Description

The Federation Service started successfully. The following service hosts have been added.

Message #

The Federation Service started successfully. The following service hosts have been added: 
%1

Fields #

Example Event #

{
  "system": {
    "provider": "AD FS",
    "guid": "2FFB687A-1571-4ACE-8550-47AB5CCAE2BC",
    "event_source_name": "",
    "event_id": 100,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775809,
    "time_created": "2026-03-13T23:03:54.297871+00:00",
    "event_record_id": 34,
    "correlation": {},
    "execution": {
      "process_id": 11528,
      "thread_id": 11808
    },
    "channel": "AD FS/Admin",
    "computer": "LAB-DC01.ludus.domain",
    "security": {
      "user_id": "S-1-5-21-1006758700-2167138679-1475694448-1283"
    }
  },
  "user_data": {
    "Event": {
      "EventData": {
        "Data": "Federation Server Proxy ServiceHost\r\nhttps://adfs.ludus.domain:443/adfs/services/proxytrustpolicystoretransfer\r\n\r\nMSIS0014: AD FS 1.x Trust Information Service\r\nhttps://adfs.ludus.domain/adfs/fs/federationserverservice.asmx\r\n\r\nIssuance ServiceHost\r\nhttp://localhost:80/adfs/services/trust/mexsoap\r\nhttps://adfs.ludus.domain:443/adfs/services/trust/proxymex/\r\n\r\nIssuance ServiceHost\r\nhttp://localhost/adfs/services/trust/proxymexsoap\r\nhttps://adfs.ludus.domain:443/adfs/services/trust/proxymex/\r\n\r\nIssuance ServiceHost\r\nhttps://adfs.ludus.domain/adfs/services/trust/2005/windowstransport\r\nhttps://adfs.ludus.domain/adfs/services/trust/2005/certificatemixed\r\nhttps://certauth.adfs.ludus.domain/adfs/services/trust/2005/certificatetransport\r\nhttps://adfs.ludus.domain/adfs/services/trust/2005/usernamemixed\r\nhttps://adfs.ludus.domain/adfs/services/trust/2005/kerberosmixed\r\nhttps://adfs.ludus.domain/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256\r\nhttps://adfs.ludus.domain/adfs/services/trust/2005/issuedtokenmixedsymmetricbasic256\r\nhttps://adfs.ludus.domain/adfs/services/trust/13/kerberosmixed\r\nhttps://adfs.ludus.domain/adfs/services/trust/13/certificatemixed\r\nhttps://adfs.ludus.domain/adfs/services/trust/13/usernamemixed\r\nhttps://adfs.ludus.domain/adfs/services/trust/13/issuedtokenmixedasymmetricbasic256\r\nhttps://adfs.ludus.domain/adfs/services/trust/13/issuedtokenmixedsymmetricbasic256\r\nnet.tcp://localhost/adfs/services/trusttcp/windows\r\n\r\nSAML Metadata\r\nhttps://adfs.ludus.domain/FederationMetadata/2007-06/\r\n\r\nOther endpoints\r\n\r\nhttp://+:80/adfs/users/\r\nhttps://+:443/adfs/oauth2/authorize/\r\nhttps://+:443/adfs/ls/\r\nhttps://+:443/adfs/oauth2/logout/\r\nhttps://+:443/adfs/oauth2/token/\r\nhttps://+:443/adfs/certauth/oauth2/authorize/\r\nhttps://+:443/adfs/certauth/\r\nhttps://+:443/adfs/oauth2/\r\nhttps://+:443/adfs/oauth2/deviceauth/\r\nhttp://+:80/adfs/deviceflowresult/\r\nhttp://+:80/adfs/artifact/\r\nhttps://+:443/adfs/discovery/\r\nhttps://+:443/adfs/.well-known/\r\nhttps://+:443/.well-known/webfinger/\r\nhttps://+:443/adfs/userinfo/\r\nhttps://+:443/adfs/Proxy/EstablishTrust/\r\nhttps://+:443/adfs/backendproxytls/\r\nhttps://+:443/adfs/Proxy/\r\nhttp://+:80/adfs/Proxy/PrimaryWriter/\r\nhttps://+:443/adfs/portal/\r\nhttp://+:80/adfs/probe/\r\n"
      }
    }
  },
  "message": ""
}

Description

The Federation Service started successfully. The following service hosts have been added.

