detection.wiki
Blog

AD FS

562 events across 2 channels

Event IDTitleChannel
100Unknown
100The Federation Service started successfully.Admin
102Unknown
102There was an error in enabling endpoints of Federation Service.Admin
103Unknown
103The Federation Service stopped successfully.Admin
104Unknown
104The artifact resolution service is not running.Admin
105Unknown
105An error occurred loading an authentication provider.Admin
106Unknown
106An authentication provider was successfully loaded: Identifier: '.Admin
111Unknown
111The Federation Service encountered an error while processing the WS-Trust …Admin
131Unknown
131During processing of the Federation Service configuration, the element '.Admin
132Unknown
132During processing of the Federation Service configuration, the required element …Admin
133Unknown
133During processing of the Federation Service configuration, the element '.Admin
134Unknown
134During processing of the Federation Service configuration, the element '.Admin
135Unknown
135During processing of the Federation Service configuration, the element '.Admin
136Unknown
136During processing of the Federation Service configuration, the Federation …Admin
143Unknown
143The Federation Service was unable to create the federation metadata document as …Admin
144Unknown
144The Federation Service Proxy blocked an illegitimate request made by a client, …Admin
147Unknown
147A token was received from a claims provider identified by the key '.Admin
149Unknown
149During processing of the Federation Service configuration, the attribute store …Admin
155Unknown
155The Federation Service was unable to listen at '.Admin
156Unknown
156Trust monitoring cycle initiated.Admin
157Unknown
157Trust monitoring cycle completed.Admin
159Unknown
159The Federation Service encountered an error while writing to the following …Admin
163Unknown
163An error occurred during initialization of trust monitoring.Admin
164Unknown
164An error occurred during a read operation from the configuration database.Admin
165Unknown
165An error occurred during trust monitoring.Admin
166Unknown
166Trust monitoring service encountered an error while parsing the metadata …Admin
167Unknown
167Trust monitoring service encountered an error while applying the data in the …Admin
168Unknown
168The Federation Service encountered an error while retrieving the federation …Admin
171Unknown
171The trust monitoring service automatically updated the trust of '.Admin
173Unknown
173The trust monitoring service automatically updated the trust of '.Admin
174Unknown
174Trust monitoring service detected changes in policy of '.Admin
180Unknown
180An error occurred while upgrading FarmBehaviorLevel '.Admin
181Unknown
181AD FS could not enable the new KDFv2 feature automatically because of missing …Admin
182Unknown
182AD FS enabled the new KDFv2 feature successfully.Admin
183Unknown
183KDFv2 feature is disabled on AD FS farm.Admin
184Unknown
184A token request was received for a relying party identified by the key '.Admin
186Unknown
186The Federation Service could not fulfill the token-issuance request.Admin
187Unknown
187AD FS server received a JWT token without nonce in the assertion and it was …Admin
188Unknown
188AD FS server is not configured to reject JWT tokens that did not have nonce in …Admin
189Unknown
189AD FS server received an OAuth authorization request in the device code flow …Admin
193Unknown
193The Federation Service could not satisfy a token request because the relying …Admin
197Unknown
197The Federation Service could not satisfy a token request because the …Admin
198Unknown
198The federation server proxy started successfully.Admin
199Unknown
199The federation server proxy could not be started.Admin
200Unknown
200The federation server proxy stopped successfully.Admin
201Unknown
201The Federation Service %1 encountered an Access Denied error while trying to …Admin
202Unknown
202The Federation Service %1 could not be opened.Admin
203Unknown
203The Federation Service %1 could not be shut down properly.Admin
204Unknown
204The Federation Service %1 could not be closed.Admin
206Unknown
206The Federation Service could not fulfill the token-issuance request because the …Admin
207Unknown
207An attempt to write to the Security event log failed.Admin
208Unknown
208An error occurred during an attempt to register the event source for the …Admin
209Unknown
209The Security log event source for the Federation Service could not be …Admin
215Unknown
215The Federation Service at '.Admin
217Unknown
217A WS-Trust endpoint that was configured could not be opened.Admin
218Unknown
218The federation server proxy received error code '.Admin
220Unknown
220The Federation Service configuration could not be loaded correctly from the AD …Admin
221Unknown
221A change to the token service configuration was detected, but there was an error …Admin
222Unknown
222The federation server proxy was unable to complete a request to the Federation …Admin
223Unknown
223Claim description could not be loaded correctly from the database.Admin
224Unknown
224The federation server proxy configuration could not be updated with the latest …Admin
225Unknown
225A change to the service configuration was detected, but there was an error …Admin
230Unknown
230The federation server proxy has detected congestion, caused by high latency …Admin
238Unknown
238The Federation Service failed to find a domain controller for the domain %1.Admin
244Unknown
244The Federation Service was unable to listen at '.Admin
245Unknown
245The federation server proxy successfully retrieved and updated its configuration …Admin
246Unknown
246The Federation Service encountered an error during an attempt to connect to a …Admin
247Unknown
247The Federation Service encountered an error while connecting to a global catalog …Admin
248Unknown
248The federation server proxy was not able to retrieve the list of endpoints from …Admin
249Unknown
249The certificate identified by thumbprint '.Admin
250Unknown
250Expiration of the artifact failed.Admin
251Unknown
251Attribute store '.Admin
252Unknown
252The AD FS proxy service made changes to the endpoints it is listening on based …Admin
253Unknown
253AD FS proxy service failed to start a listener for the endpoint '.Admin
258Unknown
258The relying party '.Admin
259Unknown
259The request specified an Assertion Consumer Service index '.Admin
260Unknown
260The request specified an Assertion Consumer Service protocol binding '.Admin
261Unknown
261The request specified an Assertion Consumer Service URL '.Admin
262Unknown
262The artifact resolution request failed.Admin
273Unknown
273The request specified an assertion consumer service that is not configured or …Admin
274Unknown
274The federation server proxy encountered an error while trying to listen on one …Admin
275Unknown
275The federation server proxy could not establish a trust relationship for the SSL …Admin
276Unknown
276The federation server proxy was not able to authenticate to the Federation …Admin
277Unknown
277The Federation Service encountered an unexpected exception and has shut down.Admin
278Unknown
278The SAML artifact resolution endpoint is not configured or it is disabled.Admin
279Unknown
279Unable to find a claims provider trust for SAML artifact resolution in the AD FS …Admin
280Unknown
280Unable to resolve the SAML artifact from the claims provider because the claims …Admin
281Unknown
281Unable to resolve the SAML artifact from the claims provider because the claims …Admin
283Unknown
283Unable to resolve the SAML artifact.Admin
284Unknown
284Unable to resolve the SAML artifact.Admin
285Unknown
285The SAML artifact was resolved, but the response is empty or does not contain …Admin
286Unknown
286Cannot connect to the artifact database.Admin
287Unknown
287Cannot add the artifact to the artifact database.Admin
288Unknown
288Cannot get the artifact from storage.Admin
289Unknown
289Cannot remove the artifact from storage.Admin
290Unknown
290Cannot set expiration for the artifacts in storage.Admin
291Unknown
291The artifact resolution service could not be started.Admin
293Unknown
293A SAML request for the required artifact was rejected because the artifact …Admin
294Unknown
294The SAML artifact resolution request specified an issuer that is not configured …Admin
297Unknown
297The SAML artifact resolution request required an artifact resolution service …Admin
298Unknown
298The Windows Hello for Business key receipt certificate background task will not …Admin
302Unknown
302The Federation Service could not authorize token issuance for caller '.Admin
303Unknown
303The Federation Service encountered an error while processing the SAML …Admin
305Unknown
305The Federation Service encountered an error while querying a LDAP server at %1.Admin
306Unknown
306The Federation Service encountered an error while querying a global catalog …Admin
311Unknown
311An attempt to update AD FS performance counters failed.Admin
315Unknown
315An error occurred during an attempt to build the certificate chain for the …Admin
316Unknown
316An error occurred during an attempt to build the certificate chain for the …Admin
317Unknown
317An error occurred during an attempt to build the certificate chain for the …Admin
319Unknown
319An error occurred while the certificate chain for the client certificate …Admin
320Unknown
320The verification of the SAML message signature failed.Admin
321Unknown
321The SAML authentication request had a NameID Policy that could not be satisfied.Admin
323Unknown
323The Federation Service could not authorize token issuance for the caller '.Admin
325Unknown
325The Federation Service could not authorize token issuance for caller '.Admin
326Unknown
326Failed to load the AD FS claims policy engine using policy type '.Admin
327Unknown
327An error occurred during processing of the SAML logout request.Admin
328Unknown
328The SAML artifact resolution request was resolved, but the response does not …Admin
329Unknown
329The certificate that is identified by thumbprint '.Admin
331Unknown
331The certificate management service encountered an error during decryption of the …Admin
332Unknown
332The certificate management service encountered an error during encryption of the …Admin
333Unknown
333The certificate management service encountered an error during database access.Admin
334Unknown
334Certificate rollover service needs to rollover %1 certificates urgently.Admin
335Admin
335Unknown
336Unknown
336The certificate management cycle was initiated.Admin
337Unknown
337The certificate management cycle was completed.Admin
338Unknown
338An error was encountered during certificate rollover.Admin
339Unknown
339An error occurred during initialization of certificate rollover.Admin
341Unknown
341The NotBefore attribute for the token has a value that is set to a future time.Admin
342Unknown
342Token validation failed.Admin
343Unknown
343There was an error during initialization of synchronization.Admin
344Unknown
344There was an error doing synchronization.Admin
345Unknown
345There was a communication error during AD FS configuration database …Admin
346Unknown
346There was an error during retrieving the configuration data for the secondary …Admin
348Unknown
348Synchronization of configuration data from the primary federation server '.Admin
349Unknown
349The administration service for the Federation Service started successfully.Admin
351Unknown
351There was an error getting synchronization properties.Admin
352Unknown
352A SQL operation in the AD FS configuration database with connection string %1 …Admin
353Unknown
353Unable to resolve the SAML artifact.Admin
354Unknown
354The artifact resolution service could not verify the request signature.Admin
356Unknown
356Failed to register notification to the SQL database with the connection string …Admin
357Unknown
357Successfully registered notification to the SQL database with the connection …Admin
358Unknown
358Restarting %1.Admin
359Unknown
359An error occurred during an attempt to restart %1.Admin
360Unknown
360A request was made to a certificate transport endpoint, but the request did not …Admin
362Unknown
362Encountered error during federation passive sign-out.Admin
363Unknown
363A communication error occurred during an attempt to get a token from the …Admin
364Unknown
364Encountered error during federation passive request.Admin
365Unknown
365A token request was received for the relying party '.Admin
366Unknown
366A token was received from claims provider '.Admin
367Unknown
367The audience restriction was not valid because the specified audience identifier …Admin
368Unknown
368The SAML Single Logout request does not correspond to the logged-in session …Admin
369Unknown
369Processing TTP request failed with the following exception.Admin
370Unknown
370Incoming TTP response is not valid.Admin
371Unknown
371Cannot find certificate to validate message/token signature obtained from claims …Admin
372Unknown
372Authentication Failed.Admin
373Unknown
373The artifact request from the replying party is signed with a weaker signature …Admin
374Unknown
374An error occurred while building the certificate chain for the claims provider …Admin
375Unknown
375Policy store synchronization initiated.Admin
376Unknown
376An Error occurred while executing a query in SQL attribute store.Admin
377Unknown
377A processing error occurred in an attribute store.Admin
378Unknown
378SAML request is not signed with expected signature algorithm.Admin
379Unknown
379A security token was rejected as the specified IssueInstant was before the …Admin
380Unknown
380During processing of the Federation Service configuration, the element '.Admin
381Unknown
381An error occurred during an attempt to build the certificate chain for …Admin
382Unknown
382AD FS detected that the Federation Service has more than %1 %2 trusts configured …Admin
383Unknown
383The Web request failed because the web.Admin
384Unknown
384The request to the Federation Service failed because the web.Admin
385Unknown
385AD FS detected that one or more certificates in AD FS configuration database …Admin
386Unknown
386AD FS detected that none of the service certificates that are configured to be …Admin
387Unknown
387AD FS detected that one or more of the certificates specified in the Federation …Admin
388Unknown
388AD FS detected that all the service certificates have appropriate access given …Admin
389Unknown
389AD FS detected that one or more of your trusts require their certificates to be …Admin
390Unknown
390AD FS detected that none of the partner certificates that are configured to be …Admin
392Unknown
392The federation server proxy was able to successfully renew its trust with the …Admin
393Unknown
393The federation server proxy could not establish a trust with the Federation …Admin
394Unknown
394The federation server proxy could not renew its trust with the Federation …Admin
395Unknown
395The trust between the federation server proxy and the Federation Service was …Admin
396Unknown
396The trust between the federation server proxy and the Federation Service was …Admin
397Unknown
397The federation server loaded the HTTP proxy configuration from WinHTTP settings.Admin
398Unknown
398AD FS detected that one or more certificates in the AD FS configuration database …Admin
399Unknown
399AD FS detected that none of the service certificates that are configured to be …Admin
400Unknown
400VSS writer permissions have been granted to user %1.Admin
401Unknown
401VSS writer permissions have been revoked from user %1.Admin
402Unknown
402Failed to add some of the certificate claims.Admin
407Unknown
407Password change failed for following user: Additional Data User: %1 Server on …Admin
414Unknown
414An error occurred during processing of a token request.Admin
415Admin
415Unknown
416Unknown
416Web configuration error.Admin
417Unknown
417Unable to add the certificate claim %1.Admin
418Unknown
418The trust between the federation server proxy and the Federation Service was …Admin
419Unknown
419Unable to renew the trust between the federation server proxy and the Federation …Admin
420Unknown
420The trust between the federation server proxy and the Federation Service was …Admin
421Unknown
421The trust between the federation server proxy and the Federation Service could …Admin
432Unknown
432Error handling request from proxy at %1 Additional Data Exception details: %2.Admin
433Unknown
433Error encountered while renewing trust with the federation server proxy.Admin
434Unknown
434The primary AD FS certificate authority issuer certificate ( thumbprint %1 ) …Admin
435Unknown
435The primary AD FS token signing certificate ( thumbprint %1 ) will expire at %2 …Admin
436Unknown
436The primary AD FS token decryption certificate ( thumbprint %1 ) will expire at …Admin
437Unknown
437Error encountered while checking for pending certificate rollovers.Admin
438Unknown
438Error encountered while checking rollover status of the AD FS certificate …Admin
439Unknown
439Error encountered while attempting to read an enrollment certificate from a …Admin
440Unknown
440A Certificate Authority Enrollment Certificate was found.Admin
441Unknown
441A token with a bad token binding key was found.Admin
442Unknown
442The CA enrollment certificate management cycle was initiated.Admin
443Unknown
443The CA enrollment certificate management cycle was completed.Admin
444Unknown
444Error encountered while checking status of the AD FS enrollment certificate.Admin
445Unknown
445A token with no binding was received on a request which is …Admin
446Unknown
446An SSO token with no binding was received on a request which is …Admin
447Unknown
447Error encountered while attempting to update the configuration policy for the …Admin
448Unknown
448Error encountered while attempting to add a leased task to the database.Admin
449Unknown
449Error encountered while executing the The AddFarmNodesIdentifierBackgroundTask …Admin
450Unknown
450Error encountered while removing the expired items from the usercode cache.Admin
451Unknown
451Following nodes have the reported heartbeat older than %1 UTC and will be …Admin
452Admin
452Unknown
500Unknown
500More information for the event entry with Instance ID %1.Admin
501Unknown
501More information for the event entry with Instance ID %1.Admin
502Unknown
502More information for the event entry with Instance ID %1.Admin
503Unknown
503More information for the event entry with Instance ID %1.Admin
504Unknown
504The following update was successful to the application proxy store on the …Admin
505Unknown
505The following update attempt to the application proxy store on the federation …Admin
506Unknown
506The following update attempt to the application proxy relying party trust on the …Admin
507Unknown
507The following update attempt to the application proxy relying party trust on the …Admin
508Unknown
508The following update attempt to the relying party trust on the federation server …Admin
509Unknown
509The following update attempt to the relying party trust on the federation server …Admin
510Unknown
510More information for the event entry with Instance ID %1.Admin
511Unknown
511The incoming sign-in request is not allowed due to an invalid Federation Service …Admin
517Unknown
517The incoming sign-in request is not allowed due to an invalid Federation Service …Admin
521Unknown
521The request for the relying party token resulted in a failure.Admin
530Unknown
530AD FS could not read the local claims provider trusts from the AD FS …Admin
531Unknown
531AD FS could not read the local claims provider trusts from the AD FS …Admin
540Unknown
540The Federation Service was was unable to return the OAuth discovery document as …Admin
541Unknown
541An invalid value was found during processing of the proxy configuration data …Admin
542Unknown
542There was an error during heartbeat.Admin
543Unknown
543There was an error during heartbeat communicating to primary federation server.Admin
544Unknown
544Heartbeat is not performed because primary server does not support heartbeat.Admin
545Unknown
545Heartbeat is performed at primary server.Admin
546Unknown
546A current tenant certificate for Azure MFA was not found.Admin
547Unknown
547The tenant certificate for Azure MFA has been renewed.Admin
548Unknown
548The tenant certificate for Azure MFA will expire soon.Admin
549Unknown
549The tenant certificate for Azure MFA has expired.Admin
550Unknown
550The %1 primary certificate cannot be used because the KeySpec must have a value …Admin
551Unknown
551An error occurred during processing of an OAuth logout request.Admin
552Unknown
552The session cookies were successfully deleted using the OAuth logout path.Admin
553Unknown
553The specified redirect URL was validated successfully.Admin
554Unknown
554The specified redirect URL did not match any of the OAuth client's redirect …Admin
555Unknown
555The Windows Hello for Business key receipt could not be verified.Admin
556Unknown
556Error encountered while attempting to select a master node for the account …Admin
557Unknown
557An error occured while trying to communicate with the account store rest service …Admin
558Unknown
558Syncronization of the Account Activity data failed.Admin
559Unknown
559Device authentication using PKeyAuth failed.Admin
560Unknown
560User %1 could not be found in the account database.Admin
561Unknown
561Authorization failed when connecting to the account store endpoint on server %1 …Admin
562Unknown
562An error occurred when communcating with the account store endpoint on server …Admin
563Unknown
563An error occurred while calculating extranet lockout status.Admin
564Unknown
564The banned IP list found in Microsoft.Admin
565Unknown
565An error occurred while attemtping to update the database schema for Adfs smart …Admin
566Unknown
566An error occurred during processing of an OAuth device code request.Admin
568Unknown
568An error occurred during processing of an OAuth device auth request with the …Admin
570Unknown
570Active Directory trust enumeration was unable to enumerate one of more domains …Admin
571Unknown
571Enumeration of the Active Directory domains failed.Admin
572Unknown
572The Active Directory suffix from this username is not trusted by this ADFS …Admin
573Unknown
573The following error was generated by a threat detection module.Admin
574Unknown
574A threat detection module failed to load.Admin
575Unknown
575The following threat detection module was successfully loaded Module Name: %1 …Admin
576Unknown
576An unexpected error was returned from a threat detection module.Admin
1000Unknown
1000An error occurred during processing of a token request.Admin
1020Unknown
1020Encountered error during OAuth authorization request.Admin
1021Unknown
1021Encountered error during OAuth token request.Admin
1080Unknown
1080An error occurred while processing WebFinger request.Admin
1100Unknown
1100The Federation Service could not authorize a request to one of the REST …Admin
1109Unknown
1109The Federation Service failed to connect to the LDAP account store to …Admin
1110Unknown
1110The Federation Service failed to connect to the primary LDAP account store to …Admin
1111Unknown
1111The Federation Service failed to connect to all LDAP account stores to …Admin
1112Unknown
1112The Federation Service failed to connect to the Ldap server.Admin
1113Unknown
1113Client Json Web Key Set (JWKS) synchronization initiated.Admin
1114Unknown
1114Client Json Web Key Set (JWKS) synchronization completed.Admin
1115Unknown
1115The Federation Service encountered an error while retrieving the Json Web Key …Admin
1116Unknown
1116An error occurred during a read operation from the configuration database.Admin
1117Unknown
1117An error occurred during monitoring of the following client's Json Web Key Set …Admin
1118Unknown
1118An error occurred during monitoring of clients'Json Web Key Set (JWKS).Admin
1130Unknown
1130There was an error establishing or renewing the proxy trust.Admin
1131Unknown
1131There was an error establishing or renewing the trust between the proxy and STS.Admin

