPassiveSignOutError | Encountered error during federation passive sign-out. Additional Data Exception details: %1 |
| 363 | WSFederationPassiveServiceCommunicationError | A communication error occurred during an attempt to get a token from the Federation Service. Make sure that the Federation Service is running. Additional Data Exception details: %1 |
| 364 | WSFederationPassiveRequestFailedError | Encountered error during federation passive request. Additional Data Protocol Name: %1 Relying Party: %2 Exception details: %3 |
| 365 | RelyingPartyNotEnabled | A token request was received for the relying party '%1', but the request could not be fulfilled because the relying party trust is not enabled. Relying party: %1 This request failed. User Action If this relying party trust should be enabled, enable it by using the AD FS Management snap-in or Windows PowerShell for AD FS. |
| 366 | ClaimsProviderNotEnabled | A token was received from claims provider '%1', but the token could not be validated because the claims provider trust is not enabled. Claims provider: %1 This request failed. User Action If this claims provider trust should be enabled, enable it by using the AD FS Management snap-in or Windows PowerShell for AD FS. |
| 367 | AudienceUriValidationFailed | The audience restriction was not valid because the specified audience identifier is not present in the acceptable identifiers list of this Federation Service. User Action See the exception details for the audience identifier that failed validation. If the audience identifier identifies this Federation Service, add the audience identifier to the acceptable identifiers list by using Windows PowerShell for AD FS. Note that the audience identifier is used to verify whether the token was sent to this Federation Service. If you think that the audience identifier does not identify your Federation Service, adding it to the acceptable identifiers list may open a security vulnerability in your system. Additional Data Token Type: %1 Exception details: %2 |
| 368 | SamlLogoutNameIdentifierNotFoundError | The SAML Single Logout request does not correspond to the logged-in session participant. Requestor: %1 Request name identifier: %2 Logged-in session participants: %3 This request failed. User Action Verify that the claim provider trust or the relying party trust configuration is up to date. If the name identifier in the request is different from the name identifier in the session only by NameQualifier or SPNameQualifier, check and correct the name identifier policy issuance rule using the AD FS Management snap-in. |
| 369 | WSFederationPassiveTtpRequestError | Processing TTP request failed with the following exception. Additional Data Exception details: %1 User Action Ensure that user has enabled cookies in browser settings. |
| 370 | WSFederationPassiveTtpResponseError | Incoming TTP response is not valid. Processing response failed with following exception. Additional Data Exception details: %1 User Action Ensure that partner federation provider is configured properly to send valid TTP response. |
| 371 | AuthorityCertificateResolveError | Cannot find certificate to validate message/token signature obtained from claims provider. Claims provider: %1 This request failed. User Action Check that Claim Provider Trust configuration is up to date. |
| 372 | WeakSignatureAlgorithmError | Authentication Failed. The token used to authenticate the user is signed using a weaker signature algorithm than expected. Additional Data Token Type: %1 Issuer: %2 Actual token signature algorithm: %3 Expected token signature algorithm: %4 User Action Check that Claim Provider is configured to accept tokens with expected signature algorithm. Use the AD FS PowerShell commands to configure the signature algorithm property. |
| 373 | ArtifactResolutionServiceWeakSignatureAlgorithmError | The artifact request from the replying party is signed with a weaker signature algorithm. Additional Data Relying party identity: %1 Actual message signature algorithm: %2 Expected message signature algorithm: %3 User action: Check that relying party is configured to accept artifact resolution request with expected signature algorithm. Use the AD FS PowerShell commands to configure the signature algorithm property. |
| 374 | AuthorityEncryptionCertificateCrlCheckFailure | An error occurred while building the certificate chain for the claims provider trust '%1' certificate identified by thumbprint '%2'. The certificate chain could not be built, the certificate has been revoked, or the certificate chain could not be verified as specified by the claims provider trust's encryption certificate revocation settings. AD FS powershell commands can be used to configure the claims provider trust encryption certificate revocation settings. Claims Provider Trust Encryption Certificate Revocation Settings: %3 The following errors occurred while building the certificate chain: %4 User Action: Ensure that the claims provider trust's encryption certificate is valid and has not been revoked. Ensure that AD FS can access the certificate revocation list if the revocation setting does not specify "none" or a "cache only" setting. Verify your proxy server setting. For more information about how to verify your proxy server setting, see the AD FS Troubleshooting Guide (http://go.microsoft.com/fwlink/?LinkId=182180). |
| 375 | PolicyStoreSynchronizationInitiated | Policy store synchronization initiated. |
| 376 | SqlAttributeStoreQueryExecutionError | An Error occurred while executing a query in SQL attribute store. Additional Data Connection information: %1 Query: %2 Parameters: %3 User Action Examine the exception details to take one or more of the following actions if applicable. Verify that the connection string to the SQL attribute store is valid. Make sure that the SQL attribute store can be reached by the connection string and the SQL attribute store exists. Verify that the SQL query and parameters are valid. Exception details: %4 |
| 377 | AttributeStoreError | A processing error occurred in an attribute store. User Action Exception details: %1 |
| 378 | SAMLRequestUnsupportedSignatureAlgorithm | SAML request is not signed with expected signature algorithm. SAML request is signed with signature algorithm %1 . Expected signature algorithm is %2 User Action: Verify that signature algorithm for the partner is configured as expected. |
| 379 | InvalidIssuanceInstantError | A security token was rejected as the specified IssueInstant was before the allowed time frame. Token Type: %1 User Action: To allow tokens for a larger timeframe, use the AD FS PowerShell commands to adjust the value of the ReplayCacheExpirationInterval. |
| 380 | BadConfigurationIdentityCertificateNotValid | During processing of the Federation Service configuration, the element '%1' was found to have invalid data. The certificate that was configured could not be used. The certificate has been revoked, the certificate chain could not be verified or certificate is not within its validity period. The following are the values of the certificate: Element: %1 Subject: %2 Thumbprint: %3 The Federation Service will not be able to start until this configuration element is corrected. User Action Verify whether the certificate chain for the certificate configured has been revoked by its certificate authority. If the certificate has been revoked or expired, the AD FS service must be issued a new certificate. |
| 381 | AdditionalCertificateValidationFailure | An error occurred during an attempt to build the certificate chain for configuration certificate identified by thumbprint '%1'. Possible causes are that the certificate has been revoked or certificate is not within its validity period. The following errors occurred while building the certificate chain: %2 User Action: Ensure that the certificate is valid and has not been revoked or expired. |
| 382 | SynchronizationThresholdViolation | AD FS detected that the Federation Service has more than %1 %2 trusts configured and that the data in the AD FS configuration database for this Federation Service is stored and synchronized using Windows Internal Database technology. The overall performance of data synchronization between configuration databases that are stored locally on federation servers across the farm will degrade as you add more than %1 trusts when you use the Windows Internal Database to store the AD FS configuration database. User Action: To improve synchronization performance across your federation server farm, we recommend that you migrate the data in the AD FS configuration database to SQL server. For more information about how to do this, see AD FS Operations Guide (http://go.microsoft.com/fwlink/?LinkId=181189). |
| 383 | WSFederationPassiveWebConfigMalformedError | The Web request failed because the web.config file is malformed. User Action: Fix the malformed data in the web.config file. Exception details: %1 |
| 384 | WSFederationPassiveInvalidValueInWebConfigError | The request to the Federation Service failed because the web.config file has an invalid configuration for '%1' that the Federation Service does not support. User Action: Ensure that the configuration of the property '%1' is supported by the Federation Service. |
| 385 | ConfigurationHasExpiredCertsWarning | AD FS detected that one or more certificates in AD FS configuration database need to be updated manually because they are expired, or will expire soon. See additional details for more information Additional Details: %1 |
| 386 | ConfigurationHealthyCertsInfo | AD FS detected that none of the service certificates that are configured to be managed by the administrator are due to expire. |
| 387 | CertPrivateKeyInaccessibleError | AD FS detected that one or more of the certificates specified in the Federation Service were not accessible to the service account used by the AD FS Windows Service. User Action: Ensure that the AD FS service account has read permissions on the certificate private keys. Additional Details: %1 |
| 388 | CertPrivateKeyAccessibleInfo | AD FS detected that all the service certificates have appropriate access given to the AD FS service account. |
| 389 | TrustsHaveExpiredCertsWarning | AD FS detected that one or more of your trusts require their certificates to be updated manually because they are expired, or will expire soon. See additional details for more information Additional Details: %1 |
| 390 | TrustsHaveHealthyCertsInfo | AD FS detected that none of the partner certificates that are configured to be managed by the administrator are due to expire. |
| 392 | FsProxyTrustTokenRenewalSuccess | The federation server proxy was able to successfully renew its trust with the Federation Service. Proxy trust certificate subject: %1. Proxy trust certificate old thumbprint: %2. Proxy trust certificate new thumbprint: %3. |
| 393 | ProxyTrustTokenIssuanceFailure | The federation server proxy could not establish a trust with the Federation Service. Additional Data Exception details: %1 User Action Ensure that the credentials being used to establish a trust between the federation server proxy and the Federation Service are valid and that the Federation Service can be reached. |
| 394 | FsProxyTrustTokenRenewalError | The federation server proxy could not renew its trust with the Federation Service. Additional Data Exception details: %1 User Action Ensure that the federation server proxy is trusted by the Federation Service. If the trust does not exist or has been revoked, establish a trust between the proxy and the Federation Service using the Federation Service Proxy Configuration Wizard by logging on to the proxy computer. |
| 395 | ProxyTrustTokenIssuanceSuccess | The trust between the federation server proxy and the Federation Service was established successfully using the account '%1'. Proxy trust certificate subject: %2. Proxy trust certificate thumbprint: %3. |
| 396 | ProxyTrustTokenRenewalSuccess | The trust between the federation server proxy and the Federation Service was renewed successfully. Proxy trust certificate subject: %1. Proxy trust certificate old thumbprint: %2. Proxy trust certificate new thumbprint: %3. |
| 397 | HttpProxyConfigurationInfo | The federation server loaded the HTTP proxy configuration from WinHTTP settings. HTTP Proxy: %1 HTTPS Proxy: %2 Bypass proxy for local addresses: %3 Bypass proxy for addresses: %4 To learn more about how to set the HTTP proxy settings for the federation server, see http://go.microsoft.com/fwlink/?LinkId=182180. |
| 398 | ConfigurationHasArchivedCertsWarning | AD FS detected that one or more certificates in the AD FS configuration database need to be updated manually because they are archived. Additional Details: %1 |
| 399 | ConfigurationHealthyUnarchivedCertsInfo | AD FS detected that none of the service certificates that are configured to be managed by the administrator are archived. |
| 400 | GiveUserVSSAccess | VSS writer permissions have been granted to user %1. |
| 401 | RevokeUserVSSAccess | VSS writer permissions have been revoked from user %1. |
| 402 | CertificateClaimUnknownError | Failed to add some of the certificate claims. |
| 403 | RequestReceivedSuccessAudit | An HTTP request was received. See audit 510 with the same Instance ID for headers. Instance ID: %1 Activity ID: %2 Request Details: Date And Time: %3 Client IP: %4 HTTP Method: %5 Url Absolute Path: %6 Query string: %7 Local Port: %8 Local IP: %9 User Agent: %10 Content Length: %11 Caller Identity: %12 Certificate Identity (if any): %13 Targeted relying party: %14 Through proxy: %15 Proxy DNS name: %16 |
| 404 | ResponseSentSuccessAudit | An HTTP response was dispatched. See audit 510 with the same Instance ID for headers. Instance ID: %1 Activity ID: %2 Response Details: Date And Time: %3 Status Code: %4 Status Description: %5 |
| 405 | PasswordChangeSuccessAudit | Password change succeeded for following user: Activity ID: %1 User: %2 Server on which password change was attempted: %3 |
| 406 | PasswordChangeFailureAudit | Password change failed for following user: Additional Data Activity ID: %1 User: %2 Server on which password change was attempted: %3 Error details: %4 |
| 407 | PasswordChangeError | Password change failed for following user: Additional Data User: %1 Server on which password change was attempted: %2 Error details: %3 |
| 408 | DeviceAuthenticationFailureAudit | Device authentication failed for following device: Additional Data Activity ID: %1 User: %2 Client IP: %3 Target Application: %4 Device Certificate: %5 Device ID: %6 Device Name: %7 Error Message: %8 |
| 409 | DeviceAuthenticationSuccessAudit | Device authentication successful for following device: Additional Data Activity ID: %1 User: %2 Client IP: %3 Target Application: %4 Device Certificate: %5 Device ID: %6 Device Name: %7 Registered owner's sid: %8 Is current User registered: %9 |
| 410 | RequestContextHeadersSuccessAudit | Following request context headers present : Activity ID: %1 %2: %3 %4: %5 %6: %7 %8: %9 %10: %11 %12: %13 %14: %15 |
| 411 | SecurityTokenValidationFailureAudit | Token validation failed. See inner exception for more details. Additional Data Activity ID: %1 Token Type: %2 Error message: %3 Exception details: %4 |
| 412 | AuthenticationSuccessAudit | A token of type '%3' for relying party '%4' was successfully authenticated. See audit 501 with the same Instance ID for caller identity. Instance ID: %1 Activity ID: %2 |
| 413 | CallerIdFailureAudit | An error occurred during processing of a token request. The data in this event may have the identity of the caller (application) that made this request. The data includes an Activity ID that you can cross-reference to error or warning events to help diagnose the problem that caused this error. Additional Data Activity ID: %1 Caller: %2 OnBehalfOf user: %3 ActAs user: %4 Target Relying Party: %5 Device identity: %6 User action: Use the Activity ID data in this message to search and correlate the data to events in the Event log using Event Viewer. This Activity ID will also be shown as additional information in the error page when an error occurs in the federation passive Web application. |
| 414 | InvalidMsisHttpRequestAudit | An error occurred during processing of a token request. The data includes an Activity ID that you can cross-reference to error or warning events to help diagnose the problem that caused this error. Additional Data Activity ID: %1 Target Relying Party: %2 Is Application Proxy Configured: %3 Is Request From the Extranet: %4 User action: Use the Activity ID data in this message to search and correlate the data to events in the Event log using Event Viewer. This Activity ID will also be shown as additional information in the error page when an error occurs in the federation passive Web application. |
| 415 | UnregisteredDrsUpnSuffixes | %1 |
| 416 | WebConfigurationError | Web configuration error: %1 |
| 417 | CertificateClaimError | Unable to add the certificate claim %1. |
| 418 | StsProxyTrustRenewalAuditSuccess | The trust between the federation server proxy and the Federation Service was successfully renewed. Additional Data Server from which request was made: %1 Certificate Subject: %2 Old Certificate Thumbprint: %3 New Certificate Thumbprint: %4 |
| 419 | StsProxyTrustRenewalAuditFailure | Unable to renew the trust between the federation server proxy and the Federation Service. Additional Data Server from which request was made: %1 Exception details: %2 |
| 420 | StsProxyTrustTokenEstablishmentAuditSuccess | The trust between the federation server proxy and the Federation Service was successfully established. Additional Data User: %1 Server from which request was made: %2 Certificate Subject: %3 Certificate Thumbprint: %4 |
| 421 | StsProxyTrustTokenEstablishmentAuditFailure | The trust between the federation server proxy and the Federation Service could not be established. Additional Data User: %1 Server from which request was made: %2 |
| 424 | ClientCertNotTrustedOnStsAuditFailure | The federation server proxy was not able to authenticate the client certificate presented in the request. Activity ID: %1 Client certificate thumbprint: %2 Client certificate subject name: %3 Client endpoint: %4 Inner exception: %5 User Action Ensure that the request is using the certificate used to establish the trust between the Federation Server Proxy and the Federation Service. |
| 425 | ApplicationProxyConfigurationStoreChangeAuditSuccess | The following update was successful to the application proxy store on the federation server. Activity ID: %1 Authentication information: %2 HTTP method: %3 Key: %4 Value: %5 Version: %6 |
| 426 | ApplicationProxyConfigurationStoreChangeAuditFailure | The following update attempt to the application proxy store on the federation server failed. Activity ID: %1 Authentication information: %2 HTTP method: %3 Key: %4 Value: %5 Version: %6 Error information: %7 |
| 427 | ApplicationProxyTrustUpdateAuditSuccess | The following update attempt to the application proxy relying party trust on the federation server succeeded. Activity ID: %1 Authentication information: %2 HTTP method: %3 Identifier: %4 |
| 428 | ApplicationProxyTrustUpdateAuditFailure | The following update attempt to the application proxy relying party trust on the federation server failed. Activity ID: %1 Authentication information: %2 HTTP method: %3 Identifier: %4 Error information: %5 |
| 429 | RelyingPartyTrustUpdateAuditSuccess | The following update attempt to the relying party trust on the federation server succeeded. Activity ID: %1 Authentication information: %2 HTTP method: %3 Relying party trust identifier: %4 Internal Url: %5 External Url: %6 Published identifier: %7 |
| 430 | RelyingPartyTrustUpdateAuditFailure | The following update attempt to the relying party trust on the federation server failed. Activity ID: %1 Authentication information: %2 HTTP method: %3 Relying party trust identifier: %4 Internal url: %5 External url: %6 Published identifier: %7 Error information: %8 |
| 431 | ActiveRequestRSTSuccessAudit | An active request was received at STS with RST containing: Activity ID: %1 RST Details: KeySize: %2 KeyType: %3 RequestType: %4 TokenType: %5 SignatureAlgorithm: %6 |