Fields #

Description

There was an error in enabling endpoints of Federation Service. Fix configuration errors using PowerShell cmdlets and restart the Federation Service.

Message #

There was an error in enabling endpoints of Federation Service. Fix configuration errors using PowerShell cmdlets and restart the Federation Service. 

Additional Data 
Exception details: 
%1

Fields #

Example Event #

{
  "system": {
    "provider": "AD FS",
    "guid": "2FFB687A-1571-4ACE-8550-47AB5CCAE2BC",
    "event_source_name": "",
    "event_id": 102,
    "version": 0,
    "level": 2,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775809,
    "time_created": "2026-03-13T23:11:11.158613+00:00",
    "event_record_id": 292,
    "correlation": {},
    "execution": {
      "process_id": 12444,
      "thread_id": 11500
    },
    "channel": "AD FS/Admin",
    "computer": "LAB-DC01.ludus.domain",
    "security": {
      "user_id": "S-1-5-21-1006758700-2167138679-1475694448-1309"
    }
  },
  "user_data": {
    "Event": {
      "EventData": {
        "Data": "System.ServiceModel.FaultException`1[Microsoft.IdentityServer.Protocols.PolicyStore.OperationFault]: ADMIN0012: OperationFault (Fault Detail is equal to Microsoft.IdentityServer.Protocols.PolicyStore.OperationFault)."
      }
    }
  },
  "message": ""
}

Description

There was an error in enabling endpoints of Federation Service. Fix configuration errors using PowerShell cmdlets and restart the Federation Service.

Fields #

Description

The Federation Service stopped successfully.

Message #

The Federation Service stopped successfully.

Fields #

Example Event #

{
  "system": {
    "provider": "AD FS",
    "guid": "2FFB687A-1571-4ACE-8550-47AB5CCAE2BC",
    "event_source_name": "",
    "event_id": 103,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775809,
    "time_created": "2026-03-13T23:04:06.374579+00:00",
    "event_record_id": 36,
    "correlation": {},
    "execution": {
      "process_id": 11528,
      "thread_id": 11808
    },
    "channel": "AD FS/Admin",
    "computer": "LAB-DC01.ludus.domain",
    "security": {
      "user_id": "S-1-5-21-1006758700-2167138679-1475694448-1283"
    }
  },
  "user_data": {
    "Event": {
      "EventData": null
    }
  },
  "message": ""
}

Description

The Federation Service stopped successfully.

Description

The artifact resolution service is not running. The service must be running to perform token replay detection.

Message #

The artifact resolution service is not running. The service must be running to perform token replay detection. 

User Action 
Make sure that the artifact resolution service is configured properly. Or disable token replay detection by using the Set-ADFSProperties cmdlet with the PreventTokenReplays parameter in Windows PowerShell for AD FS.

Description

The artifact resolution service is not running. The service must be running to perform token replay detection.

Description

An error occurred loading an authentication provider. Fix configuration errors using PowerShell cmdlets and restart the Federation Service.

Message #

An error occurred loading an authentication provider. Fix configuration errors using PowerShell cmdlets and restart the Federation Service. 
Identifier: %1 
Context: %2 

Additional Data 
Exception details: 
%3

Fields #

Description

An error occurred loading an authentication provider. Fix configuration errors using PowerShell cmdlets and restart the Federation Service.

Fields #

Description

An authentication provider was successfully loaded: Identifier: 'Event.EventData', Context: 'data1'.