Event ID 100 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 100 — The Federation Service started successfully.

Provider
AD FS
Channel
Admin

Message

The Federation Service started successfully. The following service hosts have been added: 
%1

Fields

NameDescription
data1

Event ID 102 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 102 — There was an error in enabling endpoints of Federation Service.

Provider
AD FS
Channel
Admin

Message

There was an error in enabling endpoints of Federation Service. Fix configuration errors using PowerShell cmdlets and restart the Federation Service. 

Additional Data 
Exception details: 
%1

Fields

NameDescription
data1

Event ID 103 —

Provider
AD FS
Channel
Unknown

Event ID 103 — The Federation Service stopped successfully.

Provider
AD FS
Channel
Admin

Message

The Federation Service stopped successfully.

Event ID 104 —

Provider
AD FS
Channel
Unknown

Event ID 104 — The artifact resolution service is not running.

Provider
AD FS
Channel
Admin

Message

The artifact resolution service is not running. The service must be running to perform token replay detection. 

User Action 
Make sure that the artifact resolution service is configured properly. Or disable token replay detection by using the Set-ADFSProperties cmdlet with the PreventTokenReplays parameter in Windows PowerShell for AD FS.

Event ID 105 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3

Event ID 105 — An error occurred loading an authentication provider.

Provider
AD FS
Channel
Admin

Message

An error occurred loading an authentication provider. Fix configuration errors using PowerShell cmdlets and restart the Federation Service. 
Identifier: %1 
Context: %2 

Additional Data 
Exception details: 
%3

Fields

NameDescription
data1
data2
data3

Event ID 106 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 106 — An authentication provider was successfully loaded: Identifier: '.

Provider
AD FS
Channel
Admin

Message

An authentication provider was successfully loaded: Identifier: '%1', Context: '%2'

Fields

NameDescription
data1
data2

Event ID 111 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 111 — The Federation Service encountered an error while processing the WS-Trust request.

Provider
AD FS
Channel
Admin

Message

The Federation Service encountered an error while processing the WS-Trust request. 
Request type: %1 

Additional Data 
Exception details: 
%2

Fields

NameDescription
data1
data2

Event ID 131 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3

Event ID 131 — During processing of the Federation Service configuration, the element '.

Provider
AD FS
Channel
Admin

Message

During processing of the Federation Service  configuration, the element '%1' was found to have invalid data. The configured value '%2' could not be parsed as type '%3'. 
Element: %1 
Value: %2 
Type: %3 

The Federation Service will not be able to start until this configuration element is corrected. 

User Action 
Correct the specified configuration element to conform to the given type.

Fields

NameDescription
data1
data2
data3

Event ID 132 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 132 — During processing of the Federation Service configuration, the required element '.

Provider
AD FS
Channel
Admin

Message

During processing of the Federation Service configuration, the required element '%1' was missing. 
Element: %1 

The Federation Service will not be able to start until this configuration element is configured. 

User Action 
Configure the specified configuration element using the AD FS Management snap-in.

Fields

NameDescription
data1

Event ID 133 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4
data5
data6

Event ID 133 — During processing of the Federation Service configuration, the element '.

Provider
AD FS
Channel
Admin

Message

During processing of the Federation Service configuration, the element '%1' was found to have invalid data. The private key for the certificate that was configured could not be accessed. The following are the values of the certificate: 
Element: %1 
Subject: %2 
Thumbprint: %3 
storeName: %4 
storeLocation: %5 
Federation Service identity: %6 

The Federation Service will not be able to start until this configuration element is corrected. 

This condition can occur when the certificate is found in the specified store but there is a problem accessing the certificate's private key. Common causes for this condition include the following: 
(1) The certificate was installed from a source that did not include the private key, such as a .cer or .p7b file. 
(2) The certificate's private key was imported (for example, from a .pfx file) into a store that is different from the store specified above. 
(3) The certificate was generated as part of a certificate request that did not specify the "Machine Key" option. 
(4) The Federation Service identity '%6' has not been granted read access to the certificate's private key. 

User Action 
If the certificate was imported from a source with no private key, choose a certificate that does have a private key, or import the certificate again from a source that includes the private key (for example, a .pfx file). 

If the certificate was imported in a user context, verify that the store specified above matches the store the certificate was imported into. 

If the certificate was generated by a certificate request that did not specify the "Machine Key" option and the key is marked as exportable, export the certificate with a private key from the user store to a .pfx file and import it again directly into the store specified in the configuration file. If the key is not marked as exportable, request a new certificate using the "Machine Key" option. 

If the Federation Service identity has not been granted read access to the certificate's private key, correct this condition using the Certificates  snap-in.

Fields

NameDescription
data1
data2
data3
data4
data5
data6

Event ID 134 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4
data5

Event ID 134 — During processing of the Federation Service configuration, the element '.

Provider
AD FS
Channel
Admin

Message

During processing of the Federation Service configuration, the element '%1' was found to have invalid data. The certificate that was identified by the findValue '%2' could not be found. 
Element: %1 
storeName: %3 
storeLocation: %4 
x509FindType: %5 
findValue: %2 

The Federation Service will not be able to start until this configuration element is corrected. 

This condition occurs when the findValue that is specified does not match any certificate in the specified store. Common causes for this condition include the following: 
(1) The certificate with the specified findValue is from a store that is different from the configured store. 
(2) The certificate was deleted from the store after configuration. 

User Action 
If the certificate exists in a different store, find the location using the certificates snap-in and correct the configuration appropriately. 

If the certificate has been deleted, configure a different certificate.

Fields

NameDescription
data1
data2
data3
data4
data5

Event ID 135 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4
data5

Event ID 135 — During processing of the Federation Service configuration, the element '.

Provider
AD FS
Channel
Admin

Message

During processing of the Federation Service configuration, the element '%1' was found to have invalid data. The certificate that was identified by the findValue '%2' was not unique. 
Element: %1 
storeName: %3 
storeLocation: %4 
x509FindType: %5 
findValue: %2 

The Federation Service will not be able to start until this configuration element is corrected. 

This condition can occur when the certificate is found in the specified store but there is more than one certificate that matches the findValue. 

User Action 
If the certificate was identified by name and there are multiple certificates of the same name, configure the certificate using the certificate thumbprint.

Fields

NameDescription
data1
data2
data3
data4
data5

Event ID 136 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 136 — During processing of the Federation Service configuration, the Federation Service encountered a configuration error.

Provider
AD FS
Channel
Admin

Message

During processing of the Federation Service configuration, the Federation Service encountered a configuration error. 

%1 

Additional Data 
%2 

The Federation Service will not be able to start until this error has been corrected. 

User Action 
Correct the specified configuration error using the AD FS Management snap-in.

Fields

NameDescription
data1
data2

Event ID 143 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 143 — The Federation Service was unable to create the federation metadata document as a result of an error.

Provider
AD FS
Channel
Admin

Message

The Federation Service was unable to create the federation metadata document as a result of an error. 
Document Path: %1 

Additional Data 

Exception details: 
%2

Fields

NameDescription
data1
data2

Event ID 144 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 144 — The Federation Service Proxy blocked an illegitimate request made by a client, as there was no matching endpoint registered at the proxy.

Provider
AD FS
Channel
Admin

Message

The Federation Service Proxy blocked an illegitimate request made by a client, as there was no matching  endpoint registered at the proxy. This could point to a DNS misconfiguration, a partially configured application  published through the proxy, or a malicious request. 
Url Path: %1

Fields

NameDescription
data1

Event ID 147 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 147 — A token was received from a claims provider identified by the key '.

Provider
AD FS
Channel
Admin

Message

A token was received from a claims provider identified by the key '%1', but the token could not be validated because the key does not identify any known claims provider trust. 
Key: %1 

This request failed. 

User Action 
If this key represents the certificate thumbprint of a claims provider trust, verify that it  matches the signing certificate of the claims provider trust in the AD FS configuration database.

Fields

NameDescription
data1

Event ID 149 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3

Event ID 149 — During processing of the Federation Service configuration, the attribute store '.

Provider
AD FS
Channel
Admin

Message

During processing of the Federation Service configuration, the attribute store '%1' could not be loaded.  
Attribute store type: %2 

User Action 
If you are using a custom attribute store, verify that the custom attribute store is configured using AD FS Management snap-in. 

Additional Data 
%3

Fields

NameDescription
data1
data2
data3

Event ID 155 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 155 — The Federation Service was unable to listen at '.

Provider
AD FS
Channel
Admin

Message

The Federation Service was unable to listen at '%1' for metadata document requests due to an unexpected error. 

Additional Data 

Exception details: 
%2

Fields

NameDescription
data1
data2

Event ID 156 —

Provider
AD FS
Channel
Unknown

Event ID 156 — Trust monitoring cycle initiated.

Provider
AD FS
Channel
Admin

Message

Trust monitoring cycle initiated.

Event ID 157 —

Provider
AD FS
Channel
Unknown

Event ID 157 — Trust monitoring cycle completed.

Provider
AD FS
Channel
Admin

Message

Trust monitoring cycle completed.

Event ID 159 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4
data5

Event ID 159 — The Federation Service encountered an error while writing to the following object in the configuration database.

Provider
AD FS
Channel
Admin

Message

The Federation Service encountered an error while writing to the following object in the configuration database. 

Object Type: 
%1 

Name: 
%2 

Metadata document URL: 
%3 

Additional Data 

Exception details: 
%4 

Additional details: 
%5

Fields

NameDescription
data1
data2
data3
data4
data5

Event ID 163 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 163 — An error occurred during initialization of trust monitoring.

Provider
AD FS
Channel
Admin

Message

An error occurred during initialization of trust monitoring. Trust monitoring against the published partner configuration will be disabled for the lifetime of this service. 

Additional Data 

Exception details: 
%1 

User Action 
If you want to try to start the trust monitoring service again, restart the Federation Service.

Fields

NameDescription
data1

Event ID 164 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 164 — An error occurred during a read operation from the configuration database.

Provider
AD FS
Channel
Admin

Message

An error occurred during a read operation from the configuration database. Trust monitoring was shut down and will be tried again after an amount of time that corresponds to the trust monitoring interval. 

Additional Data 

Exception details: 
%1 

Additional details: 
%2

Fields

NameDescription
data1
data2

Event ID 165 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 165 — An error occurred during trust monitoring.

Provider
AD FS
Channel
Admin

Message

An error occurred during trust monitoring. The trust monitoring cycle was shut down. 

Additional Data 

Exception details: 
%1 

Additional details: 
%2

Fields

NameDescription
data1
data2

Event ID 166 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4
data5

Event ID 166 — Trust monitoring service encountered an error while parsing the metadata document from '.

Provider
AD FS
Channel
Admin

Message

Trust monitoring service encountered an error while parsing the metadata document from '%1'. Trust monitoring failed for: 

Object Type: 
%2 

Name: 
%3 

Additional Data 

Exception details: 
%4 

Additional details: 
%5

Fields

NameDescription
data1
data2
data3
data4
data5

Event ID 167 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4
data5

Event ID 167 — Trust monitoring service encountered an error while applying the data in the metadata document from '.

Provider
AD FS
Channel
Admin

Message

Trust monitoring service encountered an error while applying the data in the metadata document from '%1'. Trust monitoring failed for: 

Object Type: 
%2 

Name: 
%3 

Additional Data 

Exception details: 
%4 

Additional details: 
%5

Fields

NameDescription
data1
data2
data3
data4
data5

Event ID 168 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4
data5

Event ID 168 — The Federation Service encountered an error while retrieving the federation metadata document from '.

Provider
AD FS
Channel
Admin

Message

The Federation Service encountered an error while retrieving the federation metadata document from '%1'. The monitoring for the following trusts failed: 

Claims providers: 
%2 

Relying parties: 
%3 

Additional Data 

Exception details: 
%4 

Additional details: 
%5 

User Action 
Make sure federation metadata URL is accessible. 
Verify your proxy server setting. For more information about how to verify your proxy server setting, see the AD FS Troubleshooting Guide (http://go.microsoft.com/fwlink/?LinkId=182180).

Fields

NameDescription
data1
data2
data3
data4
data5

Event ID 171 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 171 — The trust monitoring service automatically updated the trust of '.

Provider
AD FS
Channel
Admin

Message

The trust monitoring service automatically updated the trust of '%1' successfully with the partner's published changes.

Fields

NameDescription
data1

Event ID 173 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 173 — The trust monitoring service automatically updated the trust of '.

Provider
AD FS
Channel
Admin

Message

The trust monitoring service automatically updated the trust of '%1' successfully with the partner's published changes. 

Additional Data 
Warnings: 
%2

Fields

NameDescription
data1
data2

Event ID 174 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 174 — Trust monitoring service detected changes in policy of '.

Provider
AD FS
Channel
Admin

Message

Trust monitoring service detected changes in policy of '%1', but did not automatically apply the changes on the trust partner. 

Additional Data 
Warnings: 
%2

Fields

NameDescription
data1
data2

Event ID 180 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4

Event ID 180 — An error occurred while upgrading FarmBehaviorLevel '.

Provider
AD FS
Channel
Admin

Message

An error occurred while upgrading FarmBehaviorLevel '%1' from Minor Version '%2' to Minor Version '%3'. 

Additional Data 
Exception details: 
%4

Fields

NameDescription
data1
data2
data3
data4

Event ID 181 —

Provider
AD FS
Channel
Unknown

Event ID 181 — AD FS could not enable the new KDFv2 feature automatically because of missing Windows Updates on one or more nodes of the farm.

Provider
AD FS
Channel
Admin

Message

AD FS could not enable the new KDFv2 feature automatically because of missing Windows Updates on one or more nodes of the farm. Please make sure that all the farm nodes are patched with the latest Windows Updates. AD FS checks regularly for the required updates to enable the new KDFv2 feature. An event 182 will be logged when a check is successful. For more information on this, please see https://go.microsoft.com/fwlink/?linkid=2153807.