| 432 | ProxyConfigurationEndpointError | Error handling request from proxy at %1 Additional Data Exception details: %2 |
| 433 | ProxyTrustTokenRenewalError | Error encountered while renewing trust with the federation server proxy. Additional Data Exception details: %1 |
| 434 | CertificateAuthorityExpirationCheckWarning | The primary AD FS certificate authority issuer certificate ( thumbprint %1 ) will expire at %2 UTC. The certificate rollover service will roll over to the current secondary ( thumbprint %3 ) at %4 UTC. To avoid certificate issuance service interruption, ensure that the current secondary certificate ( thumbprint %3 ) is installed in Active Directory before the rollover occurs at %4 UTC. |
| 435 | PrimarySigningCertificateRolloverCheckWarning | The primary AD FS token signing certificate ( thumbprint %1 ) will expire at %2 UTC. The certificate rollover service will roll over to the current secondary ( thumbprint %3 ) at %4 UTC. Relying parties that rely on federation metadata will be notified automatically; any relying parties that do not rely on federation metadata must be informed of the new certificate before the rollover at %4 UTC. |
| 436 | PrimaryDecryptionCertificateRolloverCheckWarning | The primary AD FS token decryption certificate ( thumbprint %1 ) will expire at %2 UTC. The certificate rollover service will roll over to the current secondary ( thumbprint %3 ) at %4 UTC. Identity providers that rely on federation metadata will be notified automatically; any identity providers that send encrypted tokens to AD FS and do not rely on federation metadata must be informed of the new certificate before the expiration at %2 UTC. |
| 437 | CertificateRolloverCheckExceptionWarning | Error encountered while checking for pending certificate rollovers. This check will be attempted again every %1 minutes; the next run is expected at %2 UTC. If this issue persists, AD FS will not be able to advise of pending certificate rollover events. Additional Data Exception details: %3 Additional details: %4 |
| 438 | CertificateAuthorityRolloverExceptionWarning | Error encountered while checking rollover status of the AD FS certificate authority issuer certificate. This check will be attempted again every %1 minutes; the next run is expected at %2 UTC. Future runs may occur on other farm nodes if AD FS is running in a farm configuration. If this issue persists, the AD FS certificate authority issuer certificate cannot be rolled over successfully when it nears expiry. Additional Data Exception details: %3 Additional details: %4 |
| 439 | EnrollmentCertificateReadFromTemplateError | Error encountered while attempting to read an enrollment certificate from a template. Additional Data Exception details: %1 Additional details: %2 |
| 440 | EnrollmentCertificateSetInfo | A Certificate Authority Enrollment Certificate was found. Additional Data Certificate Thumbprint: %1 |
| 441 | TokenBindingKeyInvalid | A token with a bad token binding key was found. Additional Data User: %1 Target RP: %2 Client IP: %3 Token Binding ID: %4 Request Provided ID: %5 Request Referred ID: %6 |
| 442 | ExternalCAEnrollmentCertificateManagementInitiated | The CA enrollment certificate management cycle was initiated. |
| 443 | ExternalCAEnrollmentCertificateManagementComplete | The CA enrollment certificate management cycle was completed. |
| 444 | ExternalCAEnrollmentCertificateExceptionError | Error encountered while checking status of the AD FS enrollment certificate. This check will be attempted again every %1 minutes; the next run is expected at %2 UTC. If this issue persists, the AD FS will not be able to enroll certificate. Additional Data Exception details: %3 Additional details: %4 |
| 500 | IssuedIdentityClaims | More information for the event entry with Instance ID %1. There may be more events with the same Instance ID with more information. Instance ID: %1 Issued identity: %2 %3 %4 %5 %6 %7 %8 %9 %10 %11 %12 %13 %14 %15 %16 %17 %18 %19 %20 %21 |
| 501 | CallerIdentityClaims | More information for the event entry with Instance ID %1. There may be more events with the same Instance ID with more information. Instance ID: %1 Caller identity: %2 %3 %4 %5 %6 %7 %8 %9 %10 %11 %12 %13 %14 %15 %16 %17 %18 %19 %20 %21 |
| 502 | OnBehalfOfUserIdentityClaims | More information for the event entry with Instance ID %1. There may be more events with the same Instance ID with more information. Instance ID: %1 OnBehalfOf identity: %2 %3 %4 %5 %6 %7 %8 %9 %10 %11 %12 %13 %14 %15 %16 %17 %18 %19 %20 %21 |
| 503 | ActAsUserIdentityClaims | More information for the event entry with Instance ID %1. There may be more events with the same Instance ID with more information. Instance ID: %1 ActAs identity: %2 %3 %4 %5 %6 %7 %8 %9 %10 %11 %12 %13 %14 %15 %16 %17 %18 %19 %20 %21 |
| 504 | ApplicationProxyConfigurationStoreChangeSuccess | The following update was successful to the application proxy store on the federation server. Authentication information: %1 HTTP method: %2 Key: %3 Value: %4 Version: %5 |
| 505 | ApplicationProxyConfigurationStoreChangeFailure | The following update attempt to the application proxy store on the federation server failed. Authentication information: %1 HTTP method: %2 Key: %3 Value: %4 Version: %5 Error information: %6 |
| 506 | ApplicationProxyTrustUpdateSuccess | The following update attempt to the application proxy relying party trust on the federation server succeeded. Authentication information: %1 HTTP method: %2 Identifier: %3 |
| 507 | ApplicationProxyTrustUpdateFailure | The following update attempt to the application proxy relying party trust on the federation server failed. Authentication information: %1 HTTP method: %2 Identifier: %3 Error information: %4 |
| 508 | RelyingPartyTrustUpdateSuccess | The following update attempt to the relying party trust on the federation server succeeded. Authentication information: %1 HTTP method: %2 Relying party trust identifier: %3 Internal Url: %4 External Url: %5 Published identifier: %6 |
| 509 | RelyingPartyTrustUpdateFailure | The following update attempt to the relying party trust on the federation server failed. Authentication information: %1 HTTP method: %2 Relying party trust identifier: %3 Internal url: %4 External url: %5 Published identifier: %6 Error information: %7 |
| 510 | LongText | More information for the event entry with Instance ID %1. There may be more events with the same Instance ID with more information. Instance ID: %1 Details: %2 %3 %4 %5 %6 %7 %8 %9 %10 %11 %12 %13 %14 %15 %16 %17 %18 %19 %20 %21 |
| 511 | InvalidMsisHttpSigninRequestFailure | The incoming sign-in request is not allowed due to an invalid Federation Service configuration. Request url: %1 User Action: Examine the Federation Service configuration and take the following actions: Verify that the sign-in request has all the required parameters and is formatted correctly. Verify that a web application proxy relying party trust exists, is enabled, and has identifiers which match the sign-in request parameters. Verify that the target relying party trust object exists, is published through the web application proxy, and has identifiers which match the sign-in request parameters. |
| 512 | ExtranetLockoutAccountThrottledAudit | The account for the following user is locked out. A login attempt is being allowed due to the system configuration. Additional Data Activity ID: %1 User: %2 Client IP: %3 Bad Password Count: %4 nLast Bad Password Attempt: %5 |
| 513 | ArtifactRestEndpointRequestFailureAudit | The Artifact REST service failed to return an artifact as a result of an error during processing. Additional Data Activity ID: %1 Request Details: Client IP: %2 Requested Uri: %3 Exception details: %4 |
| 514 | ArtifactRestEndpointRequestSuccessAudit | The Artifact REST service successfully returned an artifact. Additional Data Activity ID: %1 Request Details: Client IP: %2 Requested Uri: %3 |
| 515 | ExtranetLockoutUserThrottleTransitionAudit | The following user account was in a locked out state and the correct password was just provided. This account may be compromised. Additional Data Activity ID: %1 User: %2 Client IP: %3 |
| 516 | ExtranetLockoutAccountRestrictedAudit | The following user account has been locked out due to too many bad password attempts. Additional Data Activity ID: %1 User: %2 Client IP: %3 nBad Password Count: %4 nLast Bad Password Attempt: %5 |
| 517 | TargetRelyingPartyPublishedButAppProxyDisabledFailure | The incoming sign-in request is not allowed due to an invalid Federation Service configuration. Request url: %1 User Action: Verify that either an enabled web application proxy relying party trust exists in your Federation Service configuration or that the target relying party trust object is not published through a web application proxy. |
| 518 | TargetRelyingPartyPublishedButAppProxyDisabledFailureAudit | An error occurred during processing of a token request. The data includes an Activity ID that you can cross-reference to error or warning events to help diagnose the problem that caused this error. Additional Data Activity ID: %1 User action: Use the Activity ID data in this message to search and correlate the data to events in the Event log using Event Viewer. This Activity ID will also be shown as additional information in the error page when an error occurs in the federation passive Web application. |
| 519 | PrimayServerRequestHandlerResponseSuccessAudit | A successful response status code was received from the primary server. The data includes an Activity ID that you can cross-reference to the events on the primary server to help diagnose the problem. Activity ID: %1 Authentication information: %2 Raw URL of the incoming request: %3 Response status code: %4 IP address from which the request originated: %5 |
| 520 | PrimayServerRequestHandlerResponseFailureAudit | An error response status code was received from the primary server. The data includes an Activity ID that you can cross-reference to error or warning events on the primary server to help diagnose the problem. Activity ID: %1 Authentication information: %2 Raw URL of the incoming request: %3 Response status code: %4 WebException response code: %5 IP address from which the request originated: %6 |
| 521 | RelyingPartyTokenRequestFailure | The request for the relying party token resulted in a failure. Authentication information: %1 HTTP method: %2 Username: %3 Password presented: %4 Realm: %5 Application realm: %6 Device registration certificate thumbprint: %7 User certificate thumbprint: %8 Error information: %9 User action: Examine the request and verify that at least one of the following parameter sets are present. Username and password Username, password, and device registration certificate User certificate |
| 522 | RelyingPartyTokenRequestAuditFailure | The request for the relying party token resulted in a failure. The data includes an Activity ID that you can cross-reference to error or warning events on the primary server to help diagnose the problem. Activity ID: %1 Authentication information: %2 HTTP method: %3 Username: %4 Password presented: %5 Realm: %6 Application realm: %7 Device registration certificate thumbprint: %8 User certificate thumbprint: %9 Error information: %10 User action: Use the Activity ID data in this message to search and correlate the data to events in the Event log using Event Viewer. |
| 523 | RelyingPartyTokenRequestAuditSuccess | The request for the relying party token succeeded. The data includes an Activity ID that you can cross-reference to the events on the primary server to help diagnose the problem. Activity ID: %1 Authentication information: %2 HTTP method: %3 Username: %4 Password presented: %5 Realm: %6 Application realm: %7 Device registration certificate thumbprint: %8 User certificate thumbprint: %9 |
| 530 | LocalCPTrustReadWarning | AD FS could not read the local claims provider trusts from the AD FS configuration. AD FS will continue to operating from cached configuration. Exception details: %1 |
| 531 | LocalCPTrustFirstReadError | AD FS could not read the local claims provider trusts from the AD FS configuration. AD FS will not function until this configuration can be read for the first time. Exception details: %1 |
| 540 | UnableToCreateOAuthDiscoveryDocument | The Federation Service was was unable to return the OAuth discovery document as a result of an error. Document Path: %1 Additional Data Exception details: %2 |
| 541 | ProxyConfigDataFarmBehaviorMalformedError | An invalid value was found during processing of the proxy configuration data from the AD FS server. The value will be ignored, and the rest of the proxy configuration data will be processed. Additional Data FarmBehavior: '%1' User action: This may point to an interoperability issue between the proxy and the AD FS server. Contact the vendor for your AD FS server. |
| 542 | HeartbeatError | There was an error during heartbeat. Additional data Exception details: %1 |
| 543 | HeartbeatCommunicationError | There was an error during heartbeat communicating to primary federation server. Primary server: '%1' Endpoint: '%2' Additional data Exception details: %3 User Action Make sure the primary federation server is available or the service account identity of this machine matches the service account identity of the primary federation server. |
| 544 | HeartbeatWarning | Heartbeat is not performed because primary server does not support heartbeat. Primary server: '%1' |
| 545 | HeartbeatInformation | Heartbeat is performed at primary server. Primary server: '%1' |
| 546 | AzureMfaCertificateNotFound | A current tenant certificate for Azure MFA was not found. TenantId: %1. |
| 547 | AzureMfaCertificateRenewed | The tenant certificate for Azure MFA has been renewed. TenantId: %1. Old thumbprint: %2. Old expiration date: %3. New thumbprint: %4. New expiration date: %5. |
| 548 | AzureMfaCertificateExpirationWarning | The tenant certificate for Azure MFA will expire soon. TenantId: %1. Thumbprint: %2. Expiration date: %3. |
| 549 | AzureMfaCertificateExpired | The tenant certificate for Azure MFA has expired. TenantId: %1. Thumbprint: %2. Expiration date: %3. |
| 550 | CertKeySpecMissing | The %1 primary certificate cannot be used because the KeySpec must have a value of AT_KEYEXCHANGE (1). User Action: This value can be changed by reimporting the certificate from a pfx file. From an elevated command prompt, use the command "certutil -importpfx filename.pfx AT_KEYEXCHANGE". For more information, see http://go.microsoft.com/fwlink/?LinkId=798501 |
| 1000 | CallerId | An error occurred during processing of a token request. The data in this event may have the identity of the caller (application) that made this request. The data includes an Activity ID that you can cross-reference to error or warning events to help diagnose the problem that caused this error. Additional Data Caller: %1 OnBehalfOf user: %2 ActAs user: %3 Target Relying Party: %4 Device identity: %5 User action: Use the Activity ID data in this message to search and correlate the data to events in the Event log using Event Viewer. This Activity ID will also be shown as additional information in the error page when an error occurs in the federation passive Web application. |
| 1020 | OAuthAuthorizationRequestFailedError | Encountered error during OAuth authorization request. Additional Data Exception details: %1 |
| 1021 | OAuthTokenRequestFailedError | Encountered error during OAuth token request. Additional Data Exception details: %1 |
| 1022 | OAuthAuthorizationCodeIssuanceSuccessAudit | An OAuth authorization code was successfully issued to client '%5'. Activity ID: %1 Authorization Code ID: %2 Request Details: Date And Time: %3 Client IP: %4 Client Identifier: %5 Client Redirect URI: %6 Resource: %7 User Identity: %8 Device Identity: %9 |
| 1023 | OAuthAccessTokenIssuanceSuccessAudit | An OAuth access token was successfully issued to client '%6' for the relying party '%8'. See audit 500 with the same Instance ID for issued claims. See audit 501 with the same Instance ID for caller identity. Instance ID: %1 Activity ID: %2 Authorization Code ID (if authorization code request): %3 Request Details: Date And Time: %4 Client IP: %5 Client Identifier: %6 Client Redirect URI: %7 Resource: %8 User Identity: %9 Device Identity: %10 |
| 1024 | OAuthRefreshTokenIssuanceSuccessAudit | An OAuth refresh token was successfully issued to client '%6' for the relying party '%8'. See audit 500 with the same Instance ID for issued claims. Instance ID: %1 Activity ID: %2 Authorization Code ID (if authorization code request): %3 Request Details: Date And Time: %4 Client IP: %5 Client Identifier: %6 Client Redirect URI: %7 Resource: %8 User Identity: %9 Device Identity: %10 |
| 1025 | OAuthAuthorizationCodeIssuanceFailureAudit | The Federation Service failed to issue an OAuth authorization code as a result of an error during processing of the OAuth authorization code request. Additional Data Activity ID: %1 Request Details: Client IP: %2 Client Identifier: %3 Client Redirect URI: %4 Resource: %5 User Identity: %6 Device Identity: %7 Exception details: %8 |
| 1026 | OAuthAccessTokenIssuanceFailureAudit | The Federation Service failed to issue an OAuth access token as a result of an error during processing of the OAuth access token request. Additional Data Activity ID: %1 Request Details: Client IP: %2 Client Identifier: %3 Client Redirect URI: %4 Resource: %5 User Identity: %6 Device Identity: %7 Exception details: %8 |
| 1027 | OAuthAccessTokenResponseIssuanceSuccessAudit | An OAuth access token response was successfully issued to client '%5' for the relying party '%7'. See audit 1023 with the same authorization code ID for issued access token. In an AD FS farm setup, this audit may be found on another farm node. See audit 1024 with the same authorization code ID for the refresh token if it is issued. In an AD FS farm setup, this audit may be found on another farm node. Activity ID: %1 Authorization Code ID: %2 Request Details: Date And Time: %3 Client IP: %4 Client Identifier: %5 Client Redirect URI: %6 Resource: %7 |
| 1028 | OAuthClientAuthenticationSuccessAudit | OAuth Confidential Client '%6' was successfully authenticated using tokentype '%3'. See audit 501 with the same Instance ID for claims generated during client authentication. Instance ID: %1 Activity ID: %2 Request Details: TokenType: %3 Date And Time: %4 Client IP: %5 Client Identifier: %6 |
| 1029 | OAuthClientAuthenticationFaultAudit | OAuth Client Authentication failed for client '%4' with tokentype '%2'. Activity ID: %1 Request Details: TokenType: %2 Client IP: %3 Client Identifier: %4 Exception details: %5 |
| 1030 | OAuthClientCredentialsFaultAudit | The Federation Service failed to issue an OAuth access token as a result of an error during processing of the OAuth Client Credentials token request. Activity ID: %1 Request Details: Client IP: %2 Resource: %3 Client Identifier: %4 Exception details: %5 |
| 1031 | OAuthClientCredentialsIssuanceSuccessAudit | An OAuth access token response using Client Credentials flow was successfully issued to client '%4' for the relying party '%5'. Activity ID: %1 Request Details: Date And Time: %2 Client IP: %3 Client Identifier: %4 Resource: %5 |
| 1032 | OAuthIdTokenIssuanceFailureAudit | The Federation Service failed to issue an ID token as a result of an error during processing of request. Activity ID: %1 Request Details: Client IP: %2 Client Identifier: %3 Exception details: %4 |
| 1033 | OAuthIdTokenIssuanceSuccessAudit | An ID token was successfully issued to client '%4'. Activity ID: %1 Request Details: Date And Time: %2 Client IP: %3 Client Identifier: %4 Id Token Subject: %5 |
| 1034 | OAuthOnBehalfOfFaultAudit | The Federation Service failed to issue an OAuth access token as a result of an error during processing of the OAuth On Behalf Of token request. Activity ID: %1 Request Details: Client IP: %2 Resource: %3 Client Identifier: %4 User: %5 Exception details: %6 |
| 1035 | OAuthOnBehalfOfIssuanceSuccessAudit | An OAuth access token response using On Behalf Of flow was successfully issued to client '%4' for the relying party '%5'. Activity ID: %1 Request Details: Date And Time: %2 Client IP: %3 Client Identifier: %4 Resource: %5 User: %6 |