Message #

An authentication provider was successfully loaded: Identifier: '%1', Context: '%2'

Fields #

Example Event #

{
  "system": {
    "provider": "AD FS",
    "guid": "2FFB687A-1571-4ACE-8550-47AB5CCAE2BC",
    "event_source_name": "",
    "event_id": 106,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775809,
    "time_created": "2026-03-13T23:03:54.076793+00:00",
    "event_record_id": 8,
    "correlation": {},
    "execution": {
      "process_id": 11528,
      "thread_id": 11808
    },
    "channel": "AD FS/Admin",
    "computer": "LAB-DC01.ludus.domain",
    "security": {
      "user_id": "S-1-5-21-1006758700-2167138679-1475694448-1283"
    }
  },
  "user_data": {
    "Event": {
      "EventData": {
        "Data": [
          "FormsAuthentication",
          "Passive protocol pipeline"
        ]
      }
    }
  },
  "message": ""
}

Description

An authentication provider was successfully loaded: Identifier: 'data1', Context: 'data2'.

Fields #

Description

The Federation Service encountered an error while processing the WS-Trust request.

Message #

The Federation Service encountered an error while processing the WS-Trust request. 
Request type: %1 

Additional Data 
Exception details: 
%2

Fields #

Description

The Federation Service encountered an error while processing the WS-Trust request.

Fields #

Description

During processing of the Federation Service configuration, the element 'data1' was found to have invalid data. The configured value 'data2' could not be parsed as type 'data3'.

Message #

During processing of the Federation Service  configuration, the element '%1' was found to have invalid data. The configured value '%2' could not be parsed as type '%3'. 
Element: %1 
Value: %2 
Type: %3 

The Federation Service will not be able to start until this configuration element is corrected. 

User Action 
Correct the specified configuration element to conform to the given type.

Fields #

Description

During processing of the Federation Service configuration, the element 'data1' was found to have invalid data. The configured value 'data2' could not be parsed as type 'data3'.

Fields #

Description

During processing of the Federation Service configuration, the required element 'data1' was missing.

Message #

During processing of the Federation Service configuration, the required element '%1' was missing. 
Element: %1 

The Federation Service will not be able to start until this configuration element is configured. 

User Action 
Configure the specified configuration element using the AD FS Management snap-in.

Fields #

Description

During processing of the Federation Service configuration, the required element 'data1' was missing.

Fields #

Message #

During processing of the Federation Service configuration, the element '%1' was found to have invalid data. The private key for the certificate that was configured could not be accessed. The following are the values of the certificate: 
Element: %1 
Subject: %2 
Thumbprint: %3 
storeName: %4 
storeLocation: %5 
Federation Service identity: %6 

The Federation Service will not be able to start until this configuration element is corrected. 

This condition can occur when the certificate is found in the specified store but there is a problem accessing the certificate's private key. Common causes for this condition include the following: 
(1) The certificate was installed from a source that did not include the private key, such as a .cer or .p7b file. 
(2) The certificate's private key was imported (for example, from a .pfx file) into a store that is different from the store specified above. 
(3) The certificate was generated as part of a certificate request that did not specify the "Machine Key" option. 
(4) The Federation Service identity '%6' has not been granted read access to the certificate's private key. 

User Action 
If the certificate was imported from a source with no private key, choose a certificate that does have a private key, or import the certificate again from a source that includes the private key (for example, a .pfx file). 

If the certificate was imported in a user context, verify that the store specified above matches the store the certificate was imported into. 

If the certificate was generated by a certificate request that did not specify the "Machine Key" option and the key is marked as exportable, export the certificate with a private key from the user store to a .pfx file and import it again directly into the store specified in the configuration file. If the key is not marked as exportable, request a new certificate using the "Machine Key" option. 

If the Federation Service identity has not been granted read access to the certificate's private key, correct this condition using the Certificates  snap-in.

Fields #

Fields #

Description

During processing of the Federation Service configuration, the element 'data1' was found to have invalid data. The certificate that was identified by the findValue 'data2' could not be found.