Event ID 182 —

Provider
AD FS
Channel
Unknown

Event ID 182 — AD FS enabled the new KDFv2 feature successfully.

Provider
AD FS
Channel
Admin

Message

AD FS enabled the new KDFv2 feature successfully. For more information on this, please see https://go.microsoft.com/fwlink/?linkid=2153807.

Event ID 183 —

Provider
AD FS
Channel
Unknown

Event ID 183 — KDFv2 feature is disabled on AD FS farm.

Provider
AD FS
Channel
Admin

Message

KDFv2 feature is disabled on AD FS farm. Please make sure that all the farm nodes are patched with latest Windows Updates and the KDFv2 feature is enabled to enhance the security of the farm. For more information on this, please see https://go.microsoft.com/fwlink/?linkid=2153807.

Event ID 184 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 184 — A token request was received for a relying party identified by the key '.

Provider
AD FS
Channel
Admin

Message

A token request was received for a relying party identified by the key '%1', but the request could not be fulfilled because the key does not identify any known relying party trust. 
Key: %1 

This request failed. 

User Action 
If this key represents a URI for which a token should be issued, verify that its prefix matches the relying party trust that is configured in the AD FS configuration database.

Fields

NameDescription
data1

Event ID 186 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 186 — The Federation Service could not fulfill the token-issuance request.

Provider
AD FS
Channel
Admin

Message

The Federation Service could not fulfill the token-issuance request. More than  one claim based on SamlNameIdentifierClaimResource was produced after the issuance  transform rules were applies for relying party '%2'. See event 500 with the same Instance ID for claims after application of issuance transform rules. 

Additional Data 
Instance ID: %1 

User Action 
Ensure that the issuance transform rules that are configured for the relying party do not result in multiple claims based on SamlNameIdentifierClaimResource.

Fields

NameDescription
data1
data2

Event ID 187 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 187 — AD FS server received a JWT token without nonce in the assertion and it was accepted based on the current configuration setting of EnforceNonceInJWT.

Provider
AD FS
Channel
Admin

Message

AD FS server received a JWT token without nonce in the assertion and it was accepted based on the current configuration setting of EnforceNonceInJWT. However, it indicates a potential replay of the JWT token by a malicious client or the possibility that the client is not patched with latest Windows Updates. Please make sure to update the EnforceNonceInJWT setting to reject all such JWT tokens after patching the clients with latest Windows Updates. 
For more information on this, please see https://go.microsoft.com/fwlink/?linkid=2238156. 

Additional Data 
    Client IP: %1 
    User Agent: %2

Fields

NameDescription
data1
data2

Event ID 188 —

Provider
AD FS
Channel
Unknown

Event ID 188 — AD FS server is not configured to reject JWT tokens that did not have nonce in the assertion.

Provider
AD FS
Channel
Admin

Message

AD FS server is not configured to reject JWT tokens that did not have nonce in the assertion. The corresponding setting (EnforceNonceInJWT) should be enabled for security reasons after making sure that all the clients are patched with the latest Windows Updates. 
The event 187 indicates the instances where AD FS received such tokens and accepted due to the current setting of EnforceNonceInJWT. 
For more information on this, please see https://go.microsoft.com/fwlink/?linkid=2238156.

Event ID 189 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3

Event ID 189 — AD FS server received an OAuth authorization request in the device code flow without a Cross Site Request Forgery (CSRF) protection code in the Use...

Provider
AD FS
Channel
Admin

Message

AD FS server received an OAuth authorization request in the device code flow without a Cross Site Request Forgery (CSRF) protection code in the UserCode cookie. This indicates that the AD FS server that issued the UserCode cookie has not  been patched with the latest Windows security updates. It is recommended to install the latest Windows security updates  on all the AD FS servers of the farm in order to be protected from CSRF attacks. Your environment is currently vulnerable  to the CSRF attacks in OAuth device code flow due to one or more unpatched AD FS servers. 

Additional Data 
    Usercode: %1 
    Client IP: %2 
    User Agent: %3

Fields

NameDescription
data1
data2
data3

Event ID 193 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3

Event ID 193 — The Federation Service could not satisfy a token request because the relying party requested an unknown authentication type.

Provider
AD FS
Channel
Admin

Message

The Federation Service could not satisfy a token request because the relying party requested an unknown authentication type. 
Comparison type: %1 
Desired authentication type(s): %2 
Relying party: %3 

This request failed. 

User Action 
Use the AD FS PowerShell commands to configure the authentication context order property. 
Ensure that the relying party is configured to request the correct authentication type.

Fields

NameDescription
data1
data2
data3

Event ID 197 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3

Event ID 197 — The Federation Service could not satisfy a token request because the accompanying credentials do not meet the authentication type requirement of '.

Provider
AD FS
Channel
Admin

Message

The Federation Service could not satisfy a token request because the accompanying credentials do not meet the authentication type requirement of '%2' for the relying party '%3'. 
Authentication type: %1 
Desired authentication type(s): %2 
Relying party: %3 

This request failed.

Fields

NameDescription
data1
data2
data3

Event ID 198 —

Provider
AD FS
Channel
Unknown

Event ID 198 — The federation server proxy started successfully.

Provider
AD FS
Channel
Admin

Message

The federation server proxy started successfully.

Event ID 199 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 199 — The federation server proxy could not be started.

Provider
AD FS
Channel
Admin

Message

The federation server proxy could not be started. 
Reason: %1 

Additional Data 
Exception details: 
%2

Fields

NameDescription
data1
data2

Event ID 200 —

Provider
AD FS
Channel
Unknown

Event ID 200 — The federation server proxy stopped successfully.

Provider
AD FS
Channel
Admin

Message

The federation server proxy stopped successfully.

Event ID 201 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 201 — The Federation Service %1 encountered an Access Denied error while trying to register one or more endpoint URLs.

Provider
AD FS
Channel
Admin

Message

The Federation Service %1 encountered an Access Denied error while trying to register one or more endpoint URLs. This condition typically occurs when the ACL for the endpoint URL is missing or the HTTP namespace in the ACL is not a prefix match of the endpoint URL. 

 The %1 could not be opened. 

User Action 
Ensure that a valid ACL for each of the URLs has been configured on this computer. 

Additional Data 
Exception details: 
%2

Fields

NameDescription
data1
data2

Event ID 202 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 202 — The Federation Service %1 could not be opened.

Provider
AD FS
Channel
Admin

Message

The Federation Service %1 could not be opened. 

Additional Data 
Exception details: 
%2

Fields

NameDescription
data1
data2

Event ID 203 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 203 — The Federation Service %1 could not be shut down properly.

Provider
AD FS
Channel
Admin

Message

The Federation Service %1 could not be shut down properly. 

Additional Data 
Exception details: 
%2

Fields

NameDescription
data1
data2

Event ID 204 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 204 — The Federation Service %1 could not be closed.

Provider
AD FS
Channel
Admin

Message

The Federation Service %1 could not be closed. 

Additional Data 
Exception details: 
%2

Fields

NameDescription
data1
data2

Event ID 206 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 206 — The Federation Service could not fulfill the token-issuance request because the relying party '.

Provider
AD FS
Channel
Admin

Message

The Federation Service could not fulfill the token-issuance request because the relying party '%1' is missing a WS-Federation Passive endpoint address. 
Relying party: %1 

This request failed. 

User Action 
Use the AD FS Management snap-in to configure a WS-Federation Passive endpoint on this relying party.

Fields

NameDescription
data1

Event ID 207 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 207 — An attempt to write to the Security event log failed.

Provider
AD FS
Channel
Admin

Message

An attempt to write to the Security event log failed. 

Additional Data 
Windows error code: %1 
Exception details: 
%2

Fields

NameDescription
data1
data2

Event ID 208 —

Provider
AD FS
Channel
Unknown

Event ID 208 — An error occurred during an attempt to register the event source for the Security log.

Provider
AD FS
Channel
Admin

Message

An error occurred during an attempt to register the event source for the Security log.  

User Action 
Ensure that the Federation Service has the correct permissions to write to the Security log.

Event ID 209 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 209 — The Security log event source for the Federation Service could not be registered.

Provider
AD FS
Channel
Admin

Message

The Security log event source for the Federation Service could not be registered. 

Additional Data 
Windows error code: %1 
Exception details: 
%2

Fields

NameDescription
data1
data2

Event ID 215 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 215 — The Federation Service at '.

Provider
AD FS
Channel
Admin

Message

The Federation Service at '%1' did not return any WS-Trust endpoints to be published by the federation server proxy. 

User Action 
If you want to publish WS-Trust endpoints to the federation server proxy, make sure that the endpoints are enabled for proxy use on the federation server.

Fields

NameDescription
data1

Event ID 217 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3

Event ID 217 — A WS-Trust endpoint that was configured could not be opened.

Provider
AD FS
Channel
Admin

Message

A WS-Trust endpoint that was configured could not be opened. 

Additional Data 
Address: %1 
Mode:    %2 

Error: 
%3

Fields

NameDescription
data1
data2
data3

Event ID 218 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 218 — The federation server proxy received error code '.

Provider
AD FS
Channel
Admin

Message

The federation server proxy received error code '%2' while making a request to the Federation Service at '%1'. This could mean that the Federation Service is not started on the remote host. 

User Action 
Verify that the Federation Service is running on the remote host.

Fields

NameDescription
data1
data2

Event ID 220 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 220 — The Federation Service configuration could not be loaded correctly from the AD FS configuration database.

Provider
AD FS
Channel
Admin

Message

The Federation Service configuration could not be loaded correctly from the AD FS configuration database. 

Additional Data 
Error:  
%1

Fields

NameDescription
data1

Event ID 221 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 221 — A change to the token service configuration was detected, but there was an error reloading the changes to configuration.

Provider
AD FS
Channel
Admin

Message

A change to the token service configuration was detected, but there was an error reloading the changes to configuration. 

Additional Data 
Error:  
%1

Fields

NameDescription
data1

Event ID 222 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 222 — The federation server proxy was unable to complete a request to the Federation Service at address '.

Provider
AD FS
Channel
Admin

Message

The federation server proxy was unable to complete a request to the Federation Service at address '%1' because of a time-out. This might mean that the Federation Service is currently unavailable. 

User Action 
Verify that the Federation Service is running.

Fields

NameDescription
data1

Event ID 223 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 223 — Claim description could not be loaded correctly from the database.

Provider
AD FS
Channel
Admin

Message

Claim description could not be loaded correctly from the database. 

Additional Data 
Error:  
%1

Fields

NameDescription
data1

Event ID 224 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 224 — The federation server proxy configuration could not be updated with the latest configuration on the federation service.

Provider
AD FS
Channel
Admin

Message

The federation server proxy configuration could not be updated with the latest configuration on the federation service. 

Additional Data 
Error:  
%1

Fields

NameDescription
data1

Event ID 225 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 225 — A change to the service configuration was detected, but there was an error reloading the changes to %1.

Provider
AD FS
Channel
Admin

Message

A change to the service configuration was detected, but there was an error reloading the changes to %1. 

Additional Data 
Error:  
%2

Fields

NameDescription
data1
data2

Event ID 230 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 230 — The federation server proxy has detected congestion, caused by high latency response times, on the Federation Service.

Provider
AD FS
Channel
Admin

Message

The federation server proxy has detected congestion, caused by high latency response times, on the Federation Service. The load might be above the Federation Service operating capacity, or there might be network connectivity issues. Request throttling has been enforced to limit the number of concurrent requests to the following size: %1. 

User Action 
Verify that the Federation Service is operating within its operating capacity. 
Verify that the Federation Service is not experiencing network outages.

Fields

NameDescription
data1

Event ID 238 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 238 — The Federation Service failed to find a domain controller for the domain %1.

Provider
AD FS
Channel
Admin

Message

The Federation Service failed to find a domain controller for the domain %1. 

Additional Data 
Domain Name: %1 
Error: %2 

User Action 
Use Nltest to determine why DC locator is failing. Nltest is part of the Windows Support Tools.

Fields

NameDescription
data1
data2

Event ID 244 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 244 — The Federation Service was unable to listen at '.

Provider
AD FS
Channel
Admin

Message

The Federation Service was unable to listen at '%1' for WS-MetadataExchange requests due to an unexpected error. 

Additional Data 

Exception details: 
%2

Fields

NameDescription
data1
data2

Event ID 245 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 245 — The federation server proxy successfully retrieved and updated its configuration from the Federation Service '.

Provider
AD FS
Channel
Admin

Message

The federation server proxy successfully retrieved and updated its configuration from the Federation Service '%1'.

Fields

NameDescription
data1

Event ID 246 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4
data5
data6
data7
data8

Event ID 246 — The Federation Service encountered an error during an attempt to connect to a LDAP server at %1.

Provider
AD FS
Channel
Admin

Message

The Federation Service encountered an error during an attempt to connect to a LDAP server at %1. 

Additional Data 
Domain Name: %1 
LDAP server hostname (if available): %2 
Authentication type: %3 
SSL mode: %4 
Username (if available): %5 
Error code (if available): %6 
Error from LDAP server (if available): %7 
Exception Details: 
 %8 

User Action 
 Check the network connectivity to the LDAP server. Also, check whether the LDAP server is configured properly.

Fields

NameDescription
data1
data2
data3
data4
data5
data6
data7
data8

Event ID 247 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4
data5
data6
data7
data8

Event ID 247 — The Federation Service encountered an error while connecting to a global catalog server at %1.

Provider
AD FS
Channel
Admin

Message

The Federation Service encountered an error while connecting to a global catalog server at %1. 

Additional Data 
Domain Name: %1 
Global Catalog hostname (if available): %2 
Authentication type: %3 
SSL mode: %4 
Username (if available): %5 
Error code (if available): %6 
Error from server (if available): %7 
Exception Details: 
 
 %8 

User Action 
Troubleshoot the network connectivity to the global catalog server. Also, verify that the global catalog server is configured properly.

Fields

NameDescription
data1
data2
data3
data4
data5
data6
data7
data8

Event ID 248 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 248 — The federation server proxy was not able to retrieve the list of endpoints from the Federation Service at %1.

Provider
AD FS
Channel
Admin

Message

The federation server proxy was not able to retrieve the list of endpoints from the Federation Service at %1. The error message is '%2'. 

User Action 
Make sure that the Federation Service is running. Troubleshoot network connectivity. If the trust between the federation server proxy and the Federation Service is lost, run the Federation Server Proxy Configuration Wizard again.

Fields

NameDescription
data1
data2

Event ID 249 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 249 — The certificate identified by thumbprint '.

Provider
AD FS
Channel
Admin

Message

The certificate identified by thumbprint '%1' could not be found in the certificate store.  In certificate rollover scenarios, this can potentially cause a failure when the Federation Service is signing or decrypting using this certificate. 

User Action 
Ensure that the certificate that is identified by thumbprint '%1' has been added to the Localmachine "My" store and that it is accessible by the service account of the Federation Service.

Fields

NameDescription
data1

Event ID 250 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 250 — Expiration of the artifact failed.

Provider
AD FS
Channel
Admin

Message

Expiration of the artifact failed. 

Additional Data 
Exception message: 
%1 

User Action 
Ensure that the artifact storage server is configured properly. Troubleshoot network connectivity to the artifact storage server.

Fields

NameDescription
data1

Event ID 251 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 251 — Attribute store '.

Provider
AD FS
Channel
Admin

Message

Attribute store '%1' is loaded successfully.

Fields

NameDescription
data1

Event ID 252 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 252 — The AD FS proxy service made changes to the endpoints it is listening on based on the configuration it retrieved from the Federation Service.

Provider
AD FS
Channel
Admin

Message

The AD FS proxy service made changes to the endpoints it is listening on based on the configuration it retrieved from the Federation Service. 

Endpoints added: 
%1 

Endpoints removed: 
%2

Fields

NameDescription
data1
data2

Event ID 253 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 253 — AD FS proxy service failed to start a listener for the endpoint '.

Provider
AD FS
Channel
Admin

Message

AD FS proxy service failed to start a listener for the endpoint '%1' 
Exceptiondetails: 
%2 

User action: Ensure that no conflicting SSL bindings are configured for the specified endpoint.

Fields

NameDescription
data1
data2

Event ID 258 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 258 — The relying party '.

Provider
AD FS
Channel
Admin

Message

The relying party '%1' is not configured with SAML Assertion Consumer Services. 
Relying party: %1 

This request failed. 

User Action 
Use the AD FS Management snap-in to configure one or more Assertion Consumer Services for this relying party.

Fields

NameDescription
data1

Event ID 259 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 259 — The request specified an Assertion Consumer Service index '.

Provider
AD FS
Channel
Admin

Message

The request specified an Assertion Consumer Service index '%1' that is not  configured on the relying party '%2'. 
Assertion Consumer Service index: %1 
Relying party: %2 

This request failed. 

User Action 
Use the AD FS Management snap-in to configure an Assertion Consumer Service with the specified index for this relying party.

Fields

NameDescription
data1
data2

Event ID 260 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 260 — The request specified an Assertion Consumer Service protocol binding '.