| 1036 | OAuthLogonCertificateFaultAudit | The Federation Service failed to issue an OAuth access token as a result of an error during processing of the OAuth Logon Certificate token request. Activity ID: %1 Request Details: Client IP: %2 Resource: %3 Client Identifier: %4 User: %5 Exception details: %6 |
| 1037 | OAuthLogonCertificateIssuanceSuccessAudit | An OAuth access token response using the Logon Certificate flow was successfully issued to client '%4' for the relying party '%5'. Activity ID: %1 Request Details: Date And Time: %2 Client IP: %3 Client Identifier: %4 Resource: %5 User: %6 |
| 1038 | OAuthVPNCertificateFaultAudit | The Federation Service failed to issue an OAuth VPN Certificate as a result of an error during processing of the OAuth VPN Certificate token request. Activity ID: %1 Request Details: Client IP: %2 Resource: %3 Client Identifier: %4 User: %5 Exception details: %6 |
| 1039 | OAuthAuthCodeVPNCertificateIssuanceSuccessAudit | An OAuth VPN Certificate response was successfully issued to client '%5' for the relying party '%7'. See audit 1023 with the same authorization code ID for issued access token. In an AD FS farm setup, this audit may be found on another farm node. See audit 1024 with the same authorization code ID for the refresh token if it is issued. In an AD FS farm setup, this audit may be found on another farm node. Activity ID: %1 Authorization Code ID: %2 Request Details: Date And Time: %3 Client IP: %4 Client Identifier: %5 Client Redirect URI: %6 Resource: %7 |
| 1040 | OAuthRefreshTokenVPNCertificateIssuanceSuccessAudit | An OAuth access token response using the VPN Certificate flow was successfully issued to client '%4' for the relying party '%5'. Activity ID: %1 Request Details: Date And Time: %2 Client IP: %3 Client Identifier: %4 Resource: %5 User: %6 |
| 1041 | OAuthPrimaryRefreshTokenIssuanceSuccessAudit | An OAuth primary refresh token was successfully issued to client '%6'. See audit 500 with the same Instance ID for issued claims. Instance ID: %1 Activity ID: %2 Authorization Code ID (if authorization code request): %3 Request Details: Date And Time: %4 Client IP: %5 Client Identifier: %6 Client Redirect URI: %7 User Identity: %8 Device Identity: %9 |
| 1042 | OAuthNextGenCredsIssuanceSuccessAudit | An OAuth access token response using Next Generation Credentials flow was successfully issued to client '%4' for the relying party '%5'. Activity ID: %1 Request Details: Date And Time: %2 Client IP: %3 Client Identifier: %4 Resource: %5 |
| 1043 | OAuthNextGenCredsIssuanceFailureAudit | The Federation Service failed to issue an OAuth access token as a result of an error during processing of the OAuth Next Generation Credentials token request. Activity ID: %1 Request Details: Client IP: %2 Resource: %3 Client Identifier: %4 Exception details: %5 |
| 1044 | OAuthWinHelloCertIssuanceSuccessAudit | An OAuth Win Hello Certificate response was successfully issued to client '%4' for the relying party '%5'. Activity ID: %1 Request Details: Date And Time: %2 Client IP: %3 Client Identifier: %4 Resource: %5 User: %6 Certificate Thumbprint: %7 Certificate Expiry: %8 |
| 1045 | OAuthWinHelloCertIssuanceFailureAudit | The Federation Service failed to issue an OAuth Win Hello Certificate as a result of an error during processing of the request. Activity ID: %1 Request Details: Client IP: %2 Resource: %3 Client Identifier: %4 User Identifier: %5 Exception details: %6 |
| 1080 | WebFingerRequestError | An error occurred while processing WebFinger request. Additional Data Request url: %1 User Action Examine the exception details to take one or more of the following actions if applicable. Verify that the resource query parameter exists and is valid representing an authorization server's URL. Verify that all federation partners (RP-STSs) that this ADFS issues tokens to (including any chains) have been configured using powershell cmdlet Add-ADFSTrustedFederationPartner. Exception details: %2 |
| 1090 | UserInfoEndpointRequestFailureAudit | The UserInfo endpoint failed to return a success response as a result of an error during processing. Additional Data Activity ID: %1 Request Details: Client IP: %2 Requested Uri: %3 Exception details: %4 |
| 1091 | UserInfoEndpointRequestSuccessAudit | The UserInfo endpoint successfully returned a JSON response. Additional Data Activity ID: %1 Request Details: Client IP: %2 Requested Uri: %3 |
| 1100 | RestEndpointAuthorizationFailureError | The Federation Service could not authorize a request to one of the REST endpoints. Additional Data Exception details: %1 |
| 1101 | RestEndpointAuthorizationFailureAudit | The Federation Service could not authorize a request to one of the REST endpoints. Additional Data Activity ID: %1 Request Details: Client IP: %2 Requested URI: %3 Exception details: %4 |
| 1102 | RestEndpointAuthorizationSuccessAudit | The Federation Service authorized a request to one of the REST endpoints. Additional Data Activity ID: %1 Request Details: Client IP: %2 Requested URI: %3 Additional details: %4 |
| 1103 | LdapStoreQueryUserDnFailureAudit | The Federation Service failed to query the LDAP account store for the DN of user %2. Activity ID: %1 Request Details: User name: %2 LDAP query: %3 Local CP trust identifier: %4 Ldap server: %5 SSL: %6 Authentication method: %7 Exception details: %8 |
| 1104 | LdapStoreQueryUserDnSuccessAudit | The Federation Service queried the LDAP account store for the DN of user %2. Activity ID: %1 Request Details: User name: %2 LDAP query: %3 Local CP trust identifier: %4 Ldap server: %5 SSL: %6 Authentication method: %7 |
| 1105 | LdapStoreBindFailureAudit | The Federation Service failed to bind to the LDAP server with user %2. Activity ID: %1 Request Details: User DN: %2 Local CP trust identifier: %3 Ldap server: %4 SSL: %5 Authentication method: %6 Exception details: %7 |
| 1106 | LdapStoreBindSuccessAudit | The Federation Service bound to the LDAP account store with user %2. Activity ID: %1 Request Details: User DN: %2 Local CP trust identifier: %3 Ldap server: %4 SSL: %5 Authentication method: %6 |
| 1107 | LdapStoreQueryUserAttrFailureAudit | The Federation Service failed to query the LDAP account store for the attributes of user %2. Activity ID: %1 Request Details: User DN: %2 LDAP query: %3 Local CP trust identifier: %4 Ldap server: %5 SSL: %6 Authentication method: %7 Exception details: %8 |
| 1108 | LdapStoreQueryUserAttrSuccessAudit | The Federation Service queried the LDAP account store for the attributes of user %2. Activity ID: %1 Request Details: User DN: %2 LDAP query: %3 Local CP trust identifier: %4 Ldap server: %5 SSL: %6 Authentication method: %7 |
| 1109 | LdapAccountStoreConnectionFailure | The Federation Service failed to connect to the LDAP account store to authenticate user %2. Activity ID: %1 Request Details: User DN: %2 Local CP trust identifier: %3 LDAP server: %4 SSL: %5 Authentication method: %6 Exception details: %7 |
| 1110 | LdapAttributeStorePrimaryConnectionFailure | The Federation Service failed to connect to the primary LDAP account store to authenticate user %2. Activity ID: %1 Request Details: User DN: %2 Local CP trust identifier: %3 Ldap server: %4 SSL: %5 Authentication method: %6 Exception details: %7 |
| 1111 | LdapAttributeStoreCompleteConnectionFailure | The Federation Service failed to connect to all LDAP account stores to authenticate user %2. Activity ID: %1 Request Details: User DN: %2 Local CP trust identifier: %3 Ldap server: %4 SSL: %5 Authentication method: %6 Exception details: %7 |
| 1112 | LdapAttributeStoreConnectionFailure | The Federation Service failed to connect to the Ldap server. Activity ID: %1 Request Details: Local CP trust identifier: %2 Ldap ErrorCode: %3 Exception details: %4 |
| 1113 | ClientJWKSyncingInitiated | Client Json Web Key Set (JWKS) synchronization initiated. |
| 1114 | ClientJWKSyncingComplete | Client Json Web Key Set (JWKS) synchronization completed. |
| 1115 | ClientJWKSyncingError | The Federation Service encountered an error while retrieving the Json Web Key Set (JWKS) document from '%1'. The key synchronization for the following client failed: Client: %2 Additional Data Exception details: %3 Additional details: %4 User Action Make sure the JWKS URI '%1' is accessible. |
| 1116 | ClientJWKSyncingDatabaseError | An error occurred during a read operation from the configuration database. Monitoring of clients' Json Web Key Set (JWKS) was shut down and will be tried again after an amount of time that corresponds to the monitoring interval. Additional Data Exception details: %1 Additional details: %2 |
| 1117 | ClientJWKSyncingClientError | An error occurred during monitoring of the following client's Json Web Key Set (JWKS). Client: %1 Additional Data Exception details: %2 Additional details: %3 |
| 1118 | ClientJWKSyncingGenericError | An error occurred during monitoring of clients'Json Web Key Set (JWKS). The monitoring cycle was shut down. Additional Data Exception details: %1 Additional details: %2 |
| 1119 | JWTSigningKeysDownloadedSuccessAudit | The Json Web Token (JWT) signing keys configuration was successfully downloaded. Client: %1 Subject: Security ID: %2 Account: %3 Additional Data Keys imported: %6 JWKS uri: %4 JWKS uri content: %5 |
| 1120 | JWTSigningKeysDownloadFailureAudit | An attempt to change the Json Web Token (JWT) signing keys failed. Client: %1 Subject: Security ID: %2 Account: %3 Additional Data JWKS uri: %4 Exception details: %5 |
| 1121 | TokenBindingKeyFailureAudit | An attempt to use a token with an invalid token binding key was made. Activity ID: %1 Additional Data User: %2 %Target RP: %3 Client IP: %4 Token Binding ID: %5 Request Provided ID: %6 Request Referred ID: %7 |
| 1200 | AppTokenSuccessAudit | The Federation Service issued a valid token. See XML for details. Activity ID: %1 Additional Data XML: %2 |
| 1201 | AppTokenFailureAudit | The Federation Service failed to issue a valid token. See XML for failure details. Activity ID: %1 Additional Data XML: %2 |
| 1202 | FreshCredentialSuccessAudit | The Federation Service validated a new credential. See XML for details. Activity ID: %1 Additional Data XML: %2 |
| 1203 | FreshCredentialFailureAudit | The Federation Service failed to validate a new credential. See XML for failure details. Activity ID: %1 Additional Data XML: %2 |
| 1204 | PasswordChangeBasicSuccessAudit | A password was changed. See XML for failure details. Activity ID: %1 Additional Data XML: %2 |
| 1205 | PasswordChangeBasicFailureAudit | A password change was attempted, but failed. See XML for failure details. Activity ID: %1 Additional Data XML: %2 |
| 1206 | SignOutSuccessAudit | A SignOut request was successfully processed. See XML for failure details. Activity ID: %1 Additional Data XML: %2 |
| 1207 | SignOutFailureAudit | A SignOut request was attempted, but failed. See XML for failure details. Activity ID: %1 Additional Data XML: %2 |
| 1210 | ExtranetLockoutAudit | An extranet lockout event has occurred. See XML for failure details. Activity ID: %1 Additional Data XML: %2 |
| ID | Event Name | Event Description |
|---|---|---|
| 100 | FsServiceStart | The Federation Service started successfully. The following service hosts have been added: %1 |
| 102 | StartupException | There was an error in enabling endpoints of Federation Service. Fix configuration errors using PowerShell cmdlets and restart the Federation Service. Additional Data Exception details: %1 |
| 103 | FsServiceStop | The Federation Service stopped successfully. |
| 104 | ArtifactServiceNotRunningForReplayDetectionCheck | The artifact resolution service is not running. The service must be running to perform token replay detection. User Action Make sure that the artifact resolution service is configured properly. Or disable token replay detection by using the Set-ADFSProperties cmdlet with the PreventTokenReplays parameter in Windows PowerShell for AD FS. |
| 105 | AuthMethodLoadError | An error occurred loading an authentication provider. Fix configuration errors using PowerShell cmdlets and restart the Federation Service. Identifier: %1 Context: %2 Additional Data Exception details: %3 |
| 106 | AuthMethodLoadSuccess | An authentication provider was successfully loaded: Identifier: '%1', Context: '%2' |
| 111 | WsTrustRequestProcessingError | The Federation Service encountered an error while processing the WS-Trust request. Request type: %1 Additional Data Exception details: %2 |
| 131 | BadConfigurationFormatError | During processing of the Federation Service configuration, the element '%1' was found to have invalid data. The configured value '%2' could not be parsed as type '%3'. Element: %1 Value: %2 Type: %3 The Federation Service will not be able to start until this configuration element is corrected. User Action Correct the specified configuration element to conform to the given type. |
| 132 | BadConfigurationValueMissing | During processing of the Federation Service configuration, the required element '%1' was missing. Element: %1 The Federation Service will not be able to start until this configuration element is configured. User Action Configure the specified configuration element using the AD FS Management snap-in. |
| 133 | BadConfigurationIdentityCertificateHasNoPrivateKey | During processing of the Federation Service configuration, the element '%1' was found to have invalid data. The private key for the certificate that was configured could not be accessed. The following are the values of the certificate: Element: %1 Subject: %2 Thumbprint: %3 storeName: %4 storeLocation: %5 Federation Service identity: %6 The Federation Service will not be able to start until this configuration element is corrected. This condition can occur when the certificate is found in the specified store but there is a problem accessing the certificate's private key. Common causes for this condition include the following: (1) The certificate was installed from a source that did not include the private key, such as a .cer or .p7b file. (2) The certificate's private key was imported (for example, from a .pfx file) into a store that is different from the store specified above. (3) The certificate was generated as part of a certificate request that did not specify the "Machine Key" option. (4) The Federation Service identity '%6' has not been granted read access to the certificate's private key. User Action If the certificate was imported from a source with no private key, choose a certificate that does have a private key, or import the certificate again from a source that includes the private key (for example, a .pfx file). If the certificate was imported in a user context, verify that the store specified above matches the store the certificate was imported into. If the certificate was generated by a certificate request that did not specify the "Machine Key" option and the key is marked as exportable, export the certificate with a private key from the user store to a .pfx file and import it again directly into the store specified in the configuration file. If the key is not marked as exportable, request a new certificate using the "Machine Key" option. If the Federation Service identity has not been granted read access to the certificate's private key, correct this condition using the Certificates snap-in. |
| 134 | BadConfigurationCertificateNotFound | During processing of the Federation Service configuration, the element '%1' was found to have invalid data. The certificate that was identified by the findValue '%2' could not be found. Element: %1 storeName: %3 storeLocation: %4 x509FindType: %5 findValue: %2 The Federation Service will not be able to start until this configuration element is corrected. This condition occurs when the findValue that is specified does not match any certificate in the specified store. Common causes for this condition include the following: (1) The certificate with the specified findValue is from a store that is different from the configured store. (2) The certificate was deleted from the store after configuration. User Action If the certificate exists in a different store, find the location using the certificates snap-in and correct the configuration appropriately. If the certificate has been deleted, configure a different certificate. |
| 135 | BadConfigurationMultipleCertificatesMatch | During processing of the Federation Service configuration, the element '%1' was found to have invalid data. The certificate that was identified by the findValue '%2' was not unique. Element: %1 storeName: %3 storeLocation: %4 x509FindType: %5 findValue: %2 The Federation Service will not be able to start until this configuration element is corrected. This condition can occur when the certificate is found in the specified store but there is more than one certificate that matches the findValue. User Action If the certificate was identified by name and there are multiple certificates of the same name, configure the certificate using the certificate thumbprint. |
| 136 | ConfigurationErrorsException | During processing of the Federation Service configuration, the Federation Service encountered a configuration error. %1 Additional Data %2 The Federation Service will not be able to start until this error has been corrected. User Action Correct the specified configuration error using the AD FS Management snap-in. |
| 143 | UnableToCreateFederationMetadataDocument | The Federation Service was unable to create the federation metadata document as a result of an error. Document Path: %1 Additional Data Exception details: %2 |
| 144 | RequestBlocked | The Federation Service Proxy blocked an illegitimate request made by a client, as there was no matching endpoint registered at the proxy. This could point to a DNS misconfiguration, a partially configured application published through the proxy, or a malicious request. Url Path: %1 |
| 147 | InvalidClaimsProviderError | A token was received from a claims provider identified by the key '%1', but the token could not be validated because the key does not identify any known claims provider trust. Key: %1 This request failed. User Action If this key represents the certificate thumbprint of a claims provider trust, verify that it matches the signing certificate of the claims provider trust in the AD FS configuration database. |
| 149 | AttributeStoreLoadFailure | During processing of the Federation Service configuration, the attribute store '%1' could not be loaded. Attribute store type: %2 User Action If you are using a custom attribute store, verify that the custom attribute store is configured using AD FS Management snap-in. Additional Data %3 |
| 155 | MetadataListenerError | The Federation Service was unable to listen at '%1' for metadata document requests due to an unexpected error. Additional Data Exception details: %2 |
| 156 | TrustMonitoringInitiated | Trust monitoring cycle initiated. |
| 157 | TrustMonitoringComplete | Trust monitoring cycle completed. |
| 159 | TrustMonitoringConfigurationDatabaseWriteError | The Federation Service encountered an error while writing to the following object in the configuration database. Object Type: %1 Name: %2 Metadata document URL: %3 Additional Data Exception details: %4 Additional details: %5 |
| 163 | TrustMonitoringInitiationError | An error occurred during initialization of trust monitoring. Trust monitoring against the published partner configuration will be disabled for the lifetime of this service. Additional Data Exception details: %1 User Action If you want to try to start the trust monitoring service again, restart the Federation Service. |
| 164 | TrustMonitoringConfigurationDatabaseError | An error occurred during a read operation from the configuration database. Trust monitoring was shut down and will be tried again after an amount of time that corresponds to the trust monitoring interval. Additional Data Exception details: %1 Additional details: %2 |
| 165 | TrustMonitoringGenericError | An error occurred during trust monitoring. The trust monitoring cycle was shut down. Additional Data Exception details: %1 Additional details: %2 |
| 166 | TrustMonitoringMetadataFormatError | Trust monitoring service encountered an error while parsing the metadata document from '%1'. Trust monitoring failed for: Object Type: %2 Name: %3 Additional Data Exception details: %4 Additional details: %5 |