Message #

During processing of the Federation Service configuration, the element '%1' was found to have invalid data. The certificate that was identified by the findValue '%2' could not be found. 
Element: %1 
storeName: %3 
storeLocation: %4 
x509FindType: %5 
findValue: %2 

The Federation Service will not be able to start until this configuration element is corrected. 

This condition occurs when the findValue that is specified does not match any certificate in the specified store. Common causes for this condition include the following: 
(1) The certificate with the specified findValue is from a store that is different from the configured store. 
(2) The certificate was deleted from the store after configuration. 

User Action 
If the certificate exists in a different store, find the location using the certificates snap-in and correct the configuration appropriately. 

If the certificate has been deleted, configure a different certificate.

Fields #

Description

During processing of the Federation Service configuration, the element 'data1' was found to have invalid data. The certificate that was identified by the findValue 'data2' could not be found.

Fields #

Description

During processing of the Federation Service configuration, the element 'data1' was found to have invalid data. The certificate that was identified by the findValue 'data2' was not unique.

Message #

During processing of the Federation Service configuration, the element '%1' was found to have invalid data. The certificate that was identified by the findValue '%2' was not unique. 
Element: %1 
storeName: %3 
storeLocation: %4 
x509FindType: %5 
findValue: %2 

The Federation Service will not be able to start until this configuration element is corrected. 

This condition can occur when the certificate is found in the specified store but there is more than one certificate that matches the findValue. 

User Action 
If the certificate was identified by name and there are multiple certificates of the same name, configure the certificate using the certificate thumbprint.

Fields #

Description

During processing of the Federation Service configuration, the element 'data1' was found to have invalid data. The certificate that was identified by the findValue 'data2' was not unique.

Fields #

Description

During processing of the Federation Service configuration, the Federation Service encountered a configuration error.

Message #

During processing of the Federation Service configuration, the Federation Service encountered a configuration error. 

%1 

Additional Data 
%2 

The Federation Service will not be able to start until this error has been corrected. 

User Action 
Correct the specified configuration error using the AD FS Management snap-in.

Fields #

Description

During processing of the Federation Service configuration, the Federation Service encountered a configuration error.

Fields #

Description

The Federation Service was unable to create the federation metadata document as a result of an error.

Message #

The Federation Service was unable to create the federation metadata document as a result of an error. 
Document Path: %1 

Additional Data 

Exception details: 
%2

Fields #

Description

The Federation Service was unable to create the federation metadata document as a result of an error.

Fields #

Message #

The Federation Service Proxy blocked an illegitimate request made by a client, as there was no matching  endpoint registered at the proxy. This could point to a DNS misconfiguration, a partially configured application  published through the proxy, or a malicious request. 
Url Path: %1

Fields #

Fields #

Description

A token was received from a claims provider identified by the key 'data1', but the token could not be validated because the key does not identify any known claims provider trust.

Message #

A token was received from a claims provider identified by the key '%1', but the token could not be validated because the key does not identify any known claims provider trust. 
Key: %1 

This request failed. 

User Action 
If this key represents the certificate thumbprint of a claims provider trust, verify that it  matches the signing certificate of the claims provider trust in the AD FS configuration database.

Fields #

Description

A token was received from a claims provider identified by the key 'data1', but the token could not be validated because the key does not identify any known claims provider trust.

Fields #

Description

During processing of the Federation Service configuration, the attribute store 'Event.EventData' could not be loaded.

Message #

During processing of the Federation Service configuration, the attribute store '%1' could not be loaded.  
Attribute store type: %2 

User Action 
If you are using a custom attribute store, verify that the custom attribute store is configured using AD FS Management snap-in. 