Provider
AD FS
Channel
Admin

Message

The request specified an Assertion Consumer Service protocol binding '%1' that is not  configured on the relying party '%2'. 
Assertion Consumer Service protocol binding: %1 
Relying party: %2 

This request failed. 

User Action 
Use the AD FS Management snap-in to configure an Assertion Consumer Service with the specified protocol binding for this relying party.

Fields

NameDescription
data1
data2

Event ID 261 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 261 — The request specified an Assertion Consumer Service URL '.

Provider
AD FS
Channel
Admin

Message

The request specified an Assertion Consumer Service URL '%1' that is not  configured on the relying party '%2'. 
Assertion Consumer Service URL: %1 
Relying party: %2 

This request failed. 

User Action 
Use the AD FS Management snap-in to configure an Assertion Consumer Service with the specified URL for this relying party.

Fields

NameDescription
data1
data2

Event ID 262 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 262 — The artifact resolution request failed.

Provider
AD FS
Channel
Admin

Message

The artifact resolution request failed. 

Additional Data 
Exception message: 
%1

Fields

NameDescription
data1

Event ID 273 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4

Event ID 273 — The request specified an assertion consumer service that is not configured or not supported on the relying party '.

Provider
AD FS
Channel
Admin

Message

The request specified an assertion consumer service  that is not  configured or not supported on the relying party '%4'. 
Request parameters: '%1', '%2', '%3' 
Relying party: %4 

This request failed. 

User Action 
Use the AD FS Management snap-in to configure an assertion consumer service with the specified parameters for this relying party. Also, check whether the artifact resolution service is enabled if the SAML artifact is requested.

Fields

NameDescription
data1
data2
data3
data4

Event ID 274 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 274 — The federation server proxy encountered an error while trying to listen on one of the proxy endpoints.

Provider
AD FS
Channel
Admin

Message

The federation server proxy encountered an error while trying to listen on one of the proxy endpoints.  The federation server proxy will not be able to start until it can listen on all required proxy endpoints. 
Proxy Endpoints: 
 
%1 

User Action 
Ensure that the permissions on the URLs of the proxy endpoints allow the federation server proxy security account (the default is Network Service) to listen on them.

Fields

NameDescription
data1

Event ID 275 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 275 — The federation server proxy could not establish a trust relationship for the SSL secure channel with the Federation Service %1.

Provider
AD FS
Channel
Admin

Message

The federation server proxy could not establish a trust relationship for the SSL secure channel with the Federation Service %1. 
Error Message: 
%2 

User Action 
Ensure that the SSL certificate for Federation Service '%1' is valid and trusted by the federation server proxy.

Fields

NameDescription
data1
data2

Event ID 276 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4
data5

Event ID 276 — The federation server proxy was not able to authenticate to the Federation Service.

Provider
AD FS
Channel
Admin

Message

The federation server proxy was not able to authenticate to the Federation Service. 

User Action 
Ensure that the proxy is trusted by the Federation Service. To do this, log on to the proxy computer with the host name that is identified in the certificate subject name and re-establish trust between the proxy and the Federation Service using the Install-WebApplicationProxy cmdlet. 

Additional Data 

Certificate details: 

Subject Name: 
%1 

Thumbprint: 
%2 

NotBefore Time: 
%3 

NotAfter Time: 
%4 

Client endpoint: 
%5

Fields

NameDescription
data1
data2
data3
data4
data5

Event ID 277 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 277 — The Federation Service encountered an unexpected exception and has shut down.

Provider
AD FS
Channel
Admin

Message

The Federation Service encountered an unexpected exception and has shut down. 

Additional Data 
Exception details: 
%1

Fields

NameDescription
data1

Event ID 278 —

Provider
AD FS
Channel
Unknown

Event ID 278 — The SAML artifact resolution endpoint is not configured or it is disabled.

Provider
AD FS
Channel
Admin

Message

The SAML artifact resolution endpoint is not configured or it is disabled. 

User Action 
If SAML artifact resolution is required, use the AD FS Management snap-in to configure or enable the SAML artifact resolution endpoint.

Event ID 279 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 279 — Unable to find a claims provider trust for SAML artifact resolution in the AD FS configuration database.

Provider
AD FS
Channel
Admin

Message

Unable to find a claims provider trust for SAML artifact resolution in the AD FS configuration database.  
SAML artifact: %1 

This request failed. 

User Action 
Verify that a claims provider trust exists in the AD FS configuration database. 
Make sure that the data for the claims provider trust is up to date.

Fields

NameDescription
data1

Event ID 280 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 280 — Unable to resolve the SAML artifact from the claims provider because the claims provider trust does not have the artifact resolution service config...

Provider
AD FS
Channel
Admin

Message

Unable to resolve the SAML artifact from the claims provider because the claims provider trust does not have the artifact resolution service configured.  
Claims provider trust: %1 

This request failed. 

User Action 
Verify that the claims provider trust in the AD FS configuration database is up to date. 
Add the artifact resolution service endpoint to the claims provider trust.

Fields

NameDescription
data1

Event ID 281 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 281 — Unable to resolve the SAML artifact from the claims provider because the claims provider trust does not have the required artifact resolution endpo...

Provider
AD FS
Channel
Admin

Message

Unable to resolve the SAML artifact from the claims provider because the claims provider trust does not have the required artifact resolution endpoint with the specified index configured.  
Claims provider trust: %1 
Required endpoint index: %2 

This request failed. 

User Action 
Verify that the claims provider trust in the AD FS configuration database is up to date. 
Use the AD FS Management snap-in to configure the artifact resolution endpoint with the  specified index.

Fields

NameDescription
data1
data2

Event ID 283 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3

Event ID 283 — Unable to resolve the SAML artifact.

Provider
AD FS
Channel
Admin

Message

Unable to resolve the SAML artifact. The artifact resolution request to the claims provider failed. See inner exception for more details. 
SAML Artifact: %1 
Claims provider: %2 
Inner exception: 
%3 

This request failed. 

User Action 
Verify that the claims provider trust in the AD FS configuration database is up to date. 
Verify network connectivity. 
Verify your proxy server setting. For more information about how to verify your proxy server setting, see the AD FS Troubleshooting Guide (http://go.microsoft.com/fwlink/?LinkId=182180).

Fields

NameDescription
data1
data2
data3

Event ID 284 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 284 — Unable to resolve the SAML artifact.

Provider
AD FS
Channel
Admin

Message

Unable to resolve the SAML artifact. A malformed response was received from the claims provider. See inner exception for more details. 
SAML artifact: %1 
Claims provider: %2 

This request failed. 

User Action 
Verify that the claims provider trust in the AD FS configuration database is up to date.

Fields

NameDescription
data1
data2

Event ID 285 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 285 — The SAML artifact was resolved, but the response is empty or does not contain expected assertions.

Provider
AD FS
Channel
Admin

Message

The SAML artifact was resolved, but the response is empty or does not contain expected assertions. 
SAML artifact: %1 
Claims provider: %2 

This request failed. 

User Action 
For more information, contact the claims provider.

Fields

NameDescription
data1
data2

Event ID 286 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 286 — Cannot connect to the artifact database.

Provider
AD FS
Channel
Admin

Message

Cannot connect to the artifact database. 
Connection string: %1 
Error message: 

%2 

User Action 
Ensure that the artifact database is configured properly. Use the Set-ADFSProperties cmdlet with the ArtifactDbConnection parameter in the Windows PowerShell for AD FS to modify the connection string, if necessary. 
Troubleshoot the connectivity to the artifact storage .

Fields

NameDescription
data1
data2

Event ID 287 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 287 — Cannot add the artifact to the artifact database.

Provider
AD FS
Channel
Admin

Message

Cannot add the artifact to the artifact database. See exception message for more details. 
Artifact ID: %1 
Inner exception details: 
%2 

User Action 
Ensure that the artifact database is configured properly.  
Troubleshoot the connectivity to the artifact database.

Fields

NameDescription
data1
data2

Event ID 288 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 288 — Cannot get the artifact from storage.

Provider
AD FS
Channel
Admin

Message

Cannot get the artifact from storage. See exception message for more details. 
ArtifactId: %1 
Inner exception details: 
%2 

User Action 
Ensure that the artifact storage in the AD FS configuration database is configured properly.  
Troubleshoot connectivity to the artifact storage in the AD FS configuration database.

Fields

NameDescription
data1
data2

Event ID 289 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 289 — Cannot remove the artifact from storage.

Provider
AD FS
Channel
Admin

Message

Cannot remove the artifact from storage. See inner exception message for more details. 
ArtifactId: %1 
Inner exception details: 
%2 

User Action 
Ensure that the artifact storage in the AD FS configuration database is configured properly.  
Troubleshoot connectivity to the artifact storage in the AD FS configuration database.

Fields

NameDescription
data1
data2

Event ID 290 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 290 — Cannot set expiration for the artifacts in storage.

Provider
AD FS
Channel
Admin

Message

Cannot set expiration for the artifacts in storage. See inner exception message for more details. 
Inner exception details: 
%1 

User Action 
Ensure that the artifact storage in the AD FS configuration database is configured properly.  
Troubleshoot connectivity to the artifact storage in the AD FS configuration database.

Fields

NameDescription
data1

Event ID 291 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 291 — The artifact resolution service could not be started.

Provider
AD FS
Channel
Admin

Message

The artifact resolution service could not be started. 

Additional Data 
Exception details: 
%1 

User Action 
Make sure artifact resolution service is properly configured.

Fields

NameDescription
data1

Event ID 293 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 293 — A SAML request for the required artifact was rejected because the artifact resolution service is not enabled.

Provider
AD FS
Channel
Admin

Message

A SAML request for the required artifact was rejected because the artifact resolution service is not enabled. 
Relying party: %1 

This request failed. 

User Action 
Enable the artifact resolution service. 
Use the AD FS Management snap-in to configure or enable the SAML artifact resolution endpoint.

Fields

NameDescription
data1

Event ID 294 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 294 — The SAML artifact resolution request specified an issuer that is not configured for the relying party.

Provider
AD FS
Channel
Admin

Message

The SAML artifact resolution request specified an issuer that is not configured for the relying party. 
Relying party: %1 
Artifact resolution request issuer: %2 

This artifact resolution request failed. 

User Action 
Ensure that the relying party is configured properly using the AD FS Management snap-in.

Fields

NameDescription
data1
data2

Event ID 297 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 297 — The SAML artifact resolution request required an artifact resolution service endpoint with an index that is not configured.

Provider
AD FS
Channel
Admin

Message

The SAML artifact resolution request required an artifact resolution service endpoint with an index that is not configured. 
Endpoint index: %1 
Configured endpoint index: %2 

This artifact resolution request failed.

Fields

NameDescription
data1
data2

Event ID 298 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 298 — The Windows Hello for Business key receipt certificate background task will not run.

Provider
AD FS
Channel
Admin

Message

The Windows Hello for Business key receipt certificate background task will not run. 

Additional Information: %1

Fields

NameDescription
data1

Event ID 302 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4
data5

Event ID 302 — The Federation Service could not authorize token issuance for caller '.

Provider
AD FS
Channel
Admin

Message

The Federation Service could  not authorize token issuance for caller '%2' as subject '%3' to the relying party '%4'. See event 501 with the same Instance ID for caller identity. See event 503 with the same Instance ID for ActAs identity, if any. 

Additional Data 
Instance ID: %1 
Relying party: %4 
Exception details: 
%5 
User Action 
Use the AD FS Management snap-in to ensure that the caller is authorized to act as the subject to the relying party.

Fields

NameDescription
data1
data2
data3
data4
data5

Event ID 303 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 303 — The Federation Service encountered an error while processing the SAML authentication request.

Provider
AD FS
Channel
Admin

Message

The Federation Service encountered an error while processing the SAML authentication request. 

Additional Data 
Exception details: 
%1

Fields

NameDescription
data1

Event ID 305 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4
data5
data6
data7
data8

Event ID 305 — The Federation Service encountered an error while querying a LDAP server at %1.

Provider
AD FS
Channel
Admin

Message

The Federation Service encountered an error while querying a LDAP server at %1. 

Additional Data 
Domain name: %1 
LDAP server hostname (if available): %2 
Authentication type: %3 
SSL mode: %4 
Username (if available): %5 
Error code (if available): %6 
Error from LDAP server (if available): %7 
Exception Details: 
 %8

Fields

NameDescription
data1
data2
data3
data4
data5
data6
data7
data8

Event ID 306 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4
data5
data6
data7
data8

Event ID 306 — The Federation Service encountered an error while querying a global catalog server at %1.

Provider
AD FS
Channel
Admin

Message

The Federation Service encountered an error while querying a global catalog server at %1. 

Additional Data 
Domain name: %1 
Global catalog server hostname (if available): %2 
Authentication type: %3 
SSL mode: %4 
Username (if available): %5 
Error code (if available): %6 
Error from server (if available): %7 
Exception Details: 
 
 %8

Fields

NameDescription
data1
data2
data3
data4
data5
data6
data7
data8

Event ID 311 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 311 — An attempt to update AD FS performance counters failed.

Provider
AD FS
Channel
Admin

Message

An attempt to update AD FS performance counters failed.  

Additional Data 
Exception details: 
%1

Fields

NameDescription
data1

Event ID 315 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4

Event ID 315 — An error occurred during an attempt to build the certificate chain for the claims provider trust '.

Provider
AD FS
Channel
Admin

Message

An error occurred during an attempt to build the certificate chain for the claims provider trust '%1' certificate identified by thumbprint '%2'. Possible causes are that the certificate has been revoked, the certificate chain could not be verified as specified by the claims provider trust's signing certificate revocation settings or certificate is not within its validity period. 

You can use Windows PowerShell commands for AD FS to configure the revocation settings for the claims provider trust's signing certificate. 
Claims provider trust's signing certificate revocation settings: %3 
The following errors occurred while building the certificate chain:  
%4 

User Action: 
Ensure that the claims provider trust's signing certificate is valid and has not been revoked. 
Ensure that AD FS can access the certificate revocation list if the revocation setting does not specify "none" or a "cache only" setting. 
Verify your proxy server setting. For more information about how to verify your proxy server setting, see the AD FS Troubleshooting Guide (http://go.microsoft.com/fwlink/?LinkId=182180).

Fields

NameDescription
data1
data2
data3
data4

Event ID 316 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4

Event ID 316 — An error occurred during an attempt to build the certificate chain for the relying party trust '.

Provider
AD FS
Channel
Admin

Message

An error occurred during an attempt to build the certificate chain for the relying party trust '%1' certificate identified by thumbprint '%2'. Possible causes are that the certificate has been revoked, the certificate chain could not be verified as specified by the relying party trust's signing certificate revocation settings or certificate is not within its validity period. 

You can use Windows PowerShell commands for AD FS to configure the revocation settings for the relying party signing certificate. 
Relying party trust's signing certificate revocation settings: %3 
The following errors occurred while building the certificate chain:  
%4 

User Action: 
Ensure that the relying party trust's signing certificate is valid and has not been revoked. 
Ensure that AD FS can access the certificate revocation list if the revocation setting does not specify "none" or a "cache only" setting. 
Verify your proxy server setting. For more information about how to verify your proxy server setting, see the AD FS Troubleshooting Guide (http://go.microsoft.com/fwlink/?LinkId=182180).

Fields

NameDescription
data1
data2
data3
data4

Event ID 317 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4

Event ID 317 — An error occurred during an attempt to build the certificate chain for the relying party trust '.

Provider
AD FS
Channel
Admin

Message

An error occurred during an attempt to build the certificate chain for the relying party trust '%1' certificate identified by thumbprint '%2'. Possible causes are that the certificate has been revoked, the certificate chain could not be verified as specified by the relying party trust's encryption certificate revocation settings or certificate is not within its validity period. 

You can use Windows PowerShell commands for AD FS to configure the revocation settings for the relying party encryption certificate. 
Relying party trust's encryption certificate revocation settings: %3 
The following errors occurred while building the certificate chain:  
%4 

User Action: 
Ensure that the relying party trust's encryption certificate is valid and has not been revoked. 
Ensure that AD FS can access the certificate revocation list if the revocation setting does not specify "none" or a "cache only" setting. 
Verify your proxy server setting. For more information about how to verify your proxy server setting, see the AD FS Troubleshooting Guide (http://go.microsoft.com/fwlink/?LinkId=182180).

Fields

NameDescription
data1
data2
data3
data4

Event ID 319 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3

Event ID 319 — An error occurred while the certificate chain for the client certificate identified by thumbprint '.

Provider
AD FS
Channel
Admin

Message

An error occurred while the certificate chain for the client certificate identified by thumbprint '%1' was being built. The certificate chain could not be built. The certificate has been revoked, the certificate chain could not be verified as specified by the encryption certificate revocation settings or certificate is not within its validity period. 

You can use the Set-ADFSProperties cmdlet with the ProxyCertRevocationCheck parameter in Windows PowerShell for AD FS to configure the client certificate revocation settings. 
Client Certificate Revocation Settings: %2 
The following errors occurred while building the certificate chain:  
%3 

User Action: 
Ensure that the client certificate is valid and has not been revoked. 
Ensure that the Federation Service can access the certificate revocation list if the revocation setting does not specify "none" or a "cache only" setting. 
Verify your proxy server setting. For more information about how to verify your proxy server setting, see the AD FS Troubleshooting Guide (http://go.microsoft.com/fwlink/?LinkId=182180).