| 167 | TrustMonitoringMetadataProcessingError | Trust monitoring service encountered an error while applying the data in the metadata document from '%1'. Trust monitoring failed for: Object Type: %2 Name: %3 Additional Data Exception details: %4 Additional details: %5 |
| 168 | TrustManagementMetadataRequestError | The Federation Service encountered an error while retrieving the federation metadata document from '%1'. The monitoring for the following trusts failed: Claims providers: %2 Relying parties: %3 Additional Data Exception details: %4 Additional details: %5 User Action Make sure federation metadata URL is accessible. Verify your proxy server setting. For more information about how to verify your proxy server setting, see the AD FS Troubleshooting Guide (http://go.microsoft.com/fwlink/?LinkId=182180). |
| 171 | SuccessfulAutoUpdate | The trust monitoring service automatically updated the trust of '%1' successfully with the partner's published changes. |
| 173 | SuccessfulAutoUpdateWithWarning | The trust monitoring service automatically updated the trust of '%1' successfully with the partner's published changes. Additional Data Warnings: %2 |
| 174 | AutoUpdateSkippedWithWarning | Trust monitoring service detected changes in policy of '%1', but did not automatically apply the changes on the trust partner. Additional Data Warnings: %2 |
| 180 | MinorVersionUpgradeError | An error occurred while upgrading FarmBehaviorLevel '%1' from Minor Version '%2' to Minor Version '%3'. Additional Data Exception details: %4 |
| 184 | InvalidRelyingPartyError | A token request was received for a relying party identified by the key '%1', but the request could not be fulfilled because the key does not identify any known relying party trust. Key: %1 This request failed. User Action If this key represents a URI for which a token should be issued, verify that its prefix matches the relying party trust that is configured in the AD FS configuration database. |
| 186 | PolicyDuplicateNameIdentifier | The Federation Service could not fulfill the token-issuance request. More than one claim based on SamlNameIdentifierClaimResource was produced after the issuance See event 500 with the same Instance ID for claims after application of issuance transform rules. Additional Data Instance ID: %1 User Action Ensure that the issuance transform rules that are configured for the relying party do not result in multiple claims based on SamlNameIdentifierClaimResource. |
| 193 | PolicyUnknownAuthenticationTypeError | The Federation Service could not satisfy a token request because the relying party requested an unknown authentication type. Comparison type: %1 Desired authentication type(s): %2 Relying party: %3 This request failed. User Action Use the AD FS PowerShell commands to configure the authentication context order property. Ensure that the relying party is configured to request the correct authentication type. |
| 197 | ConfigurationInvalidAuthenticationTypeError | The Federation Service could not satisfy a token request because the accompanying credentials do not meet the authentication type requirement of '%2' for the relying party '%3'. Authentication type: %1 Desired authentication type(s): %2 Relying party: %3 This request failed. |
| 198 | FsProxyServiceStart | The federation server proxy started successfully. |
| 199 | ProxyStartupException | The federation server proxy could not be started. Reason: %1 Additional Data Exception details: %2 |
| 200 | FsProxyServiceStop | The federation server proxy stopped successfully. |
| 201 | ServiceHostOpenAddressAccessDeniedError | The Federation Service %1 encountered an Access Denied error while trying to register one or more endpoint URLs. This condition typically occurs when the ACL for the endpoint URL is missing or the HTTP namespace in the ACL is not a prefix match of the endpoint URL. The %1 could not be opened. User Action Ensure that a valid ACL for each of the URLs has been configured on this computer. Additional Data Exception details: %2 |
| 202 | ServiceHostOpenError | The Federation Service %1 could not be opened. Additional Data Exception details: %2 |
| 203 | ServiceHostAbortError | The Federation Service %1 could not be shut down properly. Additional Data Exception details: %2 |
| 204 | ServiceHostCloseError | The Federation Service %1 could not be closed. Additional Data Exception details: %2 |
| 206 | EmptyOrMissingWSFederationPassiveEndpoint | The Federation Service could not fulfill the token-issuance request because the relying party '%1' is missing a WS-Federation Passive endpoint address. Relying party: %1 This request failed. User Action Use the AD FS Management snap-in to configure a WS-Federation Passive endpoint on this relying party. |
| 207 | FailureWritingToAuditLog | An attempt to write to the Security event log failed. Additional Data Windows error code: %1 Exception details: %2 |
| 208 | InsufficientPrivilegesWritingToAuditLogError | An error occurred during an attempt to register the event source for the Security log. User Action Ensure that the Federation Service has the correct permissions to write to the Security log. |
| 209 | AuditLogEventSourceCouldNotBeRegisteredError | The Security log event source for the Federation Service could not be registered. Additional Data Windows error code: %1 Exception details: %2 |
| 215 | FsProxyNoEndpointsConfigured | The Federation Service at '%1' did not return any WS-Trust endpoints to be published by the federation server proxy. User Action If you want to publish WS-Trust endpoints to the federation server proxy, make sure that the endpoints are enabled for proxy use on the federation server. |
| 217 | BindingConfigurationError | A WS-Trust endpoint that was configured could not be opened. Additional Data Address: %1 Mode: %2 Error: %3 |
| 218 | FsProxyServiceConnectionFailedServiceUnavailable | The federation server proxy received error code '%2' while making a request to the Federation Service at '%1'. This could mean that the Federation Service is not started on the remote host. User Action Verify that the Federation Service is running on the remote host. |
| 220 | ServiceConfigurationInitializationError | The Federation Service configuration could not be loaded correctly from the AD FS configuration database. Additional Data Error: %1 |
| 221 | ServiceConfigurationReloadError | A change to the token service configuration was detected, but there was an error reloading the changes to configuration. Additional Data Error: %1 |
| 222 | FsProxyServiceConnectionFailedTimeout | The federation server proxy was unable to complete a request to the Federation Service at address '%1' because of a time-out. This might mean that the Federation Service is currently unavailable. User Action Verify that the Federation Service is running. |
| 223 | ClaimDescriptionReloadError | Claim description could not be loaded correctly from the database. Additional Data Error: %1 |
| 224 | ProxyConfigurationRefreshError | The federation server proxy configuration could not be updated with the latest configuration on the federation service. Additional Data Error: %1 |
| 230 | ProxyCongestionWindowMinimumSize | The federation server proxy has detected congestion, caused by high latency response times, on the Federation Service. The load might be above the Federation Service operating capacity, or there might be network connectivity issues. Request throttling has been enforced to limit the number of concurrent requests to the following size: %1. User Action Verify that the Federation Service is operating within its operating capacity. Verify that the Federation Service is not experiencing network outages. |
| 238 | AttributeStoreFindDCFailedError | The Federation Service failed to find a domain controller for the domain %1. Additional Data Domain Name: %1 Error: %2 User Action Use Nltest to determine why DC locator is failing. Nltest is part of the Windows Support Tools. |
| 244 | MetadataExchangeListenerError | The Federation Service was unable to listen at '%1' for WS-MetadataExchange requests due to an unexpected error. Additional Data Exception details: %2 |
| 245 | ProxyConfigurationRefreshSuccess | The federation server proxy successfully retrieved and updated its configuration from the Federation Service '%1'. |
| 246 | LdapDCConnectionError | The Federation Service encountered an error during an attempt to connect to a LDAP server at %1. Additional Data Domain Name: %1 LDAP server hostname (if available): %2 Authentication type: %3 SSL mode: %4 Username (if available): %5 Error code (if available): %6 Error from LDAP server (if available): %7 Exception Details: %8 User Action Check the network connectivity to the LDAP server. Also, check whether the LDAP server is configured properly. |
| 247 | LdapGCConnectionError | The Federation Service encountered an error while connecting to a global catalog server at %1. Additional Data Domain Name: %1 Global Catalog hostname (if available): %2 Authentication type: %3 SSL mode: %4 Username (if available): %5 Error code (if available): %6 Error from server (if available): %7 Exception Details: %8 User Action Troubleshoot the network connectivity to the global catalog server. Also, verify that the global catalog server is configured properly. |
| 248 | ProxyEndpointsRetrievalError | The federation server proxy was not able to retrieve the list of endpoints from the Federation Service at %1. The error message is '%2'. User Action Make sure that the Federation Service is running. Troubleshoot network connectivity. If the trust between the federation server proxy and the Federation Service is lost, run the Federation Server Proxy Configuration Wizard again. |
| 249 | AdditionalCertificateLoadWarning | The certificate identified by thumbprint '%1' could not be found in the certificate store. In certificate rollover scenarios, this can potentially cause a failure when the Federation Service is signing or decrypting using this certificate. User Action Ensure that the certificate that is identified by thumbprint '%1' has been added to the Localmachine "My" store and that it is accessible by the service account of the Federation Service. |
| 250 | ArtifactExpirationError | Expiration of the artifact failed. Additional Data Exception message: %1 User Action Ensure that the artifact storage server is configured properly. Troubleshoot network connectivity to the artifact storage server. |
| 251 | AttributeStoreLoadSuccess | Attribute store '%1' is loaded successfully. |
| 252 | ProxyHttpListenerStartupInfo | The AD FS proxy service made changes to the endpoints it is listening on based on the configuration it retrieved from the Federation Service. Endpoints added: %1 Endpoints removed: %2 |
| 253 | ProxyHttpListenerStartupError | AD FS proxy service failed to start a listener for the endpoint '%1' Exceptiondetails: %2 User action: Ensure that no conflicting SSL bindings are configured for the specified endpoint. |
| 258 | ConfigurationMissingAssertionConsumerServicesError | The relying party '%1' is not configured with SAML Assertion Consumer Services. Relying party: %1 This request failed. User Action Use the AD FS Management snap-in to configure one or more Assertion Consumer Services for this relying party. |
| 259 | ConfigurationAssertionConsumerServiceIndexDoesNotMatchError | The request specified an Assertion Consumer Service index '%1' that is not configured on the relying party '%2'. Assertion Consumer Service index: %1 Relying party: %2 This request failed. User Action Use the AD FS Management snap-in to configure an Assertion Consumer Service with the specified index for this relying party. |
| 260 | ConfigurationAssertionConsumerServiceProtocolBindingDoesNotMatchError | The request specified an Assertion Consumer Service protocol binding '%1' that is not configured on the relying party '%2'. Assertion Consumer Service protocol binding: %1 Relying party: %2 This request failed. User Action Use the AD FS Management snap-in to configure an Assertion Consumer Service with the specified protocol binding for this relying party. |
| 261 | ConfigurationAssertionConsumerServiceUrlDoesNotMatchError | The request specified an Assertion Consumer Service URL '%1' that is not configured on the relying party '%2'. Assertion Consumer Service URL: %1 Relying party: %2 This request failed. User Action Use the AD FS Management snap-in to configure an Assertion Consumer Service with the specified URL for this relying party. |
| 262 | ArtifactResolutionFailed | The artifact resolution request failed. Additional Data Exception message: %1 |
| 273 | ConfigurationAssertionConsumerServiceNotFoundError | The request specified an assertion consumer service that is not configured or not supported on the relying party '%4'. Request parameters: '%1', '%2', '%3' Relying party: %4 This request failed. User Action Use the AD FS Management snap-in to configure an assertion consumer service with the specified parameters for this relying party. Also, check whether the artifact resolution service is enabled if the SAML artifact is requested. |
| 274 | FsProxyEndpointListenerAccessDeniedError | The federation server proxy encountered an error while trying to listen on one of the proxy endpoints. The federation server proxy will not be able to start until it can listen on all required proxy endpoints. Proxy Endpoints: %1 User Action Ensure that the permissions on the URLs of the proxy endpoints allow the federation server proxy security account (the default is Network Service) to listen on them. |
| 275 | FsProxySslTrustError | The federation server proxy could not establish a trust relationship for the SSL secure channel with the Federation Service %1. Error Message: %2 User Action Ensure that the SSL certificate for Federation Service '%1' is valid and trusted by the federation server proxy. |
| 276 | FsProxyServiceNotTrustedOnStsError | The federation server proxy was not able to authenticate to the Federation Service. User Action Ensure that the proxy is trusted by the Federation Service. To do this, log on to the proxy computer with the host name that is identified in the certificate subject name and re-establish trust between the proxy and the Federation Service using the Install-WebApplicationProxy cmdlet. Additional Data Certificate details: Subject Name: %1 Thumbprint: %2 NotBefore Time: %3 NotAfter Time: %4 Client endpoint: %5 |
| 277 | UnhandledExceptionError | The Federation Service encountered an unexpected exception and has shut down. Additional Data Exception details: %1 |
| 278 | ArtifactResolutionEndpointNotConfiguredError | The SAML artifact resolution endpoint is not configured or it is disabled. User Action If SAML artifact resolution is required, use the AD FS Management snap-in to configure or enable the SAML artifact resolution endpoint. |
| 279 | SamlArtifactResolutionClaimsProviderNotFoundError | Unable to find a claims provider trust for SAML artifact resolution in the AD FS configuration database. SAML artifact: %1 This request failed. User Action Verify that a claims provider trust exists in the AD FS configuration database. Make sure that the data for the claims provider trust is up to date. |
| 280 | ClaimsProviderMissingArtifactServiceError | Unable to resolve the SAML artifact from the claims provider because the claims provider trust does not have the artifact resolution service configured. Claims provider trust: %1 This request failed. User Action Verify that the claims provider trust in the AD FS configuration database is up to date. Add the artifact resolution service endpoint to the claims provider trust. |
| 281 | SamlArtifactResolutionEndpointNotFoundError | Unable to resolve the SAML artifact from the claims provider because the claims provider trust does not have the required artifact resolution endpoint with the specified index configured. Claims provider trust: %1 Required endpoint index: %2 This request failed. User Action Verify that the claims provider trust in the AD FS configuration database is up to date. Use the AD FS Management snap-in to configure the artifact resolution endpoint with the specified index. |
| 282 | SamlArtifactResolutionSignatureVerificationFailureAudit | Unable to resolve the SAML artifact. Verification of the artifact response signature failed. Claims provider: %1 This request failed. User Action Verify that the claims provider trust in the AD FS configuration database is up to date using AD FS Management snap-in. Verify that the claims provider trust's certificate is up to date. |
| 283 | SamlArtifactResolutionRequestError | Unable to resolve the SAML artifact. The artifact resolution request to the claims provider failed. See inner exception for more details. SAML Artifact: %1 Claims provider: %2 Inner exception: %3 This request failed. User Action Verify that the claims provider trust in the AD FS configuration database is up to date. Verify network connectivity. Verify your proxy server setting. For more information about how to verify your proxy server setting, see the AD FS Troubleshooting Guide (http://go.microsoft.com/fwlink/?LinkId=182180). |
| 284 | SamlArtifactResolutionResponseVerificationError | Unable to resolve the SAML artifact. A malformed response was received from the claims provider. See inner exception for more details. SAML artifact: %1 Claims provider: %2 This request failed. User Action Verify that the claims provider trust in the AD FS configuration database is up to date. |
| 285 | SamlArtifactResolutionBadResponseError | The SAML artifact was resolved, but the response is empty or does not contain expected assertions. SAML artifact: %1 Claims provider: %2 This request failed. User Action For more information, contact the claims provider. |
| 286 | ArtifactStorageConnectionOpenError | Cannot connect to the artifact database. Connection string: %1 Error message: %2 User Action Ensure that the artifact database is configured properly. Use the Set-ADFSProperties cmdlet with the ArtifactDbConnection parameter in the Windows PowerShell for AD FS to modify the connection string, if necessary. Troubleshoot the connectivity to the artifact storage . |
| 287 | ArtifactStorageAddError | Cannot add the artifact to the artifact database. See exception message for more details. Artifact ID: %1 Inner exception details: %2 User Action Ensure that the artifact database is configured properly. Troubleshoot the connectivity to the artifact database. |
| 288 | ArtifactStorageGetError | Cannot get the artifact from storage. See exception message for more details. ArtifactId: %1 Inner exception details: %2 User Action Ensure that the artifact storage in the AD FS configuration database is configured properly. Troubleshoot connectivity to the artifact storage in the AD FS configuration database. |
| 289 | ArtifactStorageRemoveError | Cannot remove the artifact from storage. See inner exception message for more details. ArtifactId: %1 Inner exception details: %2 User Action Ensure that the artifact storage in the AD FS configuration database is configured properly. Troubleshoot connectivity to the artifact storage in the AD FS configuration database. |
| 290 | ArtifactStorageExpireError | Cannot set expiration for the artifacts in storage. See inner exception message for more details. Inner exception details: %1 User Action Ensure that the artifact storage in the AD FS configuration database is configured properly. Troubleshoot connectivity to the artifact storage in the AD FS configuration database. |
| 291 | ArtifactServiceStartupException | The artifact resolution service could not be started. Additional Data Exception details: %1 User Action Make sure artifact resolution service is properly configured. |
| 292 | ArtifactResolutionServiceSignatureVerificationFailureAudit | The Artifact Resolution Service could not verify request signature. Additional Data Exception details: %1 |
| 293 | ArtifactRequestedButDisabledError | A SAML request for the required artifact was rejected because the artifact resolution service is not enabled. Relying party: %1 This request failed. User Action Enable the artifact resolution service. Use the AD FS Management snap-in to configure or enable the SAML artifact resolution endpoint. |