Additional Data 
%3

Fields #

Example Event #

{
  "system": {
    "provider": "AD FS",
    "guid": "2FFB687A-1571-4ACE-8550-47AB5CCAE2BC",
    "event_source_name": "",
    "event_id": 149,
    "version": 0,
    "level": 2,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775809,
    "time_created": "2026-03-13T23:07:31.694542+00:00",
    "event_record_id": 90,
    "correlation": {},
    "execution": {
      "process_id": 9844,
      "thread_id": 8576
    },
    "channel": "AD FS/Admin",
    "computer": "LAB-DC01.ludus.domain",
    "security": {
      "user_id": "S-1-5-21-1006758700-2167138679-1475694448-1283"
    }
  },
  "user_data": {
    "Event": {
      "EventData": {
        "Data": [
          "TestLDAPStore",
          "Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.LdapAttributeStore, Microsoft.IdentityServer.ClaimsPolicy",
          "POLICY3820: The configured connection value 'LDAP://localhost:389' for the 'TestLDAPStore' attribute store is not valid. It must be a valid LDAP:// Uri. Ex:LDAP://fabrikam.com/DC=fabrikam,DC=com"
        ]
      }
    }
  },
  "message": ""
}

Description

During processing of the Federation Service configuration, the attribute store 'data1' could not be loaded.

Fields #

Description

The Federation Service was unable to listen at 'data1' for metadata document requests due to an unexpected error.

Message #

The Federation Service was unable to listen at '%1' for metadata document requests due to an unexpected error. 

Additional Data 

Exception details: 
%2

Fields #

Description

The Federation Service was unable to listen at 'data1' for metadata document requests due to an unexpected error.

Fields #

Description

Trust monitoring cycle initiated.

Message #

Trust monitoring cycle initiated.

Fields #

Example Event #

{
  "system": {
    "provider": "AD FS",
    "guid": "2FFB687A-1571-4ACE-8550-47AB5CCAE2BC",
    "event_source_name": "",
    "event_id": 156,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775809,
    "time_created": "2026-03-13T23:05:10.122193+00:00",
    "event_record_id": 75,
    "correlation": {},
    "execution": {
      "process_id": 9844,
      "thread_id": 11600
    },
    "channel": "AD FS/Admin",
    "computer": "LAB-DC01.ludus.domain",
    "security": {
      "user_id": "S-1-5-21-1006758700-2167138679-1475694448-1283"
    }
  },
  "user_data": {
    "Event": {
      "EventData": null
    }
  },
  "message": ""
}

Description

Trust monitoring cycle initiated.

Description

Trust monitoring cycle completed.

Message #

Trust monitoring cycle completed.

Fields #

Example Event #

{
  "system": {
    "provider": "AD FS",
    "guid": "2FFB687A-1571-4ACE-8550-47AB5CCAE2BC",
    "event_source_name": "",
    "event_id": 157,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775809,
    "time_created": "2026-03-13T23:05:10.147700+00:00",
    "event_record_id": 78,
    "correlation": {},
    "execution": {
      "process_id": 9844,
      "thread_id": 11600
    },
    "channel": "AD FS/Admin",
    "computer": "LAB-DC01.ludus.domain",
    "security": {
      "user_id": "S-1-5-21-1006758700-2167138679-1475694448-1283"
    }
  },
  "user_data": {
    "Event": {
      "EventData": null
    }
  },
  "message": ""
}

Description

Trust monitoring cycle completed.

Description

The Federation Service encountered an error while writing to the following object in the configuration database.

Message #

The Federation Service encountered an error while writing to the following object in the configuration database. 

Object Type: 
%1 

Name: 
%2 

Metadata document URL: 
%3 

Additional Data 

Exception details: 
%4 

Additional details: 
%5

Fields #

Description

The Federation Service encountered an error while writing to the following object in the configuration database.

Fields #

Description

An error occurred during initialization of trust monitoring. Trust monitoring against the published partner configuration will be disabled for the lifetime of this service.

Message #

An error occurred during initialization of trust monitoring. Trust monitoring against the published partner configuration will be disabled for the lifetime of this service. 

Additional Data 

Exception details: 
%1 

User Action 
If you want to try to start the trust monitoring service again, restart the Federation Service.

Fields #

Description

An error occurred during initialization of trust monitoring. Trust monitoring against the published partner configuration will be disabled for the lifetime of this service.