Fields

NameDescription
data1
data2
data3

Event ID 320 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 320 — The verification of the SAML message signature failed.

Provider
AD FS
Channel
Admin

Message

The verification of the SAML message signature failed. 
Message issuer: %1 
Exception details: 
%2 

This request failed. 

User Action 
Verify that the message issuer configuration in the AD FS configuration database is up to date. 
Configure the signing certificate for the specified issuer. 
Verify that the issuer's certificate is up to date. 
Verify the issuer and server message signing requirements.

Fields

NameDescription
data1
data2

Event ID 321 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4

Event ID 321 — The SAML authentication request had a NameID Policy that could not be satisfied.

Provider
AD FS
Channel
Admin

Message

The SAML authentication request had a NameID Policy that could not be satisfied. 
Requestor: %1 
Name identifier format: %2 
SPNameQualifier: %3 
Exception details: 
%4 

This request failed. 

User Action 
Use the AD FS Management snap-in to configure the configuration that emits the required name identifier.

Fields

NameDescription
data1
data2
data3
data4

Event ID 323 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4
data5

Event ID 323 — The Federation Service could not authorize token issuance for the caller '.

Provider
AD FS
Channel
Admin

Message

The Federation Service could  not authorize token issuance for the caller '%2' on behalf of the subject '%3' to the relying party '%4'. See event 501 with the same Instance ID for caller identity. See event 502 with the same Instance ID for OnBehalfOf identity, if any. 

Additional Data 
Instance ID: %1 
Exception details: 
%5 
User Action 
Use the Windows PowerShell Get-ADFSClaimsProviderTrust or Get-ADFSRelyingPartyTrust cmdlet to ensure the caller is authorized on behalf of the subject to the relying party.

Fields

NameDescription
data1
data2
data3
data4
data5

Event ID 325 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4

Event ID 325 — The Federation Service could not authorize token issuance for caller '.

Provider
AD FS
Channel
Admin

Message

The Federation Service could not authorize token issuance for caller '%2'. The caller is not authorized to request a token for the relying party '%3'. See event 501 with the same Instance ID for caller identity. 

Additional Data 
Instance ID: %1 
Relying party: %3 
Exception details: 
%4 
User Action 
Use the AD FS Management snap-in to ensure that the caller is authorized to request a token for the relying party.

Fields

NameDescription
data1
data2
data3
data4

Event ID 326 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 326 — Failed to load the AD FS claims policy engine using policy type '.

Provider
AD FS
Channel
Admin

Message

Failed to load the AD FS claims policy engine using policy type '%1' 

User Action 
Make sure AD FS is installed correctly.

Fields

NameDescription
data1

Event ID 327 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4

Event ID 327 — An error occurred during processing of the SAML logout request.

Provider
AD FS
Channel
Admin

Message

An error occurred during processing of the SAML logout request. 

Additional Data 
Caller identity: %1 
Logout initiator identity: %2 
Error message: %3 
Exception details: %4 
User Action 
Ensure that the single logout service is configured properly for this relying party trust or claims provider trust in the AD FS configuration database.

Fields

NameDescription
data1
data2
data3
data4

Event ID 328 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4

Event ID 328 — The SAML artifact resolution request was resolved, but the response does not contain the expected assertions.

Provider
AD FS
Channel
Admin

Message

The SAML artifact resolution request was resolved, but the response does not contain the expected assertions. 

Additional Data: 
SAML artifact: %1 
Status code: %2 
SubStatus code: %3 
Status message: %4 

This request failed. 

User Action 
Contact the claims provider for more information.

Fields

NameDescription
data1
data2
data3
data4

Event ID 329 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 329 — The certificate that is identified by thumbprint '.

Provider
AD FS
Channel
Admin

Message

The certificate that is identified by thumbprint '%1' could not be decrypted using the keys for X.509 certificate private key sharing. 

Additional Data: 
X.509 certificate private key sharing diagnosis: %2 

User Action 
You may have to restore all Active Directory objects underneath the specified distinguished name in the diagnostic information above for X.509 certificate private key sharing.

Fields

NameDescription
data1
data2

Event ID 331 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4
data5

Event ID 331 — The certificate management service encountered an error during decryption of the keys.

Provider
AD FS
Channel
Admin

Message

The certificate management service encountered an error during decryption of the keys. 
storeName: %2 
storeLocation: %1 
x509FindType: %4 
findValue: %3 

Additional Data: 
X.509 certificate private key sharing diagnosis: %5  

User Action 
You may have to restore all Active Directory objects underneath the distinguished name that is specified in the diagnosis for X.509 certificate private key sharing above.

Fields

NameDescription
data1
data2
data3
data4
data5

Event ID 332 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 332 — The certificate management service encountered an error during encryption of the keys.

Provider
AD FS
Channel
Admin

Message

The certificate management service encountered an error during encryption of the keys. 
Subject: %1 
Diagnosis: %2 

User Action 
You may have to restore all Active Directory objects underneath the distinguished name that is specified in the diagnosis above for X.509 certificate private key sharing.

Fields

NameDescription
data1
data2

Event ID 333 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 333 — The certificate management service encountered an error during database access.

Provider
AD FS
Channel
Admin

Message

The certificate management service encountered an error during database access. 

Additional Data: 
Diagnosis: %1 

User Action 
Confirm that the SQL store is online.

Fields

NameDescription
data1

Event ID 334 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 334 — Certificate rollover service needs to rollover %1 certificates urgently.

Provider
AD FS
Channel
Admin

Message

Certificate rollover service needs to rollover %1 certificates urgently. Partners will not be able to apply the update in time.

Fields

NameDescription
data1

Event ID 335 —

Provider
AD FS
Channel
Admin

Message

%1

Fields

NameDescription
data1

Event ID 335 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 336 —

Provider
AD FS
Channel
Unknown

Event ID 336 — The certificate management cycle was initiated.

Provider
AD FS
Channel
Admin

Message

The certificate management cycle was initiated.

Event ID 337 —

Provider
AD FS
Channel
Unknown

Event ID 337 — The certificate management cycle was completed.

Provider
AD FS
Channel
Admin

Message

The certificate management cycle was completed.

Event ID 338 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 338 — An error was encountered during certificate rollover.

Provider
AD FS
Channel
Admin

Message

An error was encountered during certificate rollover. The monitoring cycle was shut down. 

Additional Data 

Exception details: 
%1 

Additional details: 
%2

Fields

NameDescription
data1
data2

Event ID 339 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 339 — An error occurred during initialization of certificate rollover.

Provider
AD FS
Channel
Admin

Message

An error occurred during initialization of certificate rollover. Certificates will not be rolled over. 

Additional Data 

Exception details: 
%1

Fields

NameDescription
data1

Event ID 341 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 341 — The NotBefore attribute for the token has a value that is set to a future time.

Provider
AD FS
Channel
Admin

Message

The NotBefore attribute for the token has a value that is set to a future time. See inner exception for more details. 

Additional Data 

Token Type: 
%1 

Exception details: 
%2 

This request failed. 

User Action 
Verify that system clock is synchronized.

Fields

NameDescription
data1
data2

Event ID 342 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3

Event ID 342 — Token validation failed.

Provider
AD FS
Channel
Admin

Message

Token validation failed.  

Additional Data 

Token Type: 
%1 
%Error message: 
%2 

Exception details: 
%3

Fields

NameDescription
data1
data2
data3

Event ID 343 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 343 — There was an error during initialization of synchronization.

Provider
AD FS
Channel
Admin

Message

There was an error during initialization of synchronization. Synchronization of data from the primary federation server to the secondary federation server will not occur. 

Additional Data 

Exception details: 
%1

Fields

NameDescription
data1

Event ID 344 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 344 — There was an error doing synchronization.

Provider
AD FS
Channel
Admin

Message

There was an error doing synchronization. Synchronization of data from the primary federation server to a secondary federation server did not occur. 

Additional data 

Exception details: 
%1 

User Action 
 Make sure the primary federation server is available or the service account identity of this machine matches the service account identity of the primary federation server.

Fields

NameDescription
data1

Event ID 345 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3

Event ID 345 — There was a communication error during AD FS configuration database synchronization.

Provider
AD FS
Channel
Admin

Message

There was a communication error during AD FS configuration database synchronization. Synchronization of data from the primary federation server to a secondary federation server did not occur. 

Additional Data 

Master Name : %1 
Endpoint Uri : %2 
Exception details: 
%3

Fields

NameDescription
data1
data2
data3

Event ID 346 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 346 — There was an error during retrieving the configuration data for the secondary federation server.

Provider
AD FS
Channel
Admin

Message

There was an error during retrieving the configuration data for the secondary federation server. 

Additional Data 

Exception details: 
%1

Fields

NameDescription
data1

Event ID 348 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3

Event ID 348 — Synchronization of configuration data from the primary federation server '.

Provider
AD FS
Channel
Admin

Message

Synchronization of configuration data from the primary federation server '%1' is completed. %2 objects were added. %3 objects were deleted.

Fields

NameDescription
data1
data2
data3

Event ID 349 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 349 — The administration service for the Federation Service started successfully.

Provider
AD FS
Channel
Admin

Message

The administration service for the Federation Service started successfully. You can now use the Windows Powershell commands for AD FS to modify the Federation Service configuration. The following service hosts have been added: 
%1

Fields

NameDescription
data1

Event ID 351 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 351 — There was an error getting synchronization properties.

Provider
AD FS
Channel
Admin

Message

There was an error getting synchronization properties. 

Additional Data 

Exception details: 
%1

Fields

NameDescription
data1

Event ID 352 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 352 — A SQL operation in the AD FS configuration database with connection string %1 failed.

Provider
AD FS
Channel
Admin

Message

A SQL operation in the AD FS configuration database with connection string %1 failed.  

Additional Data 

Exception details: 
%2

Fields

NameDescription
data1
data2

Event ID 353 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 353 — Unable to resolve the SAML artifact.

Provider
AD FS
Channel
Admin

Message

Unable to resolve the SAML artifact. Verification of the artifact response signature failed. 
Claims provider: %1 
Exception details: 
%2 

This request failed. 

User Action 
Verify that the claims provider trust in the AD FS configuration database is up to date. 
Verify that the claims provider trust's signing certificate is up to date.

Fields

NameDescription
data1
data2

Event ID 354 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 354 — The artifact resolution service could not verify the request signature.

Provider
AD FS
Channel
Admin

Message

The artifact resolution service could not verify the request signature. 

Additional Data 
Exception details: 
%1 

User action: 
Verify that the relying party trust in the AD FS configuration database is up to date. 
Configure the relying party certificate for request signing. 
Verify that relying party certificate is up to date.

Fields

NameDescription
data1

Event ID 356 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3

Event ID 356 — Failed to register notification to the SQL database with the connection string %1 for cache type '%2'.

Provider
AD FS
Channel
Admin

Message

Failed to register notification to the SQL database with the connection string %1 for cache type '%2'. Changes to settings may not take effect until the Federation Service restarts. 

Additional Data 

Exception details: 
%3

Fields

NameDescription
data1
data2
data3

Event ID 357 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 357 — Successfully registered notification to the SQL database with the connection string %1.

Provider
AD FS
Channel
Admin

Message

Successfully registered notification to the SQL database with the connection string %1.

Fields

NameDescription
data1

Event ID 358 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 358 — Restarting %1.

Provider
AD FS
Channel
Admin

Message

Restarting %1. This restart is necessary because a change was detected in the certificates that this service host uses. Requests that are served by endpoints of this service host may fail during restart.

Fields

NameDescription
data1

Event ID 359 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 359 — An error occurred during an attempt to restart %1.

Provider
AD FS
Channel
Admin

Message

An error occurred during an attempt to restart %1. 

Additional Data 

Exception details: 
%2 

User Action 
 Restart the Federation Service to recover from the error.

Fields

NameDescription
data1
data2

Event ID 360 —

Provider
AD FS
Channel
Unknown

Event ID 360 — A request was made to a certificate transport endpoint, but the request did not include a client certificate.

Provider
AD FS
Channel
Admin

Message

A request was made to a certificate transport endpoint, but the request did not include a client certificate. This could be because the root CA certificate that issued the client certificate is not in the Trust CA certificate store or because the client certificate is expired. 

User Action: 
Ensure that the CA that issued the client certificate in this request has its certificate in the Trusted Root Certificate Authority store on the Local Computer. 
Ensure that the client certificate is not expired.

Event ID 362 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 362 — Encountered error during federation passive sign-out.

Provider
AD FS
Channel
Admin

Message

Encountered error during federation passive sign-out. 

Additional Data 

Exception details: 
%1

Fields

NameDescription
data1

Event ID 363 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 363 — A communication error occurred during an attempt to get a token from the Federation Service.

Provider
AD FS
Channel
Admin

Message

A communication error occurred during an attempt to get a token from the Federation Service. Make sure that the Federation Service is running. 

Additional Data 

Exception details: 
%1

Fields

NameDescription
data1

Event ID 364 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3

Event ID 364 — Encountered error during federation passive request.

Provider
AD FS
Channel
Admin

Message

Encountered error during federation passive request. 

Additional Data 

Protocol Name: 
%1 

Relying Party: 
%2 

Exception details: 
%3

Fields

NameDescription
data1
data2
data3

Event ID 365 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 365 — A token request was received for the relying party '.

Provider
AD FS
Channel
Admin

Message

A token request was received for the relying party '%1', but the request could not be fulfilled because the relying party trust is not enabled. 
Relying party: %1 

This request failed. 

User Action 
If this relying party trust should be enabled, enable it by using the AD FS Management snap-in or Windows PowerShell for AD FS.

Fields

NameDescription
data1

Event ID 366 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 366 — A token was received from claims provider '.

Provider
AD FS
Channel
Admin

Message

A token was received from claims provider '%1', but the token could not be validated because the claims provider trust is not enabled. 
Claims provider: %1 

This request failed. 

User Action 
If this claims provider trust should be enabled, enable it by using the AD FS Management snap-in or Windows PowerShell for AD FS.

Fields

NameDescription
data1

Event ID 367 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 367 — The audience restriction was not valid because the specified audience identifier is not present in the acceptable identifiers list of this Federati...

Provider
AD FS
Channel
Admin

Message

The audience restriction was not valid because the specified audience identifier is not present in the acceptable identifiers list of this Federation Service. 

User Action 
See the exception details for the audience identifier that failed validation. If the audience identifier identifies this Federation Service, add the audience identifier to the acceptable identifiers list by using Windows PowerShell for AD FS.  Note that the audience identifier is used to verify whether the token was sent to this Federation Service. If you think that the audience identifier does not identify your Federation Service, adding it to the acceptable identifiers list may open a security vulnerability in your system. 

Additional Data 

Token Type: 
%1 

Exception details: 
%2

Fields

NameDescription
data1
data2

Event ID 368 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3

Event ID 368 — The SAML Single Logout request does not correspond to the logged-in session participant.

Provider
AD FS
Channel
Admin

Message

The SAML Single Logout request does not correspond to the logged-in session participant. 
Requestor: %1 
Request name identifier: %2 
Logged-in session participants: 
%3  

This request failed. 

User Action 
Verify that the claim provider trust or the relying party trust configuration is up to date. If the name identifier in the request is different from the name identifier in the session only by NameQualifier or SPNameQualifier, check and correct the name identifier policy issuance rule using the AD FS Management snap-in.

Fields

NameDescription
data1
data2
data3

Event ID 369 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 369 — Processing TTP request failed with the following exception.

Provider
AD FS
Channel
Admin

Message

Processing TTP request failed with the following exception. 

Additional Data 

Exception details: 
%1 

User Action 
Ensure that user has enabled cookies in browser settings.

Fields

NameDescription
data1

Event ID 370 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 370 — Incoming TTP response is not valid.

Provider
AD FS
Channel
Admin

Message

Incoming TTP response is not valid. Processing response failed with following exception. 

Additional Data 

Exception details: 
%1 

User Action 
Ensure that partner federation provider is configured properly to send valid TTP response.

Fields

NameDescription
data1

Event ID 371 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 371 — Cannot find certificate to validate message/token signature obtained from claims provider.

Provider
AD FS
Channel
Admin

Message

Cannot find certificate to validate message/token signature obtained from claims provider. 
Claims provider: %1 

This request failed. 

User Action 
Check that Claim Provider Trust configuration is up to date.

Fields

NameDescription
data1

Event ID 372 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4

Event ID 372 — Authentication Failed.

Provider
AD FS
Channel
Admin

Message

Authentication Failed. The token used to authenticate the user is signed using a weaker signature algorithm than expected. 

Additional Data 
 Token Type: %1 
 Issuer: %2 
 Actual token signature algorithm: %3 
 Expected token signature algorithm: %4  

User Action 
Check that Claim Provider is configured to accept tokens with expected signature algorithm.  
Use the AD FS PowerShell commands to configure the signature algorithm property.