| 294 | ArtifactResolutionServiceIdentityNotFoundError | The SAML artifact resolution request specified an issuer that is not configured for the relying party. Relying party: %1 Artifact resolution request issuer: %2 This artifact resolution request failed. User Action Ensure that the relying party is configured properly using the AD FS Management snap-in. |
| 296 | ArtifactResolutionServiceNoSignatureFailureAudit | A SAML artifact resolution request was received without a signature. Request issuer: %1 This artifact resolution request failed. |
| 297 | ArtifactResolutionServiceBadEndpointIndexError | The SAML artifact resolution request required an artifact resolution service endpoint with an index that is not configured. Endpoint index: %1 Configured endpoint index: %2 This artifact resolution request failed. |
| 298 | KeyReceiptBackgroundTaskNotEnabled | The Windows Hello for Business key receipt certificate background task will not run. Additional Information: %1 |
| 299 | TokenIssuanceSuccessAudit | A token was successfully issued for the relying party '%3'. See audit 500 with the same Instance ID for issued claims. See audit 501 with the same Instance ID for caller identity. See audit 502 with the same Instance ID for OnBehalfOf identity, if any. See audit 503 with the same Instance ID for ActAs identity, if any. Instance ID: %1 Activity ID: %2 Relying party: %3 |
| 300 | WSTrustRequestProcessingGeneralTokenIssuanceFailureAudit | The Federation Service failed to issue a token as a result of an error during processing of the WS-Trust request. Activity ID: %1 Request type: %2 Additional Data Exception details: %3 |
| 301 | ActAsAuthorizationTokenIssuanceFailureAudit | The Federation Service could not authorize token issuance for the caller '%3' as the subject '%4' to the relying party '%5'. See audit 501 with the same Instance ID for caller identity. See audit 503 with the same Instance ID for ActAs identity, if any. Additional Data Instance ID: %1 Activity ID: %2 Relying party: %5 |
| 302 | ActAsAuthorizationError | The Federation Service could not authorize token issuance for caller '%2' as subject '%3' to the relying party '%4'. See event 501 with the same Instance ID for caller identity. See event 503 with the same Instance ID for ActAs identity, if any. Additional Data Instance ID: %1 Relying party: %4 Exception details: %5 User Action Use the AD FS Management snap-in to ensure that the caller is authorized to act as the subject to the relying party. |
| 303 | SamlRequestProcessingError | The Federation Service encountered an error while processing the SAML authentication request. Additional Data Exception details: %1 |
| 304 | SamlRequestProcessingGeneralTokenIssuanceFailureAudit | The Federation Service failed to issue a token as a result of an error during processing of the SAML authentication request. Additional Data Activity ID: %1 Exception details: %2 |
| 305 | LdapDCServerError | The Federation Service encountered an error while querying a LDAP server at %1. Additional Data Domain name: %1 LDAP server hostname (if available): %2 Authentication type: %3 SSL mode: %4 Username (if available): %5 Error code (if available): %6 Error from LDAP server (if available): %7 Exception Details: %8 |
| 306 | LdapGCServerError | The Federation Service encountered an error while querying a global catalog server at %1. Additional Data Domain name: %1 Global catalog server hostname (if available): %2 Authentication type: %3 SSL mode: %4 Username (if available): %5 Error code (if available): %6 Error from server (if available): %7 Exception Details: %8 |
| 307 | ConfigurationChangeSuccessAudit | The Federation Service configuration was changed. Subject: Security ID: %2 Account: %3 See audit 510 with the same Instance ID for change details. Additional Data Instance ID: %1 Security ID: %2 Account: %3 |
| 308 | ConfigurationChangeFailureAudit | An attempt to change the Federation Service configuration failed. Error: %1 Subject: Security ID: %2 Account: %3 |
| 309 | WmiConfigurationChangeSuccessAudit | The Federation Service configuration was changed. Subject: Security ID: %1 Account: %2 Old Value: %3 New Value: %4 |
| 310 | WmiConfigurationChangeFailureAudit | An attempt to change the Federation Service configuration failed. Error : %1 Subject: Security ID: %2 Account: %3 Current Value: %4 Attempted Change: %5 |
| 311 | PerformanceCounterFailure | An attempt to update AD FS performance counters failed. Additional Data Exception details: %1 |
| 315 | ClaimsProviderSigningCertificateCrlCheckFailure | An error occurred during an attempt to build the certificate chain for the claims provider trust '%1' certificate identified by thumbprint '%2'. Possible causes are that the certificate has been revoked, the certificate chain could not be verified as specified by the claims provider trust's signing certificate revocation settings or certificate is not within its validity period. You can use Windows PowerShell commands for AD FS to configure the revocation settings for the claims provider trust's signing certificate. Claims provider trust's signing certificate revocation settings: %3 The following errors occurred while building the certificate chain: %4 User Action: Ensure that the claims provider trust's signing certificate is valid and has not been revoked. Ensure that AD FS can access the certificate revocation list if the revocation setting does not specify "none" or a "cache only" setting. Verify your proxy server setting. For more information about how to verify your proxy server setting, see the AD FS Troubleshooting Guide (http://go.microsoft.com/fwlink/?LinkId=182180). |
| 316 | RelyingPartySigningCertificateCrlCheckFailure | An error occurred during an attempt to build the certificate chain for the relying party trust '%1' certificate identified by thumbprint '%2'. Possible causes are that the certificate has been revoked, the certificate chain could not be verified as specified by the relying party trust's signing certificate revocation settings or certificate is not within its validity period. You can use Windows PowerShell commands for AD FS to configure the revocation settings for the relying party signing certificate. Relying party trust's signing certificate revocation settings: %3 The following errors occurred while building the certificate chain: %4 User Action: Ensure that the relying party trust's signing certificate is valid and has not been revoked. Ensure that AD FS can access the certificate revocation list if the revocation setting does not specify "none" or a "cache only" setting. Verify your proxy server setting. For more information about how to verify your proxy server setting, see the AD FS Troubleshooting Guide (http://go.microsoft.com/fwlink/?LinkId=182180). |
| 317 | RelyingPartyEncryptionCertificateCrlCheckFailure | An error occurred during an attempt to build the certificate chain for the relying party trust '%1' certificate identified by thumbprint '%2'. Possible causes are that the certificate has been revoked, the certificate chain could not be verified as specified by the relying party trust's encryption certificate revocation settings or certificate is not within its validity period. You can use Windows PowerShell commands for AD FS to configure the revocation settings for the relying party encryption certificate. Relying party trust's encryption certificate revocation settings: %3 The following errors occurred while building the certificate chain: %4 User Action: Ensure that the relying party trust's encryption certificate is valid and has not been revoked. Ensure that AD FS can access the certificate revocation list if the revocation setting does not specify "none" or a "cache only" setting. Verify your proxy server setting. For more information about how to verify your proxy server setting, see the AD FS Troubleshooting Guide (http://go.microsoft.com/fwlink/?LinkId=182180). |
| 319 | ClientCertificateCrlCheckFailure | An error occurred while the certificate chain for the client certificate identified by thumbprint '%1' was being built. The certificate chain could not be built. The certificate has been revoked, the certificate chain could not be verified as specified by the encryption certificate revocation settings or certificate is not within its validity period. You can use the Set-ADFSProperties cmdlet with the ProxyCertRevocationCheck parameter in Windows PowerShell for AD FS to configure the client certificate revocation settings. Client Certificate Revocation Settings: %2 The following errors occurred while building the certificate chain: %3 User Action: Ensure that the client certificate is valid and has not been revoked. Ensure that the Federation Service can access the certificate revocation list if the revocation setting does not specify "none" or a "cache only" setting. Verify your proxy server setting. For more information about how to verify your proxy server setting, see the AD FS Troubleshooting Guide (http://go.microsoft.com/fwlink/?LinkId=182180). |
| 320 | SamlProtocolSignatureVerificationError | The verification of the SAML message signature failed. Message issuer: %1 Exception details: %2 This request failed. User Action Verify that the message issuer configuration in the AD FS configuration database is up to date. Configure the signing certificate for the specified issuer. Verify that the issuer's certificate is up to date. Verify the issuer and server message signing requirements. |
| 321 | InvalidNameIdPolicyError | The SAML authentication request had a NameID Policy that could not be satisfied. Requestor: %1 Name identifier format: %2 SPNameQualifier: %3 Exception details: %4 This request failed. User Action Use the AD FS Management snap-in to configure the configuration that emits the required name identifier. |
| 322 | OnBehalfOfAuthorizationTokenIssuanceFailureAudit | The Federation Service could not authorize token issuance for the caller '%3' on behalf of the subject '%4' to the relying party '%5'. See audit 501 with the same Instance ID for caller identity. See audit 502 with the same Instance ID for OnBehalfOf identity, if any. Additional Data Instance ID: %1 Activity ID: %2 Relying party: %5 |
| 323 | OnBehalfOfAuthorizationError | The Federation Service could not authorize token issuance for the caller '%2' on behalf of the subject '%3' to the relying party '%4'. See event 501 with the same Instance ID for caller identity. See event 502 with the same Instance ID for OnBehalfOf identity, if any. Additional Data Instance ID: %1 Exception details: %5 User Action Use the Windows PowerShell Get-ADFSClaimsProviderTrust or Get-ADFSRelyingPartyTrust cmdlet to ensure the caller is authorized on behalf of the subject to the relying party. |
| 324 | CallerAuthorizationTokenIssuanceFailureAudit | The Federation Service could not authorize token issuance for caller '%3' to relying party '%4'. See audit 501 with the same Instance ID for caller identity. Additional Data Instance ID: %1 Activity ID: %2 Relying party: %4 |
| 325 | CallerAuthorizationError | The Federation Service could not authorize token issuance for caller '%2'. The caller is not authorized to request a token for the relying party '%3'. See event 501 with the same Instance ID for caller identity. Additional Data Instance ID: %1 Relying party: %3 Exception details: %4 User Action Use the AD FS Management snap-in to ensure that the caller is authorized to request a token for the relying party. |
| 326 | ClaimsPolicyInvalidPolicyTypeError | Failed to load the AD FS claims policy engine using policy type '%1' User Action Make sure AD FS is installed correctly. |
| 327 | SamlSingleLogoutError | An error occurred during processing of the SAML logout request. Additional Data Caller identity: %1 Logout initiator identity: %2 Error message: %3 Exception details: %4 User Action Ensure that the single logout service is configured properly for this relying party trust or claims provider trust in the AD FS configuration database. |
| 328 | SamlArtifactResolutionNoAssertion | The SAML artifact resolution request was resolved, but the response does not contain the expected assertions. Additional Data: SAML artifact: %1 Status code: %2 SubStatus code: %3 Status message: %4 This request failed. User Action Contact the claims provider for more information. |
| 329 | AdditionalBlobCertificateLoadWarning | The certificate that is identified by thumbprint '%1' could not be decrypted using the keys for X.509 certificate private key sharing. Additional Data: X.509 certificate private key sharing diagnosis: %2 User Action You may have to restore all Active Directory objects underneath the specified distinguished name in the diagnostic information above for X.509 certificate private key sharing. |
| 331 | CertificateManagementDecryptionError | The certificate management service encountered an error during decryption of the keys. storeName: %2 storeLocation: %1 x509FindType: %4 findValue: %3 Additional Data: X.509 certificate private key sharing diagnosis: %5 User Action You may have to restore all Active Directory objects underneath the distinguished name that is specified in the diagnosis for X.509 certificate private key sharing above. |
| 332 | CertificateManagementEncryptionError | The certificate management service encountered an error during encryption of the keys. Subject: %1 Diagnosis: %2 User Action You may have to restore all Active Directory objects underneath the distinguished name that is specified in the diagnosis above for X.509 certificate private key sharing. |
| 333 | CertificateManagementConfigurationError | The certificate management service encountered an error during database access. Additional Data: Diagnosis: %1 User Action Confirm that the SQL store is online. |
| 334 | CertificateManagementWarning | Certificate rollover service needs to rollover %1 certificates urgently. Partners will not be able to apply the update in time. |
| 335 | CertificateManagementInfo | %1 |
| 336 | CertificateManagementInitiated | The certificate management cycle was initiated. |
| 337 | CertificateManagementComplete | The certificate management cycle was completed. |
| 338 | CertificateManagementGenericError | An error was encountered during certificate rollover. The monitoring cycle was shut down. Additional Data Exception details: %1 Additional details: %2 |
| 339 | CertificateManagementInitiationError | An error occurred during initialization of certificate rollover. Certificates will not be rolled over. Additional Data Exception details: %1 |
| 340 | ArtifactResolutionSuccessAudit | An SAML artifact resolution request was successfully resolved for the relying party '%1'. Relying party: %1 SAML artifact: %2 |
| 341 | SecurityTokenNotYetValidError | The NotBefore attribute for the token has a value that is set to a future time. See inner exception for more details. Additional Data Token Type: %1 Exception details: %2 This request failed. User Action Verify that system clock is synchronized. |
| 342 | SecurityTokenValidationError | Token validation failed. Additional Data Token Type: %1 %Error message: %2 Exception details: %3 |
| 343 | ConfigurationDatabaseSynchronizationInitiationError | There was an error during initialization of synchronization. Synchronization of data from the primary federation server to the secondary federation server will not occur. Additional Data Exception details: %1 |
| 344 | ConfigurationDatabaseSynchronizationSyncError | There was an error doing synchronization. Synchronization of data from the primary federation server to a secondary federation server did not occur. Additional data Exception details: %1 User Action Make sure the primary federation server is available or the service account identity of this machine matches the service account identity of the primary federation server. |
| 345 | ConfigurationDatabaseSynchronizationCommunicationError | There was a communication error during AD FS configuration database synchronization. Synchronization of data from the primary federation server to a secondary federation server did not occur. Additional Data Master Name : %1 Endpoint Uri : %2 Exception details: %3 |
| 346 | ConfigurationDatabaseReadOnlyTransferError | There was an error during retrieving the configuration data for the secondary federation server. Additional Data Exception details: %1 |
| 348 | ConfigurationDatabaseSynchronizationCompleted | Synchronization of configuration data from the primary federation server '%1' is completed. %2 objects were added. %3 objects were deleted. |
| 349 | FsAdministrationServiceStart | The administration service for the Federation Service started successfully. You can now use the Windows Powershell commands for AD FS to modify the Federation Service configuration. The following service hosts have been added: %1 |
| 351 | PolicyStoreSynchronizationPropertiesGetError | There was an error getting synchronization properties. Additional Data Exception details: %1 |
| 352 | ConfigurationDatabaseSqlError | A SQL operation in the AD FS configuration database with connection string %1 failed. Additional Data Exception details: %2 |
| 353 | SamlArtifactResolutionSignatureVerificationError | Unable to resolve the SAML artifact. Verification of the artifact response signature failed. Claims provider: %1 Exception details: %2 This request failed. User Action Verify that the claims provider trust in the AD FS configuration database is up to date. Verify that the claims provider trust's signing certificate is up to date. |
| 354 | ArtifactResolutionServiceSignatureVerificationError | The artifact resolution service could not verify the request signature. Additional Data Exception details: %1 User action: Verify that the relying party trust in the AD FS configuration database is up to date. Configure the relying party certificate for request signing. Verify that relying party certificate is up to date. |
| 356 | SqlNotificationRegistrationError | Failed to register notification to the SQL database with the connection string %1 for cache type '%2'. Changes to settings may not take effect until the Federation Service restarts. Additional Data Exception details: %3 |
| 357 | SqlNotificationRegistrationResumption | Successfully registered notification to the SQL database with the connection string %1. |
| 358 | ServiceHostRestart | Restarting %1. This restart is necessary because a change was detected in the certificates that this service host uses. Requests that are served by endpoints of this service host may fail during restart. |
| 359 | ServiceHostRestartError | An error occurred during an attempt to restart %1. Additional Data Exception details: %2 User Action Restart the Federation Service to recover from the error. |
| 360 | ClientCertificateNotPresentOnProxyEndpointError | A request was made to a certificate transport endpoint, but the request did not include a client certificate. This could be because the root CA certificate that issued the client certificate is not in the Trust CA certificate store or because the client certificate is expired. User Action: Ensure that the CA that issued the client certificate in this request has its certificate in the Trusted Root Certificate Authority store on the Local Computer. Ensure that the client certificate is not expired. |
| 362 | WSFederationPassiveSignOutError | Encountered error during federation passive sign-out. Additional Data Exception details: %1 |
| 363 | WSFederationPassiveServiceCommunicationError | A communication error occurred during an attempt to get a token from the Federation Service. Make sure that the Federation Service is running. Additional Data Exception details: %1 |
| 364 | WSFederationPassiveRequestFailedError | Encountered error during federation passive request. Additional Data Protocol Name: %1 Relying Party: %2 Exception details: %3 |
| 365 | RelyingPartyNotEnabled | A token request was received for the relying party '%1', but the request could not be fulfilled because the relying party trust is not enabled. Relying party: %1 This request failed. User Action If this relying party trust should be enabled, enable it by using the AD FS Management snap-in or Windows PowerShell for AD FS. |