Fields

NameDescription
data1
data2
data3
data4

Event ID 373 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3

Event ID 373 — The artifact request from the replying party is signed with a weaker signature algorithm.

Provider
AD FS
Channel
Admin

Message

The artifact request from the replying party is signed with a weaker signature algorithm. 

Additional Data 
Relying party identity: %1 
Actual message signature algorithm: %2 
Expected message signature algorithm: %3 

User action: 
Check that relying party is configured to accept artifact resolution request with expected signature algorithm. 
Use the AD FS PowerShell commands to configure the signature algorithm property.

Fields

NameDescription
data1
data2
data3

Event ID 374 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4

Event ID 374 — An error occurred while building the certificate chain for the claims provider trust '.

Provider
AD FS
Channel
Admin

Message

An error occurred while building the certificate chain for the claims provider trust '%1' certificate identified by thumbprint '%2'.  The certificate chain could not be built, the certificate has been revoked, or the certificate chain could not be verified as specified by the claims provider trust's encryption certificate revocation settings. 

AD FS powershell commands can be used to configure the claims provider trust encryption certificate revocation settings. 
Claims Provider Trust Encryption Certificate Revocation Settings: %3 
The following errors occurred while building the certificate chain:  
%4 
User Action: 
Ensure that the claims provider trust's encryption certificate is valid and has not been revoked. 
Ensure that AD FS can access the certificate revocation list if the revocation setting does not specify "none" or a "cache only" setting. 
Verify your proxy server setting. For more information about how to verify your proxy server setting, see the AD FS Troubleshooting Guide (http://go.microsoft.com/fwlink/?LinkId=182180).

Fields

NameDescription
data1
data2
data3
data4

Event ID 375 —

Provider
AD FS
Channel
Unknown

Event ID 375 — Policy store synchronization initiated.

Provider
AD FS
Channel
Admin

Message

Policy store synchronization initiated.

Event ID 376 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4

Event ID 376 — An Error occurred while executing a query in SQL attribute store.

Provider
AD FS
Channel
Admin

Message

An Error occurred while executing a query in SQL attribute store. 

Additional Data 
 Connection information: %1 
 Query: %2 
 Parameters: %3 

User Action 
Examine the exception details to take one or more of the following actions if applicable. 
  Verify that the connection string to the SQL attribute store is valid. 
  Make sure that the SQL attribute store can be reached by the connection string and the SQL attribute store exists. 
  Verify that the SQL query and parameters are valid. 

Exception details: 
%4

Fields

NameDescription
data1
data2
data3
data4

Event ID 377 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 377 — A processing error occurred in an attribute store.

Provider
AD FS
Channel
Admin

Message

A processing error occurred in an attribute store. 

User Action 

Exception details: 
%1

Fields

NameDescription
data1

Event ID 378 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 378 — SAML request is not signed with expected signature algorithm.

Provider
AD FS
Channel
Admin

Message

SAML request is not signed with expected signature algorithm. SAML request is signed with signature algorithm %1 . Expected signature algorithm is %2 

User Action: 
Verify that signature algorithm for the partner is configured as expected.

Fields

NameDescription
data1
data2

Event ID 379 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 379 — A security token was rejected as the specified IssueInstant was before the allowed time frame.

Provider
AD FS
Channel
Admin

Message

A security token was rejected as the specified IssueInstant was before the allowed time frame. 

Token Type: 
%1 

User Action: 
 To allow tokens for a larger timeframe, use the AD FS PowerShell commands to adjust the value of the ReplayCacheExpirationInterval.

Fields

NameDescription
data1

Event ID 380 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3

Event ID 380 — During processing of the Federation Service configuration, the element '.

Provider
AD FS
Channel
Admin

Message

During processing of the Federation Service configuration, the element '%1' was found to have invalid data. The certificate that was configured could not be used. The certificate has been revoked, the certificate chain could not be verified or certificate is not within its validity period. The following are the values of the certificate: 
Element: %1 
Subject: %2 
Thumbprint: %3 

The Federation Service will not be able to start until this configuration element is corrected. 

User Action 
Verify whether the certificate chain for the certificate configured has been revoked by its certificate authority. 
If the certificate has been revoked or expired, the AD FS service must be issued a new certificate.

Fields

NameDescription
data1
data2
data3

Event ID 381 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 381 — An error occurred during an attempt to build the certificate chain for configuration certificate identified by thumbprint '.

Provider
AD FS
Channel
Admin

Message

An error occurred during an attempt to build the certificate chain for configuration certificate identified by thumbprint '%1'. Possible causes are that the certificate has been revoked or certificate is not within its validity period. 
The following errors occurred while building the certificate chain:  
%2 

User Action: 
Ensure that the certificate is valid and has not been revoked or expired.

Fields

NameDescription
data1
data2

Event ID 382 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 382 — AD FS detected that the Federation Service has more than %1 %2 trusts configured and that the data in the AD FS configuration database for this Fed...

Provider
AD FS
Channel
Admin

Message

AD FS detected that the Federation Service has more than %1 %2 trusts configured and that the data in the AD FS configuration database for this Federation Service is stored and synchronized using Windows Internal Database technology. The overall performance of data synchronization between configuration databases that are stored locally on federation servers across the farm will degrade as you add more than %1 trusts when you use the Windows Internal Database to store the AD FS configuration database. 

User Action: 
To improve synchronization performance across your federation server farm, we recommend that you migrate the data in the AD FS configuration database to SQL server. For more information about how to do this, see AD FS Operations Guide (http://go.microsoft.com/fwlink/?LinkId=181189).

Fields

NameDescription
data1
data2

Event ID 383 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 383 — The Web request failed because the web.

Provider
AD FS
Channel
Admin

Message

The Web request failed because the web.config file is malformed. 

User Action: 
Fix the malformed data in the web.config file. 

Exception details: 
%1

Fields

NameDescription
data1

Event ID 384 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 384 — The request to the Federation Service failed because the web.

Provider
AD FS
Channel
Admin

Message

The request to the Federation Service failed because the web.config file has an invalid  configuration for '%1' that the Federation Service does not support. 

User Action: Ensure that the configuration of the property '%1' is supported by the Federation Service.

Fields

NameDescription
data1

Event ID 385 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 385 — AD FS detected that one or more certificates in AD FS configuration database need to be updated manually because they are expired, or will expire s...

Provider
AD FS
Channel
Admin

Message

AD FS detected that one or more certificates in AD FS configuration database need to be updated manually because they are expired, or will expire soon. See additional details for more information 

Additional Details: 
%1

Fields

NameDescription
data1

Event ID 386 —

Provider
AD FS
Channel
Unknown

Event ID 386 — AD FS detected that none of the service certificates that are configured to be managed by the administrator are due to expire.

Provider
AD FS
Channel
Admin

Message

AD FS detected that none of the service certificates that are configured to be managed by the administrator are due to expire.

Event ID 387 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 387 — AD FS detected that one or more of the certificates specified in the Federation Service were not accessible to the service account used by the AD F...

Provider
AD FS
Channel
Admin

Message

AD FS detected that one or more of the certificates specified in the Federation Service were not accessible to the service account used by the AD FS Windows Service. 

User Action: Ensure that the AD FS service account has read permissions on the certificate private keys. 

Additional Details: 
%1

Fields

NameDescription
data1

Event ID 388 —

Provider
AD FS
Channel
Unknown

Event ID 388 — AD FS detected that all the service certificates have appropriate access given to the AD FS service account.

Provider
AD FS
Channel
Admin

Message

AD FS detected that all the service certificates have appropriate access given to the AD FS service account.

Event ID 389 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 389 — AD FS detected that one or more of your trusts require their certificates to be updated manually because they are expired, or will expire soon.

Provider
AD FS
Channel
Admin

Message

AD FS detected that one or more of your trusts require their certificates to be updated manually because they are expired, or will expire soon. See additional details for more information 

Additional Details: 
%1

Fields

NameDescription
data1

Event ID 390 —

Provider
AD FS
Channel
Unknown

Event ID 390 — AD FS detected that none of the partner certificates that are configured to be managed by the administrator are due to expire.

Provider
AD FS
Channel
Admin

Message

AD FS detected that none of the partner certificates that are configured to be managed by the administrator are due to expire.

Event ID 392 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3

Event ID 392 — The federation server proxy was able to successfully renew its trust with the Federation Service.

Provider
AD FS
Channel
Admin

Message

The federation server proxy was able to successfully renew its trust with the Federation Service.  

Proxy trust certificate subject: %1. 
Proxy trust certificate old thumbprint: %2. 
Proxy trust certificate new thumbprint: %3.

Fields

NameDescription
data1
data2
data3

Event ID 393 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 393 — The federation server proxy could not establish a trust with the Federation Service.

Provider
AD FS
Channel
Admin

Message

The federation server proxy could not establish a trust with the Federation Service. 

Additional Data 
Exception details: 
%1 

User Action 
Ensure that the credentials being used to establish a trust between the federation server proxy and the Federation Service are valid and that the Federation Service can be reached.

Fields

NameDescription
data1

Event ID 394 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 394 — The federation server proxy could not renew its trust with the Federation Service.

Provider
AD FS
Channel
Admin

Message

The federation server proxy could not renew its trust with the Federation Service.  

Additional Data 
Exception details: 
%1 

User Action 
Ensure that the federation server proxy is trusted by the Federation Service. If the trust does not exist or has been revoked, establish a trust between the proxy and the Federation Service using the Federation Service Proxy Configuration Wizard by logging on to the proxy computer.

Fields

NameDescription
data1

Event ID 395 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3

Event ID 395 — The trust between the federation server proxy and the Federation Service was established successfully using the account '.

Provider
AD FS
Channel
Admin

Message

The trust between the federation server proxy and the Federation Service was established successfully using the account '%1'. 

Proxy trust certificate subject: %2. 
Proxy trust certificate thumbprint: %3.

Fields

NameDescription
data1
data2
data3

Event ID 396 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3

Event ID 396 — The trust between the federation server proxy and the Federation Service was renewed successfully.

Provider
AD FS
Channel
Admin

Message

The trust between the federation server proxy and the Federation Service was renewed successfully. 

Proxy trust certificate subject: %1. 
Proxy trust certificate old thumbprint: %2. 
Proxy trust certificate new thumbprint: %3.

Fields

NameDescription
data1
data2
data3

Event ID 397 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4

Event ID 397 — The federation server loaded the HTTP proxy configuration from WinHTTP settings.

Provider
AD FS
Channel
Admin

Message

The federation server loaded the HTTP proxy configuration from WinHTTP settings. 

HTTP Proxy: %1 
HTTPS Proxy: %2 
Bypass proxy for local addresses: %3 
Bypass proxy for addresses: %4 

To learn more about how to set the HTTP proxy settings for the federation server, see http://go.microsoft.com/fwlink/?LinkId=182180.

Fields

NameDescription
data1
data2
data3
data4

Event ID 398 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 398 — AD FS detected that one or more certificates in the AD FS configuration database need to be updated manually because they are archived.

Provider
AD FS
Channel
Admin

Message

AD FS detected that one or more certificates in the AD FS configuration database need to be updated manually because they are archived. 

Additional Details: 
%1

Fields

NameDescription
data1

Event ID 399 —

Provider
AD FS
Channel
Unknown

Event ID 399 — AD FS detected that none of the service certificates that are configured to be managed by the administrator are archived.

Provider
AD FS
Channel
Admin

Message

AD FS detected that none of the service certificates that are configured to be managed by the administrator are archived.

Event ID 400 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 400 — VSS writer permissions have been granted to user %1.

Provider
AD FS
Channel
Admin

Message

VSS writer permissions have been granted to user %1.

Fields

NameDescription
data1

Event ID 401 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 401 — VSS writer permissions have been revoked from user %1.

Provider
AD FS
Channel
Admin

Message

VSS writer permissions have been revoked from user %1.

Fields

NameDescription
data1

Event ID 402 —

Provider
AD FS
Channel
Unknown

Event ID 402 — Failed to add some of the certificate claims.

Provider
AD FS
Channel
Admin

Message

Failed to add some of the certificate claims.

Event ID 407 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3

Event ID 407 — Password change failed for following user: Additional Data User: %1 Server on which password change was attempted: %2 Error details: %3.

Provider
AD FS
Channel
Admin

Message

Password change failed for following user: 

Additional Data 

User: 
%1 

Server on which password change was attempted: 
%2 
Error details: 
%3

Fields

NameDescription
data1
data2
data3

Event ID 414 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4

Event ID 414 — An error occurred during processing of a token request.

Provider
AD FS
Channel
Admin

Message

An error occurred during processing of a token request. The data includes an Activity ID that you can cross-reference to error or warning events to help diagnose the problem that caused this error.  

Additional Data 

Activity ID:
 %1 

Target Relying Party:
 %2 

Is Application Proxy Configured:
 %3 

Is Request From the Extranet:
 %4 

User action: 
Use the Activity ID data in this message to search and correlate the data to events in the Event log using Event Viewer. This Activity ID will also be shown as additional information in the error page when an error occurs in the federation passive Web application.

Fields

NameDescription
data1
data2
data3
data4

Event ID 415 —

Provider
AD FS
Channel
Admin

Message

%1

Fields

NameDescription
data1

Event ID 415 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 416 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 416 — Web configuration error.

Provider
AD FS
Channel
Admin

Message

Web configuration error: %1

Fields

NameDescription
data1

Event ID 417 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 417 — Unable to add the certificate claim %1.

Provider
AD FS
Channel
Admin

Message

Unable to add the certificate claim %1.

Fields

NameDescription
data1

Event ID 418 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4

Event ID 418 — The trust between the federation server proxy and the Federation Service was successfully renewed.

Provider
AD FS
Channel
Admin

Message

The trust between the federation server proxy and the Federation Service was successfully renewed. 

Additional Data 

Server from which request was made: 
%1 
Certificate Subject: 
%2 
Old Certificate Thumbprint: 
%3 
New Certificate Thumbprint: 
%4

Fields

NameDescription
data1
data2
data3
data4

Event ID 419 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 419 — Unable to renew the trust between the federation server proxy and the Federation Service.

Provider
AD FS
Channel
Admin

Message

Unable to renew the trust between the federation server proxy and the Federation Service. 

Additional Data 

Server from which request was made: 
%1 

Exception details: 
%2

Fields

NameDescription
data1
data2

Event ID 420 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4

Event ID 420 — The trust between the federation server proxy and the Federation Service was successfully established.

Provider
AD FS
Channel
Admin

Message

The trust between the federation server proxy and the Federation Service was successfully established. 

Additional Data 

User: 
%1 

Server from which request was made: 
%2 
Certificate Subject: 
%3 
Certificate Thumbprint: 
%4

Fields

NameDescription
data1
data2
data3
data4

Event ID 421 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 421 — The trust between the federation server proxy and the Federation Service could not be established.

Provider
AD FS
Channel
Admin

Message

The trust between the federation server proxy and the Federation Service could not be established. 

Additional Data 

User: 
%1 

Server from which request was made: 
%2

Fields

NameDescription
data1
data2

Event ID 432 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 432 — Error handling request from proxy at %1 Additional Data Exception details: %2.

Provider
AD FS
Channel
Admin

Message

Error handling request from proxy at %1 

Additional Data 

Exception details: 
%2

Fields

NameDescription
data1
data2

Event ID 433 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 433 — Error encountered while renewing trust with the federation server proxy.

Provider
AD FS
Channel
Admin

Message

Error encountered while renewing trust with the federation server proxy.  

Additional Data 
Exception details: 
%1

Fields

NameDescription
data1
data2

Event ID 434 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4

Event ID 434 — The primary AD FS certificate authority issuer certificate ( thumbprint %1 ) will expire at %2 UTC.

Provider
AD FS
Channel
Admin

Message

The primary AD FS certificate authority issuer certificate ( thumbprint %1 ) will expire at %2 UTC. 
The certificate rollover service will roll over to the current secondary ( thumbprint %3 ) at %4 UTC. 
To avoid certificate issuance service interruption, ensure that the current secondary certificate ( thumbprint %3 ) is installed in Active Directory before the rollover occurs at %4 UTC.

Fields

NameDescription
data1
data2
data3
data4

Event ID 435 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4

Event ID 435 — The primary AD FS token signing certificate ( thumbprint %1 ) will expire at %2 UTC.

Provider
AD FS
Channel
Admin

Message

The primary AD FS token signing certificate ( thumbprint %1 ) will expire at %2 UTC. 
The certificate rollover service will roll over to the current secondary ( thumbprint %3 ) at %4 UTC. 
Relying parties that rely on federation metadata will be notified automatically; any relying parties that do not rely on federation metadata must be informed of the new certificate before the rollover at %4 UTC.

Fields

NameDescription
data1
data2
data3
data4

Event ID 436 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4

Event ID 436 — The primary AD FS token decryption certificate ( thumbprint %1 ) will expire at %2 UTC.

Provider
AD FS
Channel
Admin

Message

The primary AD FS token decryption certificate ( thumbprint %1 ) will expire at %2 UTC. 
The certificate rollover service will roll over to the current secondary ( thumbprint %3 ) at %4 UTC. 
Identity providers that rely on federation metadata will be notified automatically; any identity providers that send encrypted tokens to AD FS and do not rely on federation metadata must be informed of the new certificate before the expiration at %2 UTC.

Fields

NameDescription
data1
data2
data3
data4

Event ID 437 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4

Event ID 437 — Error encountered while checking for pending certificate rollovers.

Provider
AD FS
Channel
Admin

Message

Error encountered while checking for pending certificate rollovers. 
This check will be attempted again every %1 minutes; the next run is expected at %2 UTC. 
If this issue persists, AD FS will not be able to advise of pending certificate rollover events. 

Additional Data 

Exception details: 
%3 

Additional details: 
%4

Fields

NameDescription
data1
data2
data3
data4

Event ID 438 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4

Event ID 438 — Error encountered while checking rollover status of the AD FS certificate authority issuer certificate.

Provider
AD FS
Channel
Admin

Message

Error encountered while checking rollover status of the AD FS certificate authority issuer certificate. 
This check will be attempted again every %1 minutes; the next run is expected at %2 UTC.  Future runs may occur on other farm nodes if AD FS is running in a farm configuration. 
If this issue persists, the AD FS certificate authority issuer certificate cannot be rolled over successfully when it nears expiry. 

Additional Data 

Exception details: 
%3 

Additional details: 
%4

Fields

NameDescription
data1
data2
data3
data4

Event ID 439 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 439 — Error encountered while attempting to read an enrollment certificate from a template.

Provider
AD FS
Channel
Admin

Message

Error encountered while attempting to read an enrollment certificate from a template. 

Additional Data 

Exception details: 
%1 

Additional details: 
%2

Fields

NameDescription
data1
data2

Event ID 440 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 440 — A Certificate Authority Enrollment Certificate was found.

Provider
AD FS
Channel
Admin

Message

A Certificate Authority Enrollment Certificate was found. 

Additional Data 

Certificate Thumbprint: 
%1

Fields

NameDescription
data1

Event ID 441 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4
data5
data6

Event ID 441 — A token with a bad token binding key was found.

Provider
AD FS
Channel
Admin

Message

A token with a bad token binding key was found. 

Additional Data 

User: %1 
Target RP: %2 
Client IP: %3 
Token Binding ID: %4 
Request Provided ID: %5 
Request Referred ID: %6

Fields

NameDescription
data1
data2
data3
data4
data5
data6

Event ID 442 —

Provider
AD FS
Channel
Unknown

Event ID 442 — The CA enrollment certificate management cycle was initiated.

Provider
AD FS
Channel
Admin

Message

The CA enrollment certificate management cycle was initiated.

Event ID 443 —

Provider
AD FS
Channel
Unknown

Event ID 443 — The CA enrollment certificate management cycle was completed.

Provider
AD FS
Channel
Admin

Message

The CA enrollment certificate management cycle was completed.

Event ID 444 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4

Event ID 444 — Error encountered while checking status of the AD FS enrollment certificate.

Provider
AD FS
Channel
Admin

Message

Error encountered while checking status of the AD FS enrollment certificate. 
This check will be attempted again every %1 minutes; the next run is expected at %2 UTC. 
If this issue persists, the AD FS will not be able to enroll certificate. 

Additional Data 

Exception details: 
%3 

Additional details: 
%4

Fields

NameDescription
data1
data2
data3
data4

Event ID 445 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4
data5

Event ID 445 — A token with no binding was received on a request which is token-binding-capable.

Provider
AD FS
Channel
Admin

Message

A token with no binding was received on a request which is token-binding-capable.  
This could be evidence of a possible downgrade attack, or it could mean the token originally came from a server that doesn't support token binding. 

Additional Data 

User: %1 
Target RP: %2 
Client IP: %3 
Request Provided ID: %4 
Request Referred ID: %5

Fields

NameDescription
data1
data2
data3
data4
data5

Event ID 446 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4
data5

Event ID 446 — An SSO token with no binding was received on a request which is token-binding-capable.

Provider
AD FS
Channel
Admin

Message

An SSO token with no binding was received on a request which is token-binding-capable. This is evidence of a possible downgrade attack.  

Additional Data 

User: %1 
Target RP: %2 
Client IP: %3 
Request Provided ID: %4 
Request Referred ID: %5

Fields

NameDescription
data1
data2
data3
data4
data5

Event ID 447 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 447 — Error encountered while attempting to update the configuration policy for the template %1.

Provider
AD FS
Channel
Admin

Message

Error encountered while attempting to update the configuration policy for the template %1. If the template is published under machine policy, service might not be able to read it. 
See https://go.microsoft.com/fwlink/?linkid=852318 for more information. 

Exception details: UpdateMachinePolicyConfigurationForTemplate returned error: %2

Fields

NameDescription
data1
data2

Event ID 448 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 448 — Error encountered while attempting to add a leased task to the database.

Provider
AD FS
Channel
Admin

Message

Error encountered while attempting to add a leased task to the database. 

Additional Data: 

Task name: %1 
Error: %2

Fields

NameDescription
data1
data2

Event ID 449 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 449 — Error encountered while executing the The AddFarmNodesIdentifierBackgroundTask task.

Provider
AD FS
Channel
Admin

Message

Error encountered while executing the The AddFarmNodesIdentifierBackgroundTask task. 

Additional Data: 

Error: %1 

Additional details: 
%2

Fields

NameDescription
data1
data2

Event ID 450 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 450 — Error encountered while removing the expired items from the usercode cache.

Provider
AD FS
Channel
Admin

Message

Error encountered while removing the expired items from the usercode cache. 

Additional Data: 

Error: %1

Fields

NameDescription
data1

Event ID 451 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 451 — Following nodes have the reported heartbeat older than %1 UTC and will be deleted.

Provider
AD FS
Channel
Admin

Message

Following nodes have the reported heartbeat older than %1 UTC and will be deleted. 

%2

Fields

NameDescription
data1
data2

Event ID 452 —

Provider
AD FS
Channel
Admin

Message

%1

Fields

NameDescription
data1

Event ID 452 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 500 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4
data5
data6
data7
data8
data9
data10
data11
data12
data13
data14
data15
data16
data17
data18
data19
data20
data21

Event ID 500 — More information for the event entry with Instance ID %1.

Provider
AD FS
Channel
Admin

Message

More information for the event entry with Instance ID %1. There may be more events with the same Instance ID with more information. 

Instance ID:  
%1 
 

Issued identity: 
%2 
%3 
%4 
%5 
%6 
%7 
%8 
%9 
%10 
%11 
%12 
%13 
%14 
%15 
%16 
%17 
%18 
%19 
%20 
%21

Fields

NameDescription
data1
data2
data3
data4
data5
data6
data7
data8
data9
data10
data11
data12
data13
data14
data15
data16
data17
data18
data19
data20
data21

Event ID 501 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4
data5
data6
data7
data8
data9
data10
data11
data12
data13
data14
data15
data16
data17
data18
data19
data20
data21

Event ID 501 — More information for the event entry with Instance ID %1.

Provider
AD FS
Channel
Admin

Message

More information for the event entry with Instance ID %1. There may be more events with the same Instance ID with more information. 

Instance ID: 
%1 
 
Caller identity: 
%2 
%3 
%4 
%5 
%6 
%7 
%8 
%9 
%10 
%11 
%12 
%13 
%14 
%15 
%16 
%17 
%18 
%19 
%20 
%21

Fields

NameDescription
data1
data2
data3
data4
data5
data6
data7
data8
data9
data10
data11
data12
data13
data14
data15
data16
data17
data18
data19
data20
data21

Event ID 502 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4
data5
data6
data7
data8
data9
data10
data11
data12
data13
data14
data15
data16
data17
data18
data19
data20
data21

Event ID 502 — More information for the event entry with Instance ID %1.

Provider
AD FS
Channel
Admin

Message

More information for the event entry with Instance ID %1. There may be more events with the same Instance ID with more information. 

Instance ID: 
%1 
 
OnBehalfOf identity: 
%2 
%3 
%4 
%5 
%6 
%7 
%8 
%9 
%10 
%11 
%12 
%13 
%14 
%15 
%16 
%17 
%18 
%19 
%20 
%21

Fields

NameDescription
data1
data2
data3
data4
data5
data6
data7
data8
data9
data10
data11
data12
data13
data14
data15
data16
data17
data18
data19
data20
data21

Event ID 503 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4
data5
data6
data7
data8
data9
data10
data11
data12
data13
data14
data15
data16
data17
data18
data19
data20
data21

Event ID 503 — More information for the event entry with Instance ID %1.

Provider
AD FS
Channel
Admin

Message

More information for the event entry with Instance ID %1. There may be more events with the same Instance ID with more information. 

Instance ID: 
%1 
 
ActAs identity: 
%2 
%3 
%4 
%5 
%6 
%7 
%8 
%9 
%10 
%11 
%12 
%13 
%14 
%15 
%16 
%17 
%18 
%19 
%20 
%21

Fields

NameDescription
data1
data2
data3
data4
data5
data6
data7
data8
data9
data10
data11
data12
data13
data14
data15
data16
data17
data18
data19
data20
data21

Event ID 504 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4
data5

Event ID 504 — The following update was successful to the application proxy store on the federation server.

Provider
AD FS
Channel
Admin

Message

The following update was successful to the application proxy store on the federation server. 

Authentication information:  
%1 

HTTP method:  
%2 

Key: 
%3 

Value: 
%4 

Version: 
%5

Fields

NameDescription
data1
data2
data3
data4
data5

Event ID 505 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4
data5
data6

Event ID 505 — The following update attempt to the application proxy store on the federation server failed.

Provider
AD FS
Channel
Admin

Message

The following update attempt to the application proxy store on the federation server failed. 

Authentication information:  
%1 

HTTP method:  
%2 

Key: 
%3 

Value: 
%4 

Version: 
%5 

Error information: 
%6

Fields

NameDescription
data1
data2
data3
data4
data5
data6

Event ID 506 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3

Event ID 506 — The following update attempt to the application proxy relying party trust on the federation server succeeded.

Provider
AD FS
Channel
Admin

Message

The following update attempt to the application proxy relying party trust on the federation server succeeded. 

Authentication information:  
%1 

HTTP method:  
%2 

Identifier: 
%3

Fields

NameDescription
data1
data2
data3

Event ID 507 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4

Event ID 507 — The following update attempt to the application proxy relying party trust on the federation server failed.

Provider
AD FS
Channel
Admin

Message

The following update attempt to the application proxy relying party trust on the federation server failed. 

Authentication information:  
%1 

HTTP method:  
%2 

Identifier: 
%3 

Error information: 
%4

Fields

NameDescription
data1
data2
data3
data4

Event ID 508 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4
data5
data6

Event ID 508 — The following update attempt to the relying party trust on the federation server succeeded.

Provider
AD FS
Channel
Admin

Message

The following update attempt to the relying party trust on the federation server succeeded. 

Authentication information:  
%1 

HTTP method:  
%2 

Relying party trust identifier: 
%3 

Internal Url: 
%4 

External Url: 
%5 

Published identifier: 
%6

Fields

NameDescription
data1
data2
data3
data4
data5
data6

Event ID 509 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4
data5
data6
data7

Event ID 509 — The following update attempt to the relying party trust on the federation server failed.

Provider
AD FS
Channel
Admin

Message

The following update attempt to the relying party trust on the federation server failed. 

Authentication information:  
%1 

HTTP method:  
%2 

Relying party trust identifier: 
%3 

Internal url: 
%4 

External url: 
%5 

Published identifier: 
%6 

Error information: 
%7

Fields

NameDescription
data1
data2
data3
data4
data5
data6
data7

Event ID 510 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4
data5
data6
data7
data8
data9
data10
data11
data12
data13
data14
data15
data16
data17
data18
data19
data20
data21

Event ID 510 — More information for the event entry with Instance ID %1.

Provider
AD FS
Channel
Admin

Message

More information for the event entry with Instance ID %1. There may be more events with the same Instance ID with more information. 
 
Instance ID:  
%1 
 
Details: 
%2 
%3 
%4 
%5 
%6 
%7 
%8 
%9 
%10 
%11 
%12 
%13 
%14 
%15 
%16 
%17 
%18 
%19 
%20 
%21

Fields

NameDescription
data1
data2
data3
data4
data5
data6
data7
data8
data9
data10
data11
data12
data13
data14
data15
data16
data17
data18
data19
data20
data21

Event ID 511 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 511 — The incoming sign-in request is not allowed due to an invalid Federation Service configuration.

Provider
AD FS
Channel
Admin

Message

The incoming sign-in request is not allowed due to an invalid Federation Service configuration.  

Request url: 
 %1 

User Action:
 Examine the Federation Service configuration and take the following actions: 
  Verify that the sign-in request has all the required parameters and is formatted correctly. 
  Verify that a web application proxy relying party trust exists, is enabled, and has identifiers which match the sign-in request parameters. 
  Verify that the target relying party trust object exists, is published through the web application proxy, and has identifiers which match the sign-in request parameters.

Fields

NameDescription
data1

Event ID 517 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 517 — The incoming sign-in request is not allowed due to an invalid Federation Service configuration.

Provider
AD FS
Channel
Admin

Message

The incoming sign-in request is not allowed due to an invalid Federation Service configuration.  

Request url: 
 %1 

User Action:
 Verify that either an enabled web application proxy relying party trust exists in your Federation Service configuration or that the target relying party trust object is not published through a web application proxy.

Fields

NameDescription
data1

Event ID 521 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4
data5
data6
data7
data8
data9

Event ID 521 — The request for the relying party token resulted in a failure.

Provider
AD FS
Channel
Admin

Message

The request for the relying party token resulted in a failure. 

Authentication information:  
%1 

HTTP method: 
%2 

Username:  
%3 

Password presented:  
%4 

Realm: 
%5 

Application realm:  
%6 

Device registration certificate thumbprint:  
%7 

User certificate thumbprint:  
%8 

Error information: 
%9 

User action: 
Examine the request and verify that at least one of the following parameter sets are present. 
  Username and password 
  Username, password, and device registration certificate 
  User certificate

Fields

NameDescription
data1
data2
data3
data4
data5
data6
data7
data8
data9

Event ID 530 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 530 — AD FS could not read the local claims provider trusts from the AD FS configuration.

Provider
AD FS
Channel
Admin

Message

AD FS could not read the local claims provider trusts from the AD FS configuration.  AD FS will continue to operating from cached configuration. 

Exception details: 
%1

Fields

NameDescription
data1

Event ID 531 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 531 — AD FS could not read the local claims provider trusts from the AD FS configuration.

Provider
AD FS
Channel
Admin

Message

AD FS could not read the local claims provider trusts from the AD FS configuration.  AD FS will not function until this configuration can be read for the first time. 

Exception details: 
%1

Fields

NameDescription
data1

Event ID 540 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 540 — The Federation Service was was unable to return the OAuth discovery document as a result of an error.

Provider
AD FS
Channel
Admin

Message

The Federation Service was was unable to return the OAuth discovery document as a result of an error. 
Document Path: %1 

Additional Data 

Exception details: 
%2

Fields

NameDescription
data1
data2

Event ID 541 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 541 — An invalid value was found during processing of the proxy configuration data from the AD FS server.

Provider
AD FS
Channel
Admin

Message

An invalid value was found during processing of the proxy configuration data from the AD FS server. The value will be ignored, and the rest of the proxy configuration data will be processed.  

Additional Data 

FarmBehavior: '%1' 

User action: 
This may point to an interoperability issue between the proxy and the AD FS server. Contact the vendor for your AD FS server.

Fields

NameDescription
data1

Event ID 542 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 542 — There was an error during heartbeat.

Provider
AD FS
Channel
Admin

Message

There was an error during heartbeat. 

Additional data 

Exception details: 
%1

Fields

NameDescription
data1

Event ID 543 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3

Event ID 543 — There was an error during heartbeat communicating to primary federation server.

Provider
AD FS
Channel
Admin

Message

There was an error during heartbeat communicating to primary federation server. 

Primary server: '%1' 

Endpoint: '%2' 

Additional data 

Exception details: 
%3 

User Action 
 Make sure the primary federation server is available or the service account identity of this machine matches the service account identity of the primary federation server.

Fields

NameDescription
data1
data2
data3

Event ID 544 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 544 — Heartbeat is not performed because primary server does not support heartbeat.

Provider
AD FS
Channel
Admin

Message

Heartbeat is not performed because primary server does not support heartbeat. 

Primary server: '%1'

Fields

NameDescription
data1

Event ID 545 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 545 — Heartbeat is performed at primary server.

Provider
AD FS
Channel
Admin

Message

Heartbeat is performed at primary server. 

Primary server: '%1'

Fields

NameDescription
data1

Event ID 546 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 546 — A current tenant certificate for Azure MFA was not found.

Provider
AD FS
Channel
Admin

Message

A current tenant certificate for Azure MFA was not found.  

TenantId: %1.

Fields

NameDescription
data1

Event ID 547 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4
data5

Event ID 547 — The tenant certificate for Azure MFA has been renewed.

Provider
AD FS
Channel
Admin

Message

The tenant certificate for Azure MFA has been renewed.  