| 366 | ClaimsProviderNotEnabled | A token was received from claims provider '%1', but the token could not be validated because the claims provider trust is not enabled. Claims provider: %1 This request failed. User Action If this claims provider trust should be enabled, enable it by using the AD FS Management snap-in or Windows PowerShell for AD FS. |
| 367 | AudienceUriValidationFailed | The audience restriction was not valid because the specified audience identifier is not present in the acceptable identifiers list of this Federation Service. User Action See the exception details for the audience identifier that failed validation. If the audience identifier identifies this Federation Service, add the audience identifier to the acceptable identifiers list by using Windows PowerShell for AD FS. Note that the audience identifier is used to verify whether the token was sent to this Federation Service. If you think that the audience identifier does not identify your Federation Service, adding it to the acceptable identifiers list may open a security vulnerability in your system. Additional Data Token Type: %1 Exception details: %2 |
| 368 | SamlLogoutNameIdentifierNotFoundError | The SAML Single Logout request does not correspond to the logged-in session participant. Requestor: %1 Request name identifier: %2 Logged-in session participants: %3 This request failed. User Action Verify that the claim provider trust or the relying party trust configuration is up to date. If the name identifier in the request is different from the name identifier in the session only by NameQualifier or SPNameQualifier, check and correct the name identifier policy issuance rule using the AD FS Management snap-in. |
| 369 | WSFederationPassiveTtpRequestError | Processing TTP request failed with the following exception. Additional Data Exception details: %1 User Action Ensure that user has enabled cookies in browser settings. |
| 370 | WSFederationPassiveTtpResponseError | Incoming TTP response is not valid. Processing response failed with following exception. Additional Data Exception details: %1 User Action Ensure that partner federation provider is configured properly to send valid TTP response. |
| 371 | AuthorityCertificateResolveError | Cannot find certificate to validate message/token signature obtained from claims provider. Claims provider: %1 This request failed. User Action Check that Claim Provider Trust configuration is up to date. |
| 372 | WeakSignatureAlgorithmError | Authentication Failed. The token used to authenticate the user is signed using a weaker signature algorithm than expected. Additional Data Token Type: %1 Issuer: %2 Actual token signature algorithm: %3 Expected token signature algorithm: %4 User Action Check that Claim Provider is configured to accept tokens with expected signature algorithm. Use the AD FS PowerShell commands to configure the signature algorithm property. |
| 373 | ArtifactResolutionServiceWeakSignatureAlgorithmError | The artifact request from the replying party is signed with a weaker signature algorithm. Additional Data Relying party identity: %1 Actual message signature algorithm: %2 Expected message signature algorithm: %3 User action: Check that relying party is configured to accept artifact resolution request with expected signature algorithm. Use the AD FS PowerShell commands to configure the signature algorithm property. |
| 374 | AuthorityEncryptionCertificateCrlCheckFailure | An error occurred while building the certificate chain for the claims provider trust '%1' certificate identified by thumbprint '%2'. The certificate chain could not be built, the certificate has been revoked, or the certificate chain could not be verified as specified by the claims provider trust's encryption certificate revocation settings. AD FS powershell commands can be used to configure the claims provider trust encryption certificate revocation settings. Claims Provider Trust Encryption Certificate Revocation Settings: %3 The following errors occurred while building the certificate chain: %4 User Action: Ensure that the claims provider trust's encryption certificate is valid and has not been revoked. Ensure that AD FS can access the certificate revocation list if the revocation setting does not specify "none" or a "cache only" setting. Verify your proxy server setting. For more information about how to verify your proxy server setting, see the AD FS Troubleshooting Guide (http://go.microsoft.com/fwlink/?LinkId=182180). |
| 375 | PolicyStoreSynchronizationInitiated | Policy store synchronization initiated. |
| 376 | SqlAttributeStoreQueryExecutionError | An Error occurred while executing a query in SQL attribute store. Additional Data Connection information: %1 Query: %2 Parameters: %3 User Action Examine the exception details to take one or more of the following actions if applicable. Verify that the connection string to the SQL attribute store is valid. Make sure that the SQL attribute store can be reached by the connection string and the SQL attribute store exists. Verify that the SQL query and parameters are valid. Exception details: %4 |
| 377 | AttributeStoreError | A processing error occurred in an attribute store. User Action Exception details: %1 |
| 378 | SAMLRequestUnsupportedSignatureAlgorithm | SAML request is not signed with expected signature algorithm. SAML request is signed with signature algorithm %1 . Expected signature algorithm is %2 User Action: Verify that signature algorithm for the partner is configured as expected. |
| 379 | InvalidIssuanceInstantError | A security token was rejected as the specified IssueInstant was before the allowed time frame. Token Type: %1 User Action: To allow tokens for a larger timeframe, use the AD FS PowerShell commands to adjust the value of the ReplayCacheExpirationInterval. |
| 380 | BadConfigurationIdentityCertificateNotValid | During processing of the Federation Service configuration, the element '%1' was found to have invalid data. The certificate that was configured could not be used. The certificate has been revoked, the certificate chain could not be verified or certificate is not within its validity period. The following are the values of the certificate: Element: %1 Subject: %2 Thumbprint: %3 The Federation Service will not be able to start until this configuration element is corrected. User Action Verify whether the certificate chain for the certificate configured has been revoked by its certificate authority. If the certificate has been revoked or expired, the AD FS service must be issued a new certificate. |
| 381 | AdditionalCertificateValidationFailure | An error occurred during an attempt to build the certificate chain for configuration certificate identified by thumbprint '%1'. Possible causes are that the certificate has been revoked or certificate is not within its validity period. The following errors occurred while building the certificate chain: %2 User Action: Ensure that the certificate is valid and has not been revoked or expired. |
| 382 | SynchronizationThresholdViolation | AD FS detected that the Federation Service has more than %1 %2 trusts configured and that the data in the AD FS configuration database for this Federation Service is stored and synchronized using Windows Internal Database technology. The overall performance of data synchronization between configuration databases that are stored locally on federation servers across the farm will degrade as you add more than %1 trusts when you use the Windows Internal Database to store the AD FS configuration database. User Action: To improve synchronization performance across your federation server farm, we recommend that you migrate the data in the AD FS configuration database to SQL server. For more information about how to do this, see AD FS Operations Guide (http://go.microsoft.com/fwlink/?LinkId=181189). |
| 383 | WSFederationPassiveWebConfigMalformedError | The Web request failed because the web.config file is malformed. User Action: Fix the malformed data in the web.config file. Exception details: %1 |
| 384 | WSFederationPassiveInvalidValueInWebConfigError | The request to the Federation Service failed because the web.config file has an invalid configuration for '%1' that the Federation Service does not support. User Action: Ensure that the configuration of the property '%1' is supported by the Federation Service. |
| 385 | ConfigurationHasExpiredCertsWarning | AD FS detected that one or more certificates in AD FS configuration database need to be updated manually because they are expired, or will expire soon. See additional details for more information Additional Details: %1 |
| 386 | ConfigurationHealthyCertsInfo | AD FS detected that none of the service certificates that are configured to be managed by the administrator are due to expire. |
| 387 | CertPrivateKeyInaccessibleError | AD FS detected that one or more of the certificates specified in the Federation Service were not accessible to the service account used by the AD FS Windows Service. User Action: Ensure that the AD FS service account has read permissions on the certificate private keys. Additional Details: %1 |
| 388 | CertPrivateKeyAccessibleInfo | AD FS detected that all the service certificates have appropriate access given to the AD FS service account. |
| 389 | TrustsHaveExpiredCertsWarning | AD FS detected that one or more of your trusts require their certificates to be updated manually because they are expired, or will expire soon. See additional details for more information Additional Details: %1 |
| 390 | TrustsHaveHealthyCertsInfo | AD FS detected that none of the partner certificates that are configured to be managed by the administrator are due to expire. |
| 392 | FsProxyTrustTokenRenewalSuccess | The federation server proxy was able to successfully renew its trust with the Federation Service. Proxy trust certificate subject: %1. Proxy trust certificate old thumbprint: %2. Proxy trust certificate new thumbprint: %3. |
| 393 | ProxyTrustTokenIssuanceFailure | The federation server proxy could not establish a trust with the Federation Service. Additional Data Exception details: %1 User Action Ensure that the credentials being used to establish a trust between the federation server proxy and the Federation Service are valid and that the Federation Service can be reached. |
| 394 | FsProxyTrustTokenRenewalError | The federation server proxy could not renew its trust with the Federation Service. Additional Data Exception details: %1 User Action Ensure that the federation server proxy is trusted by the Federation Service. If the trust does not exist or has been revoked, establish a trust between the proxy and the Federation Service using the Federation Service Proxy Configuration Wizard by logging on to the proxy computer. |
| 395 | ProxyTrustTokenIssuanceSuccess | The trust between the federation server proxy and the Federation Service was established successfully using the account '%1'. Proxy trust certificate subject: %2. Proxy trust certificate thumbprint: %3. |
| 396 | ProxyTrustTokenRenewalSuccess | The trust between the federation server proxy and the Federation Service was renewed successfully. Proxy trust certificate subject: %1. Proxy trust certificate old thumbprint: %2. Proxy trust certificate new thumbprint: %3. |
| 397 | HttpProxyConfigurationInfo | The federation server loaded the HTTP proxy configuration from WinHTTP settings. HTTP Proxy: %1 HTTPS Proxy: %2 Bypass proxy for local addresses: %3 Bypass proxy for addresses: %4 To learn more about how to set the HTTP proxy settings for the federation server, see http://go.microsoft.com/fwlink/?LinkId=182180. |
| 398 | ConfigurationHasArchivedCertsWarning | AD FS detected that one or more certificates in the AD FS configuration database need to be updated manually because they are archived. Additional Details: %1 |
| 399 | ConfigurationHealthyUnarchivedCertsInfo | AD FS detected that none of the service certificates that are configured to be managed by the administrator are archived. |
| 400 | GiveUserVSSAccess | VSS writer permissions have been granted to user %1. |
| 401 | RevokeUserVSSAccess | VSS writer permissions have been revoked from user %1. |
| 402 | CertificateClaimUnknownError | Failed to add some of the certificate claims. |
| 403 | RequestReceivedSuccessAudit | An HTTP request was received. See audit 510 with the same Instance ID for headers. Instance ID: %1 Activity ID: %2 Request Details: Date And Time: %3 Client IP: %4 HTTP Method: %5 Url Absolute Path: %6 Query string: %7 Local Port: %8 Local IP: %9 User Agent: %10 Content Length: %11 Caller Identity: %12 Certificate Identity (if any): %13 Targeted relying party: %14 Through proxy: %15 Proxy DNS name: %16 |
| 404 | ResponseSentSuccessAudit | An HTTP response was dispatched. See audit 510 with the same Instance ID for headers. Instance ID: %1 Activity ID: %2 Response Details: Date And Time: %3 Status Code: %4 Status Description: %5 |
| 405 | PasswordChangeSuccessAudit | Password change succeeded for following user: Activity ID: %1 User: %2 Server on which password change was attempted: %3 |
| 406 | PasswordChangeFailureAudit | Password change failed for following user: Additional Data Activity ID: %1 User: %2 Device Certificate: %3 Server on which password change was attempted: %4 Client IP: %6 Error details: %5 |
| 407 | PasswordChangeError | Password change failed for following user: Additional Data User: %1 Server on which password change was attempted: %2 Error details: %3 |
| 408 | DeviceAuthenticationFailureAudit | Device authentication failed for following device: Additional Data Activity ID: %1 User: %2 Client IP: %3 Target Application: %4 Device Certificate: %5 Device ID: %6 Device Name: %7 Error Message: %8 |
| 409 | DeviceAuthenticationSuccessAudit | Device authentication successful for following device: Additional Data Activity ID: %1 User: %2 Client IP: %3 Target Application: %4 Device Certificate: %5 Device ID: %6 Device Name: %7 Registered owner's sid: %8 Is current User registered: %9 |
| 410 | RequestContextHeadersSuccessAudit | Following request context headers present : Activity ID: %1 %2: %3 %4: %5 %6: %7 %8: %9 %10: %11 %12: %13 %14: %15 |
| 411 | SecurityTokenValidationFailureAudit | Token validation failed. See inner exception for more details. Additional Data Activity ID: %1 Token Type: %2 Client IP: %5 Error message: %3 Exception details: %4 |
| 412 | AuthenticationSuccessAudit | A token of type '%3' for relying party '%4' was successfully authenticated. See audit 501 with the same Instance ID for caller identity. Instance ID: %1 Activity ID: %2 |
| 413 | CallerIdFailureAudit | An error occurred during processing of a token request. The data in this event may have the identity of the caller (application) that made this request. The data includes an Activity ID that you can cross-reference to error or warning events to help diagnose the problem that caused this error. Additional Data Activity ID: %1 Caller: %2 OnBehalfOf user: %3 ActAs user: %4 Target Relying Party: %5 Device identity: %6 Client IP: %7 User action: Use the Activity ID data in this message to search and correlate the data to events in the Event log using Event Viewer. This Activity ID will also be shown as additional information in the error page when an error occurs in the federation passive Web application. |
| 414 | InvalidMsisHttpRequestAudit | An error occurred during processing of a token request. The data includes an Activity ID that you can cross-reference to error or warning events to help diagnose the problem that caused this error. Additional Data Activity ID: %1 Target Relying Party: %2 Is Application Proxy Configured: %3 Is Request From the Extranet: %4 User action: Use the Activity ID data in this message to search and correlate the data to events in the Event log using Event Viewer. This Activity ID will also be shown as additional information in the error page when an error occurs in the federation passive Web application. |
| 415 | UnregisteredDrsUpnSuffixes | %1 |
| 416 | WebConfigurationError | Web configuration error: %1 |
| 417 | CertificateClaimError | Unable to add the certificate claim %1. |
| 418 | StsProxyTrustRenewalAuditSuccess | The trust between the federation server proxy and the Federation Service was successfully renewed. Additional Data Server from which request was made: %1 Certificate Subject: %2 Old Certificate Thumbprint: %3 New Certificate Thumbprint: %4 |
| 419 | StsProxyTrustRenewalAuditFailure | Unable to renew the trust between the federation server proxy and the Federation Service. Additional Data Server from which request was made: %1 Exception details: %2 |
| 420 | StsProxyTrustTokenEstablishmentAuditSuccess | The trust between the federation server proxy and the Federation Service was successfully established. Additional Data User: %1 Server from which request was made: %2 Certificate Subject: %3 Certificate Thumbprint: %4 |
| 421 | StsProxyTrustTokenEstablishmentAuditFailure | The trust between the federation server proxy and the Federation Service could not be established. Additional Data User: %1 Server from which request was made: %2 |
| 424 | ClientCertNotTrustedOnStsAuditFailure | The federation server proxy was not able to authenticate the client certificate presented in the request. Activity ID: %1 Client certificate thumbprint: %2 Client certificate subject name: %3 Client endpoint: %4 Inner exception: %5 User Action Ensure that the request is using the certificate used to establish the trust between the Federation Server Proxy and the Federation Service. |
| 425 | ApplicationProxyConfigurationStoreChangeAuditSuccess | The following update was successful to the application proxy store on the federation server. Activity ID: %1 Authentication information: %2 HTTP method: %3 Key: %4 Value: %5 Version: %6 |
| 426 | ApplicationProxyConfigurationStoreChangeAuditFailure | The following update attempt to the application proxy store on the federation server failed. Activity ID: %1 Authentication information: %2 HTTP method: %3 Key: %4 Value: %5 Version: %6 Error information: %7 |
| 427 | ApplicationProxyTrustUpdateAuditSuccess | The following update attempt to the application proxy relying party trust on the federation server succeeded. Activity ID: %1 Authentication information: %2 HTTP method: %3 Identifier: %4 |
| 428 | ApplicationProxyTrustUpdateAuditFailure | The following update attempt to the application proxy relying party trust on the federation server failed. Activity ID: %1 Authentication information: %2 HTTP method: %3 Identifier: %4 Error information: %5 |
| 429 | RelyingPartyTrustUpdateAuditSuccess | The following update attempt to the relying party trust on the federation server succeeded. Activity ID: %1 Authentication information: %2 HTTP method: %3 Relying party trust identifier: %4 Internal Url: %5 External Url: %6 Published identifier: %7 |
| 430 | RelyingPartyTrustUpdateAuditFailure | The following update attempt to the relying party trust on the federation server failed. Activity ID: %1 Authentication information: %2 HTTP method: %3 Relying party trust identifier: %4 Internal url: %5 External url: %6 Published identifier: %7 Error information: %8 |
| 431 | ActiveRequestRSTSuccessAudit | An active request was received at STS with RST containing: Activity ID: %1 RST Details: KeySize: %2 KeyType: %3 RequestType: %4 TokenType: %5 SignatureAlgorithm: %6 |
| 432 | ProxyConfigurationEndpointError | Error handling request from proxy at %1 Additional Data Exception details: %2 |
| 433 | ProxyTrustTokenRenewalError | Error encountered while renewing trust with the federation server proxy. Additional Data Exception details: %1 |
| 434 | CertificateAuthorityExpirationCheckWarning | The primary AD FS certificate authority issuer certificate ( thumbprint %1 ) will expire at %2 UTC. The certificate rollover service will roll over to the current secondary ( thumbprint %3 ) at %4 UTC. To avoid certificate issuance service interruption, ensure that the current secondary certificate ( thumbprint %3 ) is installed in Active Directory before the rollover occurs at %4 UTC. |