TenantId: %1. 
Old thumbprint: %2. 
Old expiration date: %3. 
New thumbprint: %4. 
New expiration date: %5.

Fields

NameDescription
data1
data2
data3
data4
data5

Event ID 548 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3

Event ID 548 — The tenant certificate for Azure MFA will expire soon.

Provider
AD FS
Channel
Admin

Message

The tenant certificate for Azure MFA will expire soon.  

TenantId: %1. 
Thumbprint: %2. 
Expiration date: %3.

Fields

NameDescription
data1
data2
data3

Event ID 549 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3

Event ID 549 — The tenant certificate for Azure MFA has expired.

Provider
AD FS
Channel
Admin

Message

The tenant certificate for Azure MFA has expired.  

TenantId: %1. 
Thumbprint: %2. 
Expiration date: %3.

Fields

NameDescription
data1
data2
data3

Event ID 550 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 550 — The %1 primary certificate cannot be used because the KeySpec must have a value of AT_KEYEXCHANGE (1).

Provider
AD FS
Channel
Admin

Message

The %1 primary certificate cannot be used because the KeySpec must have a value of AT_KEYEXCHANGE (1). 

User Action: This value can be changed by reimporting the certificate from a pfx file.  From an elevated command prompt, use the command "certutil -importpfx filename.pfx AT_KEYEXCHANGE". For more information, see http://go.microsoft.com/fwlink/?LinkId=798501

Fields

NameDescription
data1

Event ID 551 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 551 — An error occurred during processing of an OAuth logout request.

Provider
AD FS
Channel
Admin

Message

An error occurred during processing of an OAuth logout request. 
Path: %1 

Additional Data 

Exception details: 
%2

Fields

NameDescription
data1
data2

Event ID 552 —

Provider
AD FS
Channel
Unknown

Event ID 552 — The session cookies were successfully deleted using the OAuth logout path.

Provider
AD FS
Channel
Admin

Message

The session cookies were successfully deleted using the OAuth logout path.

Event ID 553 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 553 — The specified redirect URL was validated successfully.

Provider
AD FS
Channel
Admin

Message

The specified redirect URL was validated successfully. 

URL: %1

Fields

NameDescription
data1

Event ID 554 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 554 — The specified redirect URL did not match any of the OAuth client's redirect URIs.

Provider
AD FS
Channel
Admin

Message

The specified redirect URL did not match any of the OAuth client's redirect URIs. The logout was successful but the client will not be redirected. 

URL: %1

Fields

NameDescription
data1

Event ID 555 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 555 — The Windows Hello for Business key receipt could not be verified.

Provider
AD FS
Channel
Admin

Message

The Windows Hello for Business key receipt could not be verified. 

Additional Information: %1

Fields

NameDescription
data1

Event ID 556 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4

Event ID 556 — Error encountered while attempting to select a master node for the account store.

Provider
AD FS
Channel
Admin

Message

Error encountered while attempting to select a master node for the account store. 
This check will be attempted again every %1 minutes; the next run is expected at %2 UTC.  Future runs may occur on other farm nodes if AD FS is running in a farm configuration. 
See https://go.microsoft.com/fwlink/?linkid=849965 for more information. 

Additional Data 

Exception details: 
%3 

Additional details: 
%4

Fields

NameDescription
data1
data2
data3
data4

Event ID 557 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 557 — An error occured while trying to communicate with the account store rest service on node %1.

Provider
AD FS
Channel
Admin

Message

An error occured while trying to communicate with the account store rest service on node %1.   
If this is a WID farm the primary node may be offline. 
If this is a SQL farm ADFS will automatically select a new node to host the User store master role. 
See https://go.microsoft.com/fwlink/?linkid=849965 for more information.

Fields

NameDescription
data1

Event ID 558 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 558 — Syncronization of the Account Activity data failed.

Provider
AD FS
Channel
Admin

Message

Syncronization of the Account Activity data failed. 

Additional Data 
Exception message: 
%1 

User Action 
Ensure that the artifact storage server is configured properly. Troubleshoot network connectivity to the artifact storage server.  
See https://go.microsoft.com/fwlink/?linkid=849965 for more information.

Fields

NameDescription
data1

Event ID 559 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 559 — Device authentication using PKeyAuth failed.

Provider
AD FS
Channel
Admin

Message

Device authentication using PKeyAuth failed. Request might continue without device authentication. 

Additional Information: %1

Fields

NameDescription
data1

Event ID 560 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 560 — User %1 could not be found in the account database.

Provider
AD FS
Channel
Admin

Message

User %1 could not be found in the account database.

Fields

NameDescription
data1

Event ID 561 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 561 — Authorization failed when connecting to the account store endpoint on server %1 Additional Data Exception Message: %2 See https://go.

Provider
AD FS
Channel
Admin

Message

Authorization failed when connecting to the account store endpoint on server %1 

Additional Data 

Exception Message: 
%2 
See https://go.microsoft.com/fwlink/?linkid=849965 for more information.

Fields

NameDescription
data1
data2

Event ID 562 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 562 — An error occurred when communcating with the account store endpoint on server %1.

Provider
AD FS
Channel
Admin

Message

An error occurred when communcating with the account store endpoint on server %1. 

Additional Data 

Exception Message: 
%2 
See https://go.microsoft.com/fwlink/?linkid=849965 for more information.

Fields

NameDescription
data1
data2

Event ID 563 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4

Event ID 563 — An error occurred while calculating extranet lockout status.

Provider
AD FS
Channel
Admin

Message

An error occurred while calculating extranet lockout status. Due to the value of the %1 setting authentication will be allowed for this user and token issuance will continue. 
If this is a WID farm the primary node may be offline. 
If this is a SQL farm ADFS will automatically select a new node to host the User store master role. 
See https://go.microsoft.com/fwlink/?linkid=849965 for more information. 

Additional Data 
Account store server name: 
%2 
User Id: 
%3 

Exception Message: 
%4

Fields

NameDescription
data1
data2
data3
data4

Event ID 564 —

Provider
AD FS
Channel
Unknown

Event ID 564 — The banned IP list found in Microsoft.

Provider
AD FS
Channel
Admin

Message

The banned IP list found in Microsoft.IdentityServer.Servicehost.exe.config is being used instead of the banned IP list found in the ADFS configuration database.  Verify that the configuration file contains the correct list.  Clearing the banned IPs from the database using Set-ADFSProperties -RemoveBannedIPs will silence this warning.

Event ID 565 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 565 — An error occurred while attemtping to update the database schema for Adfs smart lockout.

Provider
AD FS
Channel
Admin

Message

An error occurred while attemtping to update the database schema for Adfs smart lockout. See https://go.microsoft.com/fwlink/?linkid=864556 for more information. 

Additional Data 

Exception Message: 
%1

Fields

NameDescription
data1

Event ID 566 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4

Event ID 566 — An error occurred during processing of an OAuth device code request.

Provider
AD FS
Channel
Admin

Message

An error occurred during processing of an OAuth device code request. 
Error: %1 

Additional Data 

Client identifier: %2 

Full request: %3 

Exception details: 
%4

Fields

NameDescription
data1
data2
data3
data4

Event ID 568 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4

Event ID 568 — An error occurred during processing of an OAuth device auth request with the provided usercode.

Provider
AD FS
Channel
Admin

Message

An error occurred during processing of an OAuth device auth request with the provided usercode: %1. 
Error: %2 

Additional Data 

User Code Data (if available): %3 

Exception details: 
%4

Fields

NameDescription
data1
data2
data3
data4

Event ID 570 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 570 — Active Directory trust enumeration was unable to enumerate one of more domains due to the following error.

Provider
AD FS
Channel
Admin

Message

Active Directory trust enumeration was unable to enumerate one of more domains due to the following error.  Enumeration will continue but the Active Directory identifier list may not be correct. Validate that all expected Active Directory identifiers are present by running Get-ADFSDirectoryProperties: 

Error string: %1 

Exception Details: %2

Fields

NameDescription
data1
data2

Event ID 571 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 571 — Enumeration of the Active Directory domains failed.

Provider
AD FS
Channel
Admin

Message

Enumeration of the Active Directory domains failed. 

Exception Details: %1

Fields

NameDescription
data1

Event ID 572 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3

Event ID 572 — The Active Directory suffix from this username is not trusted by this ADFS server.

Provider
AD FS
Channel
Admin

Message

The Active Directory suffix from this username is not trusted by this ADFS server.  If this identifier is expected it can be added to the trusted identier list by using Set-ADFSDirectoryProperties. 

Username: %1 

Suffix: %2 

Client IP: %3

Fields

NameDescription
data1
data2
data3

Event ID 573 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 573 — The following error was generated by a threat detection module.

Provider
AD FS
Channel
Admin

Message

The following error was generated by a threat detection module. 

Module Identifier: %1 

Message: %2

Fields

NameDescription
data1
data2

Event ID 574 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4

Event ID 574 — A threat detection module failed to load.

Provider
AD FS
Channel
Admin

Message

A threat detection module failed to load.  Verify the module binary is correctly installed on this node. 

Module Name: %1 

Module Identifier: %2 

Type: %3 

Failure Message: %4

Fields

NameDescription
data1
data2
data3
data4

Event ID 575 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3

Event ID 575 — The following threat detection module was successfully loaded Module Name: %1 Module Identifier: %2 Type: %3.

Provider
AD FS
Channel
Admin

Message

The following threat detection module was successfully loaded 

Module Name: %1 

Module Identifier: %2 

Type: %3

Fields

NameDescription
data1
data2
data3

Event ID 576 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4
data5

Event ID 576 — An unexpected error was returned from a threat detection module.

Provider
AD FS
Channel
Admin

Message

An unexpected error was returned from a threat detection module. 

Module Name: %1 

Module Identifier: %2 

Type: %3 

Exception Type: %4 

Error Message: %5

Fields

NameDescription
data1
data2
data3
data4
data5

Event ID 1000 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4
data5

Event ID 1000 — An error occurred during processing of a token request.

Provider
AD FS
Channel
Admin

Message

An error occurred during processing of a token request. The data in this event may have the identity of the caller (application) that made this request. The data includes an Activity ID that you can cross-reference to error or warning events to help diagnose the problem that caused this error.  

Additional Data 

Caller:
 %1 

OnBehalfOf user:
 %2 

ActAs user:
 %3 

Target Relying Party:
 %4 

Device identity:
 %5 

User action: 
Use the Activity ID data in this message to search and correlate the data to events in the Event log using Event Viewer. This Activity ID will also be shown as additional information in the error page when an error occurs in the federation passive Web application.

Fields

NameDescription
data1
data2
data3
data4
data5

Event ID 1020 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 1020 — Encountered error during OAuth authorization request.

Provider
AD FS
Channel
Admin

Message

Encountered error during OAuth authorization request. 

Additional Data 

Exception details: 
%1

Fields

NameDescription
data1

Event ID 1021 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 1021 — Encountered error during OAuth token request.

Provider
AD FS
Channel
Admin

Message

Encountered error during OAuth token request. 

Additional Data 

Exception details: 
%1

Fields

NameDescription
data1

Event ID 1080 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 1080 — An error occurred while processing WebFinger request.

Provider
AD FS
Channel
Admin

Message

An error occurred while processing WebFinger request. 

Additional Data 
Request url: %1 

User Action 
Examine the exception details to take one or more of the following actions if applicable. 
  Verify that the resource query parameter exists and is valid representing an authorization server's URL. 
  Verify that all federation partners (RP-STSs) that this ADFS issues tokens to (including any chains) have been configured using powershell cmdlet Add-ADFSTrustedFederationPartner. 

Exception details: 
%2

Fields

NameDescription
data1
data2

Event ID 1100 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 1100 — The Federation Service could not authorize a request to one of the REST endpoints.

Provider
AD FS
Channel
Admin

Message

The Federation Service could not authorize a request to one of the REST endpoints. 

Additional Data 

Exception details: 
%1

Fields

NameDescription
data1

Event ID 1109 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4
data5
data6
data7

Event ID 1109 — The Federation Service failed to connect to the LDAP account store to authenticate user %2.

Provider
AD FS
Channel
Admin

Message

The Federation Service failed to connect to the LDAP account store to authenticate user %2. 

Activity ID: %1 

Request Details: 
    User DN: %2 
    Local CP trust identifier: %3 
    LDAP server: %4 
    SSL: %5 
    Authentication method: %6 

Exception details: 
%7

Fields

NameDescription
data1
data2
data3
data4
data5
data6
data7

Event ID 1110 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4
data5
data6
data7

Event ID 1110 — The Federation Service failed to connect to the primary LDAP account store to authenticate user %2.

Provider
AD FS
Channel
Admin

Message

The Federation Service failed to connect to the primary LDAP account store to authenticate user %2. 

Activity ID: %1 

Request Details: 
    User DN: %2 
    Local CP trust identifier: %3 
    Ldap server: %4 
    SSL: %5 
    Authentication method: %6 

Exception details: 
%7

Fields

NameDescription
data1
data2
data3
data4
data5
data6
data7

Event ID 1111 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4
data5
data6
data7

Event ID 1111 — The Federation Service failed to connect to all LDAP account stores to authenticate user %2.

Provider
AD FS
Channel
Admin

Message

The Federation Service failed to connect to all LDAP account stores to authenticate user %2. 

Activity ID: %1 

Request Details: 
    User DN: %2 
    Local CP trust identifier: %3 
    Ldap server: %4 
    SSL: %5 
    Authentication method: %6 

Exception details: 
%7

Fields

NameDescription
data1
data2
data3
data4
data5
data6
data7

Event ID 1112 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4

Event ID 1112 — The Federation Service failed to connect to the Ldap server.

Provider
AD FS
Channel
Admin

Message

The Federation Service failed to connect to the Ldap server. 

Activity ID: %1 

Request Details: 
    Local CP trust identifier: %2 
    Ldap ErrorCode: %3 

Exception details: 
%4

Fields

NameDescription
data1
data2
data3
data4

Event ID 1113 —

Provider
AD FS
Channel
Unknown

Event ID 1113 — Client Json Web Key Set (JWKS) synchronization initiated.

Provider
AD FS
Channel
Admin

Message

Client Json Web Key Set (JWKS) synchronization initiated.

Event ID 1114 —

Provider
AD FS
Channel
Unknown

Event ID 1114 — Client Json Web Key Set (JWKS) synchronization completed.

Provider
AD FS
Channel
Admin

Message

Client Json Web Key Set (JWKS) synchronization completed.

Event ID 1115 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3
data4

Event ID 1115 — The Federation Service encountered an error while retrieving the Json Web Key Set (JWKS) document from '.

Provider
AD FS
Channel
Admin

Message

The Federation Service encountered an error while retrieving the Json Web Key Set (JWKS) document from '%1'. The key synchronization for the following client failed: 

Client: 
%2 

Additional Data 

Exception details: 
%3 

Additional details: 
%4 

User Action 
Make sure the JWKS URI '%1' is accessible.

Fields

NameDescription
data1
data2
data3
data4

Event ID 1116 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 1116 — An error occurred during a read operation from the configuration database.

Provider
AD FS
Channel
Admin

Message

An error occurred during a read operation from the configuration database. Monitoring of clients' Json Web Key Set (JWKS) was shut down and will be tried again after an amount of time that corresponds to the monitoring interval. 

Additional Data 

Exception details: 
%1 

Additional details: 
%2

Fields

NameDescription
data1
data2

Event ID 1117 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2
data3

Event ID 1117 — An error occurred during monitoring of the following client's Json Web Key Set (JWKS).

Provider
AD FS
Channel
Admin

Message

An error occurred during monitoring of the following client's Json Web Key Set (JWKS). 

Client: 
%1 

Additional Data 

Exception details: 
%2 

Additional details: 
%3

Fields

NameDescription
data1
data2
data3

Event ID 1118 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1
data2

Event ID 1118 — An error occurred during monitoring of clients'Json Web Key Set (JWKS).

Provider
AD FS
Channel
Admin

Message

An error occurred during monitoring of clients'Json Web Key Set (JWKS). The monitoring cycle was shut down. 

Additional Data 

Exception details: 
%1 

Additional details: 
%2

Fields

NameDescription
data1
data2

Event ID 1130 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 1130 — There was an error establishing or renewing the proxy trust.

Provider
AD FS
Channel
Admin

Message

There was an error establishing or renewing the proxy trust. Ensure the STS and proxy servers have the same TLS version enabled. 
Consult the following links for additional details: 
https://go.microsoft.com/fwlink/?linkid=875038  
https://go.microsoft.com/fwlink/?linkid=875039  

Additional Data 

Exception Details: %1

Fields

NameDescription
data1

Event ID 1131 —

Provider
AD FS
Channel
Unknown

Fields

NameDescription
data1

Event ID 1131 — There was an error establishing or renewing the trust between the proxy and STS.

Provider
AD FS
Channel
Admin

Message

There was an error establishing or renewing the trust between the proxy and STS. Ensure the Network Service Account has Read/Write permissions on C:\Program Data\Microsoft\Crypto\RSA\Machine Keys on the proxy server. 
Consult the following link for additional details: 
https://go.microsoft.com/fwlink/?linkid=875037  

Additional Data 

Exception Details: %1

Fields

NameDescription
data1