| 435 | PrimarySigningCertificateRolloverCheckWarning | The primary AD FS token signing certificate ( thumbprint %1 ) will expire at %2 UTC. The certificate rollover service will roll over to the current secondary ( thumbprint %3 ) at %4 UTC. Relying parties that rely on federation metadata will be notified automatically; any relying parties that do not rely on federation metadata must be informed of the new certificate before the rollover at %4 UTC. |
| 436 | PrimaryDecryptionCertificateRolloverCheckWarning | The primary AD FS token decryption certificate ( thumbprint %1 ) will expire at %2 UTC. The certificate rollover service will roll over to the current secondary ( thumbprint %3 ) at %4 UTC. Identity providers that rely on federation metadata will be notified automatically; any identity providers that send encrypted tokens to AD FS and do not rely on federation metadata must be informed of the new certificate before the expiration at %2 UTC. |
| 437 | CertificateRolloverCheckExceptionWarning | Error encountered while checking for pending certificate rollovers. This check will be attempted again every %1 minutes; the next run is expected at %2 UTC. If this issue persists, AD FS will not be able to advise of pending certificate rollover events. Additional Data Exception details: %3 Additional details: %4 |
| 438 | CertificateAuthorityRolloverExceptionWarning | Error encountered while checking rollover status of the AD FS certificate authority issuer certificate. This check will be attempted again every %1 minutes; the next run is expected at %2 UTC. Future runs may occur on other farm nodes if AD FS is running in a farm configuration. If this issue persists, the AD FS certificate authority issuer certificate cannot be rolled over successfully when it nears expiry. Additional Data Exception details: %3 Additional details: %4 |
| 439 | EnrollmentCertificateReadFromTemplateError | Error encountered while attempting to read an enrollment certificate from a template. Additional Data Exception details: %1 Additional details: %2 |
| 440 | EnrollmentCertificateSetInfo | A Certificate Authority Enrollment Certificate was found. Additional Data Certificate Thumbprint: %1 |
| 441 | TokenBindingKeyInvalid | A token with a bad token binding key was found. Additional Data User: %1 Target RP: %2 Client IP: %3 Token Binding ID: %4 Request Provided ID: %5 Request Referred ID: %6 |
| 442 | ExternalCAEnrollmentCertificateManagementInitiated | The CA enrollment certificate management cycle was initiated. |
| 443 | ExternalCAEnrollmentCertificateManagementComplete | The CA enrollment certificate management cycle was completed. |
| 444 | ExternalCAEnrollmentCertificateExceptionError | Error encountered while checking status of the AD FS enrollment certificate. This check will be attempted again every %1 minutes; the next run is expected at %2 UTC. If this issue persists, the AD FS will not be able to enroll certificate. Additional Data Exception details: %3 Additional details: %4 |
| 445 | TokenBindingSuscpiciousRequest | A token with no binding was received on a request which is token-binding-capable. This could be evidence of a possible downgrade attack, or it could mean the token originally came from a server that doesn't support token binding. Additional Data User: %1 Target RP: %2 Client IP: %3 Request Provided ID: %4 Request Referred ID: %5 |
| 446 | TokenBindingSuscpiciousSsoRequest | An SSO token with no binding was received on a request which is token-binding-capable. This is evidence of a possible downgrade attack. Additional Data User: %1 Target RP: %2 Client IP: %3 Request Provided ID: %4 Request Referred ID: %5 |
| 447 | CertificateTemplatePolicyConfigurationFailure | Error encountered while attempting to update the configuration policy for the template %1. If the template is published under machine policy, service might not be able to read it. See https://go.microsoft.com/fwlink/?linkid=852318 for more information. Exception details: UpdateMachinePolicyConfigurationForTemplate returned error: %2 |
| 448 | AddLeasedTaskFailure | Error encountered while attempting to add a leased task to the database. Additional Data: Task name: %1 Error: %2 |
| 449 | AddFarmNodesIdentifierBackgroundTaskFailure | Error encountered while executing the The AddFarmNodesIdentifierBackgroundTask task. Additional Data: Error: %1 Additional details: %2 |
| 450 | UserCodeCacheRemovedExpiredItemsTimerTaskFailure | Error encountered while removing the expired items from the usercode cache. Additional Data: Error: %1 |
| 451 | AddFarmNodesIdentifierBackgroundTaskDeletingNodes | Following nodes have the reported heartbeat older than %1 UTC and will be deleted. %2 |
| 452 | FarmUpgradeRedirectUriMismatchWarning | %1 |
| 500 | IssuedIdentityClaims | More information for the event entry with Instance ID %1. There may be more events with the same Instance ID with more information. Instance ID: %1 Issued identity: %2 %3 %4 %5 %6 %7 %8 %9 %10 %11 %12 %13 %14 %15 %16 %17 %18 %19 %20 %21 |
| 501 | CallerIdentityClaims | More information for the event entry with Instance ID %1. There may be more events with the same Instance ID with more information. Instance ID: %1 Caller identity: %2 %3 %4 %5 %6 %7 %8 %9 %10 %11 %12 %13 %14 %15 %16 %17 %18 %19 %20 %21 |
| 502 | OnBehalfOfUserIdentityClaims | More information for the event entry with Instance ID %1. There may be more events with the same Instance ID with more information. Instance ID: %1 OnBehalfOf identity: %2 %3 %4 %5 %6 %7 %8 %9 %10 %11 %12 %13 %14 %15 %16 %17 %18 %19 %20 %21 |
| 503 | ActAsUserIdentityClaims | More information for the event entry with Instance ID %1. There may be more events with the same Instance ID with more information. Instance ID: %1 ActAs identity: %2 %3 %4 %5 %6 %7 %8 %9 %10 %11 %12 %13 %14 %15 %16 %17 %18 %19 %20 %21 |
| 504 | ApplicationProxyConfigurationStoreChangeSuccess | The following update was successful to the application proxy store on the federation server. Authentication information: %1 HTTP method: %2 Key: %3 Value: %4 Version: %5 |
| 505 | ApplicationProxyConfigurationStoreChangeFailure | The following update attempt to the application proxy store on the federation server failed. Authentication information: %1 HTTP method: %2 Key: %3 Value: %4 Version: %5 Error information: %6 |
| 506 | ApplicationProxyTrustUpdateSuccess | The following update attempt to the application proxy relying party trust on the federation server succeeded. Authentication information: %1 HTTP method: %2 Identifier: %3 |
| 507 | ApplicationProxyTrustUpdateFailure | The following update attempt to the application proxy relying party trust on the federation server failed. Authentication information: %1 HTTP method: %2 Identifier: %3 Error information: %4 |
| 508 | RelyingPartyTrustUpdateSuccess | The following update attempt to the relying party trust on the federation server succeeded. Authentication information: %1 HTTP method: %2 Relying party trust identifier: %3 Internal Url: %4 External Url: %5 Published identifier: %6 |
| 509 | RelyingPartyTrustUpdateFailure | The following update attempt to the relying party trust on the federation server failed. Authentication information: %1 HTTP method: %2 Relying party trust identifier: %3 Internal url: %4 External url: %5 Published identifier: %6 Error information: %7 |
| 510 | LongText | More information for the event entry with Instance ID %1. There may be more events with the same Instance ID with more information. Instance ID: %1 Details: %2 %3 %4 %5 %6 %7 %8 %9 %10 %11 %12 %13 %14 %15 %16 %17 %18 %19 %20 %21 |
| 511 | InvalidMsisHttpSigninRequestFailure | The incoming sign-in request is not allowed due to an invalid Federation Service configuration. Request url: %1 User Action: Examine the Federation Service configuration and take the following actions: Verify that the sign-in request has all the required parameters and is formatted correctly. Verify that a web application proxy relying party trust exists, is enabled, and has identifiers which match the sign-in request parameters. Verify that the target relying party trust object exists, is published through the web application proxy, and has identifiers which match the sign-in request parameters. |
| 512 | ExtranetLockoutAccountThrottledAudit | The account for the following user is locked out. A login attempt is being allowed due to the system configuration. Additional Data Activity ID: %1 User: %2 Client IP: %3 Bad Password Count: %4 nLast Bad Password Attempt: %5 |
| 513 | ArtifactRestEndpointRequestFailureAudit | The Artifact REST service failed to return an artifact as a result of an error during processing. Additional Data Activity ID: %1 Request Details: Client IP: %2 Requested Uri: %3 Exception details: %4 |
| 514 | ArtifactRestEndpointRequestSuccessAudit | The Artifact REST service successfully returned an artifact. Additional Data Activity ID: %1 Request Details: Client IP: %2 Requested Uri: %3 |
| 515 | ExtranetLockoutUserThrottleTransitionAudit | The following user account was in a locked out state and the correct password was just provided. This account may be compromised. Additional Data Activity ID: %1 User: %2 Client IP: %3 |
| 516 | ExtranetLockoutAccountRestrictedAudit | The following user account has been locked out due to too many bad password attempts. Additional Data Activity ID: %1 User: %2 Client IP: %3 nBad Password Count: %4 nLast Bad Password Attempt: %5 |
| 517 | TargetRelyingPartyPublishedButAppProxyDisabledFailure | The incoming sign-in request is not allowed due to an invalid Federation Service configuration. Request url: %1 User Action: Verify that either an enabled web application proxy relying party trust exists in your Federation Service configuration or that the target relying party trust object is not published through a web application proxy. |
| 518 | TargetRelyingPartyPublishedButAppProxyDisabledFailureAudit | An error occurred during processing of a token request. The data includes an Activity ID that you can cross-reference to error or warning events to help diagnose the problem that caused this error. Additional Data Activity ID: %1 User action: Use the Activity ID data in this message to search and correlate the data to events in the Event log using Event Viewer. This Activity ID will also be shown as additional information in the error page when an error occurs in the federation passive Web application. |
| 519 | PrimayServerRequestHandlerResponseSuccessAudit | A successful response status code was received from the primary server. The data includes an Activity ID that you can cross-reference to the events on the primary server to help diagnose the problem. Activity ID: %1 Authentication information: %2 Raw URL of the incoming request: %3 Response status code: %4 IP address from which the request originated: %5 |
| 520 | PrimayServerRequestHandlerResponseFailureAudit | An error response status code was received from the primary server. The data includes an Activity ID that you can cross-reference to error or warning events on the primary server to help diagnose the problem. Activity ID: %1 Authentication information: %2 Raw URL of the incoming request: %3 Response status code: %4 WebException response code: %5 IP address from which the request originated: %6 |
| 521 | RelyingPartyTokenRequestFailure | The request for the relying party token resulted in a failure. Authentication information: %1 HTTP method: %2 Username: %3 Password presented: %4 Realm: %5 Application realm: %6 Device registration certificate thumbprint: %7 User certificate thumbprint: %8 Error information: %9 User action: Examine the request and verify that at least one of the following parameter sets are present. Username and password Username, password, and device registration certificate User certificate |
| 522 | RelyingPartyTokenRequestAuditFailure | The request for the relying party token resulted in a failure. The data includes an Activity ID that you can cross-reference to error or warning events on the primary server to help diagnose the problem. Activity ID: %1 Authentication information: %2 HTTP method: %3 Username: %4 Password presented: %5 Realm: %6 Application realm: %7 Device registration certificate thumbprint: %8 User certificate thumbprint: %9 Error information: %10 User action: Use the Activity ID data in this message to search and correlate the data to events in the Event log using Event Viewer. |
| 523 | RelyingPartyTokenRequestAuditSuccess | The request for the relying party token succeeded. The data includes an Activity ID that you can cross-reference to the events on the primary server to help diagnose the problem. Activity ID: %1 Authentication information: %2 HTTP method: %3 Username: %4 Password presented: %5 Realm: %6 Application realm: %7 Device registration certificate thumbprint: %8 User certificate thumbprint: %9 |
| 530 | LocalCPTrustReadWarning | AD FS could not read the local claims provider trusts from the AD FS configuration. AD FS will continue to operating from cached configuration. Exception details: %1 |
| 531 | LocalCPTrustFirstReadError | AD FS could not read the local claims provider trusts from the AD FS configuration. AD FS will not function until this configuration can be read for the first time. Exception details: %1 |
| 540 | UnableToCreateOAuthDiscoveryDocument | The Federation Service was was unable to return the OAuth discovery document as a result of an error. Document Path: %1 Additional Data Exception details: %2 |
| 541 | ProxyConfigDataFarmBehaviorMalformedError | An invalid value was found during processing of the proxy configuration data from the AD FS server. The value will be ignored, and the rest of the proxy configuration data will be processed. Additional Data FarmBehavior: '%1' User action: This may point to an interoperability issue between the proxy and the AD FS server. Contact the vendor for your AD FS server. |
| 542 | HeartbeatError | There was an error during heartbeat. Additional data Exception details: %1 |
| 543 | HeartbeatCommunicationError | There was an error during heartbeat communicating to primary federation server. Primary server: '%1' Endpoint: '%2' Additional data Exception details: %3 User Action Make sure the primary federation server is available or the service account identity of this machine matches the service account identity of the primary federation server. |
| 544 | HeartbeatWarning | Heartbeat is not performed because primary server does not support heartbeat. Primary server: '%1' |
| 545 | HeartbeatInformation | Heartbeat is performed at primary server. Primary server: '%1' |
| 546 | AzureMfaCertificateNotFound | A current tenant certificate for Azure MFA was not found. TenantId: %1. |
| 547 | AzureMfaCertificateRenewed | The tenant certificate for Azure MFA has been renewed. TenantId: %1. Old thumbprint: %2. Old expiration date: %3. New thumbprint: %4. New expiration date: %5. |
| 548 | AzureMfaCertificateExpirationWarning | The tenant certificate for Azure MFA will expire soon. TenantId: %1. Thumbprint: %2. Expiration date: %3. |
| 549 | AzureMfaCertificateExpired | The tenant certificate for Azure MFA has expired. TenantId: %1. Thumbprint: %2. Expiration date: %3. |
| 550 | CertKeySpecMissing | The %1 primary certificate cannot be used because the KeySpec must have a value of AT_KEYEXCHANGE (1). User Action: This value can be changed by reimporting the certificate from a pfx file. From an elevated command prompt, use the command "certutil -importpfx filename.pfx AT_KEYEXCHANGE". For more information, see http://go.microsoft.com/fwlink/?LinkId=798501 |
| 551 | UnableToOAuthLogout | An error occurred during processing of an OAuth logout request. Path: %1 Additional Data Exception details: %2 |
| 552 | OAuthDeletedSessionCookies | The session cookies were successfully deleted using the OAuth logout path. |
| 553 | OAuthRedirectUrlValidationSuccess | The specified redirect URL was validated successfully. URL: %1 |
| 554 | OAuthRedirectUrlValidationFailure | The specified redirect URL did not match any of the OAuth client's redirect URIs. The logout was successful but the client will not be redirected. URL: %1 |
| 555 | KeyReceiptValidationFailed | The Windows Hello for Business key receipt could not be verified. Additional Information: %1 |
| 556 | UserStoreMasterBackgroundTaskExceptionWarning | Error encountered while attempting to select a master node for the account store. This check will be attempted again every %1 minutes; the next run is expected at %2 UTC. Future runs may occur on other farm nodes if AD FS is running in a farm configuration. See https://go.microsoft.com/fwlink/?linkid=849965 for more information. Additional Data Exception details: %3 Additional details: %4 |
| 557 | UserActivityClientServiceException | An error occured while trying to communicate with the account store rest service on node %1. If this is a WID farm the primary node may be offline. If this is a SQL farm ADFS will automatically select a new node to host the User store master role. See https://go.microsoft.com/fwlink/?linkid=849965 for more information. |
| 558 | AccountActivityCacheError | Syncronization of the Account Activity data failed. Additional Data Exception message: %1 User Action Ensure that the artifact storage server is configured properly. Troubleshoot network connectivity to the artifact storage server. See https://go.microsoft.com/fwlink/?linkid=849965 for more information. |
| 559 | PKeyAuthFailure | Device authentication using PKeyAuth failed. Request might continue without device authentication. Additional Information: %1 |
| 560 | UserActivityAccountNotFoundError | User %1 could not be found in the account database. |
| 561 | UserActivityAuthorizationFailedError | Authorization failed when connecting to the account store endpoint on server %1 Additional Data Exception Message: %2 See https://go.microsoft.com/fwlink/?linkid=849965 for more information. |
| 562 | UserActivityGenericClientError | An error occurred when communcating with the account store endpoint on server %1. Additional Data Exception Message: %2 See https://go.microsoft.com/fwlink/?linkid=849965 for more information. |
| 563 | ExtranetSmartLockoutGenericFailure | An error occurred while calculating extranet lockout status. Due to the value of the %1 setting authentication will be allowed for this user and token issuance will continue. If this is a WID farm the primary node may be offline. If this is a SQL farm ADFS will automatically select a new node to host the User store master role. See https://go.microsoft.com/fwlink/?linkid=849965 for more information. Additional Data Account store server name: %2 User Id: %3 Exception Message: %4 |
| 564 | BannedIpConfigurationWarning | The banned IP list found in Microsoft.IdentityServer.Servicehost.exe.config is being used instead of the banned IP list found in the ADFS configuration database. Verify that the configuration file contains the correct list. Clearing the banned IPs from the database using Set-ADFSProperties -RemoveBannedIPs will silence this warning. |
| 565 | AccountActivityFatalDatabaseError | An error occurred while attemtping to update the database schema for Adfs smart lockout. See https://go.microsoft.com/fwlink/?linkid=864556 for more information. Additional Data Exception Message: %1 |
| 566 | OAuthDeviceCodeEndpointFailure | An error occurred during processing of an OAuth device code request. Error: %1 Additional Data Client identifier: %2 Full request: %3 Exception details: %4 |
| 568 | OAuthDeviceAuthEndpointFailure | An error occurred during processing of an OAuth device auth request with the provided usercode: %1. Error: %2 Additional Data User Code Data (if available): %3 Exception details: %4 |
| 570 | ADEnterpriseTrustEnumerationFailure | Active Directory trust enumeration was unable to enumerate one of more domains due to the following error. Enumeration will continue but the Active Directory identifier list may not be correct. Validate that all expected Active Directory identifiers are present by running Get-ADFSDirectoryProperties: Error string: %1 Exception Details: %2 |
| 571 | ADEnterpriseTaskFailure | Enumeration of the Active Directory domains failed. Exception Details: %1 |
| 572 | ADSuffixNotTrustedWarning | The Active Directory suffix from this username is not trusted by this ADFS server. If this identifier is expected it can be added to the trusted identier list by using Set-ADFSDirectoryProperties. Username: %1 Suffix: %2 Client IP: %3 |
| 573 | ThreatDetectionModuleFailure | The following error was generated by a threat detection module. Module Identifier: %1 Message: %2 |
| 574 | ThreatDetectionModuleLoadFailure | A threat detection module failed to load. Verify the module binary is correctly installed on this node. Module Name: %1 Module Identifier: %2 Type: %3 Failure Message: %4 |
| 575 | ThreatDetectionModuleLoadSuccess | The following threat detection module was successfully loaded Module Name: %1 Module Identifier: %2 Type: %3 |
| 576 | ThreatDetectionModuleUnhandledFailure | An unexpected error was returned from a threat detection module. Module Name: %1 Module Identifier: %2 Type: %3 Exception Type: %4 Error Message: %5 |
| 1000 | CallerId | An error occurred during processing of a token request. The data in this event may have the identity of the caller (application) that made this request. The data includes an Activity ID that you can cross-reference to error or warning events to help diagnose the problem that caused this error. Additional Data Caller: %1 OnBehalfOf user: %2 ActAs user: %3 Target Relying Party: %4 Device identity: %5 User action: Use the Activity ID data in this message to search and correlate the data to events in the Event log using Event Viewer. This Activity ID will also be shown as additional information in the error page when an error occurs in the federation passive Web application. |
| 1020 | OAuthAuthorizationRequestFailedError | Encountered error during OAuth authorization request. Additional Data Exception details: %1 |
| 1021 | OAuthTokenRequestFailedError | Encountered error during OAuth token request. Additional Data Exception details: %1 |
| 1022 | OAuthAuthorizationCodeIssuanceSuccessAudit | An OAuth authorization code was successfully issued to client '%5'. Activity ID: %1 Authorization Code ID: %2 Request Details: Date And Time: %3 Client IP: %4 Client Identifier: %5 Client Redirect URI: %6 Resource: %7 User Identity: %8 Device Identity: %9 |
| 1023 | OAuthAccessTokenIssuanceSuccessAudit | An OAuth access token was successfully issued to client '%6' for the relying party '%8'. See audit 500 with the same Instance ID for issued claims. See audit 501 with the same Instance ID for caller identity. Instance ID: %1 Activity ID: %2 Authorization Code ID (if authorization code request): %3 User code (if device flow request): %11 Request Details: Date And Time: %4 Client IP: %5 Client Identifier: %6 Client Redirect URI: %7 Resource: %8 User Identity: %9 Device Identity: %10 |
| 1024 | OAuthRefreshTokenIssuanceSuccessAudit | An OAuth refresh token was successfully issued to client '%6' for the relying party '%8'. See audit 500 with the same Instance ID for issued claims. Instance ID: %1 Activity ID: %2 Authorization Code ID (if authorization code request): %3 User code (if device flow request): %11 Request Details: Date And Time: %4 Client IP: %5 Client Identifier: %6 Client Redirect URI: %7 Resource: %8 User Identity: %9 Device Identity: %10 |
| 1025 | OAuthAuthorizationCodeIssuanceFailureAudit | The Federation Service failed to issue an OAuth authorization code as a result of an error during processing of the OAuth authorization code request. Additional Data Activity ID: %1 Request Details: Client IP: %2 Client Identifier: %3 Client Redirect URI: %4 Resource: %5 User Identity: %6 Device Identity: %7 Exception details: %8 |
| 1026 | OAuthAccessTokenIssuanceFailureAudit | The Federation Service failed to issue an OAuth access token as a result of an error during processing of the OAuth access token request. Additional Data Activity ID: %1 Request Details: Client IP: %2 Client Identifier: %3 Client Redirect URI: %4 Resource: %5 User Identity: %6 Device Identity: %7 Exception details: %8 |
| 1027 | OAuthAccessTokenResponseIssuanceSuccessAudit | An OAuth access token response was successfully issued to client '%5' for the relying party '%7'. See audit 1023 with the same authorization code ID for issued access token. In an AD FS farm setup, this audit may be found on another farm node. See audit 1024 with the same authorization code ID for the refresh token if it is issued. In an AD FS farm setup, this audit may be found on another farm node. Activity ID: %1 Authorization Code ID: %2 Request Details: Date And Time: %3 Client IP: %4 Client Identifier: %5 Client Redirect URI: %6 Resource: %7 |
| 1028 | OAuthClientAuthenticationSuccessAudit | OAuth Confidential Client '%6' was successfully authenticated using tokentype '%3'. See audit 501 with the same Instance ID for claims generated during client authentication. Instance ID: %1 Activity ID: %2 Request Details: TokenType: %3 Date And Time: %4 Client IP: %5 Client Identifier: %6 |
| 1029 | OAuthClientAuthenticationFaultAudit | OAuth Client Authentication failed for client '%4' with tokentype '%2'. Activity ID: %1 Request Details: TokenType: %2 Client IP: %3 Client Identifier: %4 Exception details: %5 |
| 1030 | OAuthClientCredentialsFaultAudit | The Federation Service failed to issue an OAuth access token as a result of an error during processing of the OAuth Client Credentials token request. Activity ID: %1 Request Details: Client IP: %2 Resource: %3 Client Identifier: %4 Exception details: %5 |
| 1031 | OAuthClientCredentialsIssuanceSuccessAudit | An OAuth access token response using Client Credentials flow was successfully issued to client '%4' for the relying party '%5'. Activity ID: %1 Request Details: Date And Time: %2 Client IP: %3 Client Identifier: %4 Resource: %5 |
| 1032 | OAuthIdTokenIssuanceFailureAudit | The Federation Service failed to issue an ID token as a result of an error during processing of request. Activity ID: %1 Request Details: Client IP: %2 Client Identifier: %3 Exception details: %4 |
| 1033 | OAuthIdTokenIssuanceSuccessAudit | An ID token was successfully issued to client '%4'. Activity ID: %1 Request Details: Date And Time: %2 Client IP: %3 Client Identifier: %4 Id Token Subject: %5 |
| 1034 | OAuthOnBehalfOfFaultAudit | The Federation Service failed to issue an OAuth access token as a result of an error during processing of the OAuth On Behalf Of token request. Activity ID: %1 Request Details: Client IP: %2 Resource: %3 Client Identifier: %4 User: %5 Exception details: %6 |
| 1035 | OAuthOnBehalfOfIssuanceSuccessAudit | An OAuth access token response using On Behalf Of flow was successfully issued to client '%4' for the relying party '%5'. Activity ID: %1 Request Details: Date And Time: %2 Client IP: %3 Client Identifier: %4 Resource: %5 User: %6 |
| 1036 | OAuthLogonCertificateFaultAudit | The Federation Service failed to issue an OAuth access token as a result of an error during processing of the OAuth Logon Certificate token request. Activity ID: %1 Request Details: Client IP: %2 Resource: %3 Client Identifier: %4 User: %5 Exception details: %6 |
| 1037 | OAuthLogonCertificateIssuanceSuccessAudit | An OAuth access token response using the Logon Certificate flow was successfully issued to client '%4' for the relying party '%5'. Activity ID: %1 Request Details: Date And Time: %2 Client IP: %3 Client Identifier: %4 Resource: %5 User: %6 |
| 1038 | OAuthVPNCertificateFaultAudit | The Federation Service failed to issue an OAuth VPN Certificate as a result of an error during processing of the OAuth VPN Certificate token request. Activity ID: %1 Request Details: Client IP: %2 Resource: %3 Client Identifier: %4 User: %5 Exception details: %6 |
| 1039 | OAuthAuthCodeVPNCertificateIssuanceSuccessAudit | An OAuth VPN Certificate response was successfully issued to client '%5' for the relying party '%7'. See audit 1023 with the same authorization code ID for issued access token. In an AD FS farm setup, this audit may be found on another farm node. See audit 1024 with the same authorization code ID for the refresh token if it is issued. In an AD FS farm setup, this audit may be found on another farm node. Activity ID: %1 Authorization Code ID: %2 Request Details: Date And Time: %3 Client IP: %4 Client Identifier: %5 Client Redirect URI: %6 Resource: %7 |
| 1040 | OAuthRefreshTokenVPNCertificateIssuanceSuccessAudit | An OAuth access token response using the VPN Certificate flow was successfully issued to client '%4' for the relying party '%5'. Activity ID: %1 Request Details: Date And Time: %2 Client IP: %3 Client Identifier: %4 Resource: %5 User: %6 |
| 1041 | OAuthPrimaryRefreshTokenIssuanceSuccessAudit | An OAuth primary refresh token was successfully issued to client '%6'. See audit 500 with the same Instance ID for issued claims. Instance ID: %1 Activity ID: %2 Authorization Code ID (if authorization code request): %3 Request Details: Date And Time: %4 Client IP: %5 Client Identifier: %6 Client Redirect URI: %7 User Identity: %8 Device Identity: %9 |
| 1042 | OAuthNextGenCredsIssuanceSuccessAudit | An OAuth access token response using Next Generation Credentials flow was successfully issued to client '%4' for the relying party '%5'. Activity ID: %1 Request Details: Date And Time: %2 Client IP: %3 Client Identifier: %4 Resource: %5 |
| 1043 | OAuthNextGenCredsIssuanceFailureAudit | The Federation Service failed to issue an OAuth access token as a result of an error during processing of the OAuth Next Generation Credentials token request. Activity ID: %1 Request Details: Client IP: %2 Resource: %3 Client Identifier: %4 Exception details: %5 |
| 1044 | OAuthWinHelloCertIssuanceSuccessAudit | An OAuth Win Hello Certificate response was successfully issued to client '%4' for the relying party '%5'. Activity ID: %1 Request Details: Date And Time: %2 Client IP: %3 Client Identifier: %4 Resource: %5 User: %6 Certificate Thumbprint: %7 Certificate Expiry: %8 |
| 1045 | OAuthWinHelloCertIssuanceFailureAudit | The Federation Service failed to issue an OAuth Win Hello Certificate as a result of an error during processing of the request. Activity ID: %1 Request Details: Client IP: %2 Resource: %3 Client Identifier: %4 User Identifier: %5 Exception details: %6 |
| 1080 | WebFingerRequestError | An error occurred while processing WebFinger request. Additional Data Request url: %1 User Action Examine the exception details to take one or more of the following actions if applicable. Verify that the resource query parameter exists and is valid representing an authorization server's URL. Verify that all federation partners (RP-STSs) that this ADFS issues tokens to (including any chains) have been configured using powershell cmdlet Add-ADFSTrustedFederationPartner. Exception details: %2 |
| 1090 | UserInfoEndpointRequestFailureAudit | The UserInfo endpoint failed to return a success response as a result of an error during processing. Additional Data Activity ID: %1 Request Details: Client IP: %2 Requested Uri: %3 Exception details: %4 |
| 1091 | UserInfoEndpointRequestSuccessAudit | The UserInfo endpoint successfully returned a JSON response. Additional Data Activity ID: %1 Request Details: Client IP: %2 Requested Uri: %3 |
| 1100 | RestEndpointAuthorizationFailureError | The Federation Service could not authorize a request to one of the REST endpoints. Additional Data Exception details: %1 |
| 1101 | RestEndpointAuthorizationFailureAudit | The Federation Service could not authorize a request to one of the REST endpoints. Additional Data Activity ID: %1 Request Details: Client IP: %2 Requested URI: %3 Exception details: %4 |
| 1102 | RestEndpointAuthorizationSuccessAudit | The Federation Service authorized a request to one of the REST endpoints. Additional Data Activity ID: %1 Request Details: Client IP: %2 Requested URI: %3 Additional details: %4 |
| 1103 | LdapStoreQueryUserDnFailureAudit | The Federation Service failed to query the LDAP account store for the DN of user %2. Activity ID: %1 Request Details: User name: %2 LDAP query: %3 Local CP trust identifier: %4 Ldap server: %5 SSL: %6 Authentication method: %7 Exception details: %8 |
| 1104 | LdapStoreQueryUserDnSuccessAudit | The Federation Service queried the LDAP account store for the DN of user %2. Activity ID: %1 Request Details: User name: %2 LDAP query: %3 Local CP trust identifier: %4 Ldap server: %5 SSL: %6 Authentication method: %7 |
| 1105 | LdapStoreBindFailureAudit | The Federation Service failed to bind to the LDAP server with user %2. Activity ID: %1 Request Details: User DN: %2 Local CP trust identifier: %3 Ldap server: %4 SSL: %5 Authentication method: %6 Exception details: %7 |
| 1106 | LdapStoreBindSuccessAudit | The Federation Service bound to the LDAP account store with user %2. Activity ID: %1 Request Details: User DN: %2 Local CP trust identifier: %3 Ldap server: %4 SSL: %5 Authentication method: %6 |
| 1107 | LdapStoreQueryUserAttrFailureAudit | The Federation Service failed to query the LDAP account store for the attributes of user %2. Activity ID: %1 Request Details: User DN: %2 LDAP query: %3 Local CP trust identifier: %4 Ldap server: %5 SSL: %6 Authentication method: %7 Exception details: %8 |
| 1108 | LdapStoreQueryUserAttrSuccessAudit | The Federation Service queried the LDAP account store for the attributes of user %2. Activity ID: %1 Request Details: User DN: %2 LDAP query: %3 Local CP trust identifier: %4 Ldap server: %5 SSL: %6 Authentication method: %7 |
| 1109 | LdapAccountStoreConnectionFailure | The Federation Service failed to connect to the LDAP account store to authenticate user %2. Activity ID: %1 Request Details: User DN: %2 Local CP trust identifier: %3 LDAP server: %4 SSL: %5 Authentication method: %6 Exception details: %7 |
| 1110 | LdapAttributeStorePrimaryConnectionFailure | The Federation Service failed to connect to the primary LDAP account store to authenticate user %2. Activity ID: %1 Request Details: User DN: %2 Local CP trust identifier: %3 Ldap server: %4 SSL: %5 Authentication method: %6 Exception details: %7 |
| 1111 | LdapAttributeStoreCompleteConnectionFailure | The Federation Service failed to connect to all LDAP account stores to authenticate user %2. Activity ID: %1 Request Details: User DN: %2 Local CP trust identifier: %3 Ldap server: %4 SSL: %5 Authentication method: %6 Exception details: %7 |
| 1112 | LdapAttributeStoreConnectionFailure | The Federation Service failed to connect to the Ldap server. Activity ID: %1 Request Details: Local CP trust identifier: %2 Ldap ErrorCode: %3 Exception details: %4 |
| 1113 | ClientJWKSyncingInitiated | Client Json Web Key Set (JWKS) synchronization initiated. |
| 1114 | ClientJWKSyncingComplete | Client Json Web Key Set (JWKS) synchronization completed. |
| 1115 | ClientJWKSyncingError | The Federation Service encountered an error while retrieving the Json Web Key Set (JWKS) document from '%1'. The key synchronization for the following client failed: Client: %2 Additional Data Exception details: %3 Additional details: %4 User Action Make sure the JWKS URI '%1' is accessible. |
| 1116 | ClientJWKSyncingDatabaseError | An error occurred during a read operation from the configuration database. Monitoring of clients' Json Web Key Set (JWKS) was shut down and will be tried again after an amount of time that corresponds to the monitoring interval. Additional Data Exception details: %1 Additional details: %2 |
| 1117 | ClientJWKSyncingClientError | An error occurred during monitoring of the following client's Json Web Key Set (JWKS). Client: %1 Additional Data Exception details: %2 Additional details: %3 |
| 1118 | ClientJWKSyncingGenericError | An error occurred during monitoring of clients'Json Web Key Set (JWKS). The monitoring cycle was shut down. Additional Data Exception details: %1 Additional details: %2 |
| 1119 | JWTSigningKeysDownloadedSuccessAudit | The Json Web Token (JWT) signing keys configuration was successfully downloaded. Client: %1 Subject: Security ID: %2 Account: %3 Additional Data Keys imported: %6 JWKS uri: %4 JWKS uri content: %5 |
| 1120 | JWTSigningKeysDownloadFailureAudit | An attempt to change the Json Web Token (JWT) signing keys failed. Client: %1 Subject: Security ID: %2 Account: %3 Additional Data JWKS uri: %4 Exception details: %5 |
| 1121 | TokenBindingKeyFailureAudit | An attempt to use a token with an invalid token binding key was made. Activity ID: %1 Additional Data User: %2 %Target RP: %3 Client IP: %4 Token Binding ID: %5 Request Provided ID: %6 Request Referred ID: %7 |
| 1122 | OAuthLogoutSuccessAudit | The OAuth logout request was process successfully. Additional Data Activity ID: %1 Request Details: Client IP: %2 User Identity: %3 Device Identity: %4 |
| 1123 | OAuthLogoutFailureAudit | There was an error during processing of a OAuth logout request. Additional Data Activity ID: %1 Request Details: Client IP: %2 User Identity: %3 Device Identity: %4 Exception Details %5 |
| 1124 | OAuthDeviceCodeSuccessAudit | The OAuth device code request was process successfully. Additional Data Activity ID: %1 Request Details: Client IP: %2 User Identity: %3 Device Identity: %4 Usercode: %5 Full Request: %6 |
| 1125 | OAuthDeviceCodeFailureAudit | There was an error during processing of a OAuth device code request. Additional Data Activity ID: %1 Error: %2 Request Details: Client IP: %3 User Identity: %4 Device Identity: %5 Full Request: %6 Exception Details %7 |
| 1126 | OAuthDeviceAuthSuccessAudit | The user code request was processed successfully. Additional Data Activity ID: %1 Request Details: Client IP: %2 User Code Data: %3 |
| 1127 | OAuthDeviceAuthFailureAudit | There was an error during the processing of the user code request. Additional Data Activity ID: %1 Error: %2 Request Details: Client IP: %3 User Code: %4 Exception Details %5 |
| 1128 | OAuthDeviceFlowRestResultSavedSuccessAudit | The device flow authorization response was successfully saved to the artifact database via the REST service. Additional Data Activity ID: %1 Request Details: Client IP: %2 User Code: %3 |
| 1129 | OAuthDeviceFlowRestResultSavedFailureAudit | There was an error saving the device flow authorization to the artifact database via the REST service. Additional Data Activity ID: %1 Error: %2 Request Details: Client IP: %3 User Code: %4 Exception Details %5 |
| 1130 | ProxyTrustTLSError | There was an error establishing or renewing the proxy trust. Ensure the STS and proxy servers have the same TLS version enabled. Consult the following links for additional details: https://go.microsoft.com/fwlink/?linkid=875038 https://go.microsoft.com/fwlink/?linkid=875039 Additional Data Exception Details: %1 |
| 1131 | ProxyTrustCryptoError | There was an error establishing or renewing the trust between the proxy and STS. Ensure the Network Service Account has Read/Write permissions on C:\Program Data\Microsoft\Crypto\RSA\Machine Keys on the proxy server. Consult the following link for additional details: https://go.microsoft.com/fwlink/?linkid=875037 Additional Data Exception Details: %1 |
| 1200 | AppTokenSuccessAudit | The Federation Service issued a valid token. See XML for details. Activity ID: %1 Additional Data XML: %2 |
| 1201 | AppTokenFailureAudit | The Federation Service failed to issue a valid token. See XML for failure details. Activity ID: %1 Additional Data XML: %2 |
| 1202 | FreshCredentialSuccessAudit | The Federation Service validated a new credential. See XML for details. Activity ID: %1 Additional Data XML: %2 |
| 1203 | FreshCredentialFailureAudit | The Federation Service failed to validate a new credential. See XML for failure details. Activity ID: %1 Additional Data XML: %2 |
| 1204 | PasswordChangeBasicSuccessAudit | A password was changed. See XML for failure details. Activity ID: %1 Additional Data XML: %2 |
| 1205 | PasswordChangeBasicFailureAudit | A password change was attempted, but failed. See XML for failure details. Activity ID: %1 Additional Data XML: %2 |
| 1206 | SignOutSuccessAudit | A SignOut request was successfully processed. See XML for failure details. Activity ID: %1 Additional Data XML: %2 |
| 1207 | SignOutFailureAudit | A SignOut request was attempted, but failed. See XML for failure details. Activity ID: %1 Additional Data XML: %2 |
| 1210 | ExtranetLockoutAudit | An extranet lockout event has occurred. See XML for failure details. Activity ID: %1 Additional Data XML: %2 |
| 1300 | HostNameErrorAudit | There was an error validating the host name in the incoming request. Activity ID: %1 Error: %2 |