Fields #

Message #

An error occurred during a read operation from the configuration database. Trust monitoring was shut down and will be tried again after an amount of time that corresponds to the trust monitoring interval. 

Additional Data 

Exception details: 
%1 

Additional details: 
%2

Fields #

Fields #

Description

An error occurred during trust monitoring. The trust monitoring cycle was shut down.

Message #

An error occurred during trust monitoring. The trust monitoring cycle was shut down. 

Additional Data 

Exception details: 
%1 

Additional details: 
%2

Fields #

Description

An error occurred during trust monitoring. The trust monitoring cycle was shut down.

Fields #

Description

Trust monitoring service encountered an error while parsing the metadata document from 'data1'. Trust monitoring failed for.

Message #

Trust monitoring service encountered an error while parsing the metadata document from '%1'. Trust monitoring failed for: 

Object Type: 
%2 

Name: 
%3 

Additional Data 

Exception details: 
%4 

Additional details: 
%5

Fields #

Description

Trust monitoring service encountered an error while parsing the metadata document from 'data1'. Trust monitoring failed for.

Fields #

Description

Trust monitoring service encountered an error while applying the data in the metadata document from 'data1'. Trust monitoring failed for.

Message #

Trust monitoring service encountered an error while applying the data in the metadata document from '%1'. Trust monitoring failed for: 

Object Type: 
%2 

Name: 
%3 

Additional Data 

Exception details: 
%4 

Additional details: 
%5

Fields #

Description

Trust monitoring service encountered an error while applying the data in the metadata document from 'data1'. Trust monitoring failed for.

Fields #

Description

The Federation Service encountered an error while retrieving the federation metadata document from 'data1'. The monitoring for the following trusts failed.

Message #

The Federation Service encountered an error while retrieving the federation metadata document from '%1'. The monitoring for the following trusts failed: 

Claims providers: 
%2 

Relying parties: 
%3 

Additional Data 

Exception details: 
%4 

Additional details: 
%5 

User Action 
Make sure federation metadata URL is accessible. 
Verify your proxy server setting. For more information about how to verify your proxy server setting, see the AD FS Troubleshooting Guide (http://go.microsoft.com/fwlink/?LinkId=182180).

Fields #

Description

The Federation Service encountered an error while retrieving the federation metadata document from 'data1'. The monitoring for the following trusts failed.

Fields #

Description

The trust monitoring service automatically updated the trust of 'data1' successfully with the partner's published changes.

Message #

The trust monitoring service automatically updated the trust of '%1' successfully with the partner's published changes.

Fields #

Description

The trust monitoring service automatically updated the trust of 'data1' successfully with the partner's published changes.

Fields #

Description

The trust monitoring service automatically updated the trust of 'data1' successfully with the partner's published changes.

Message #

The trust monitoring service automatically updated the trust of '%1' successfully with the partner's published changes. 

Additional Data 
Warnings: 
%2

Fields #

Description

The trust monitoring service automatically updated the trust of 'data1' successfully with the partner's published changes.

Fields #

Description

Trust monitoring service detected changes in policy of 'data1', but did not automatically apply the changes on the trust partner.

Message #

Trust monitoring service detected changes in policy of '%1', but did not automatically apply the changes on the trust partner. 

Additional Data 
Warnings: 
%2

Fields #

Description

Trust monitoring service detected changes in policy of 'data1', but did not automatically apply the changes on the trust partner.

Fields #

Description

An error occurred while upgrading FarmBehaviorLevel 'data1' from Minor Version 'data2' to Minor Version 'data3'.

Message #

An error occurred while upgrading FarmBehaviorLevel '%1' from Minor Version '%2' to Minor Version '%3'. 

Additional Data 
Exception details: 
%4

Fields #

Description

An error occurred while upgrading FarmBehaviorLevel 'data1' from Minor Version 'data2' to Minor Version 'data3'.

Fields #

Message #

AD FS could not enable the new KDFv2 feature automatically because of missing Windows Updates on one or more nodes of the farm. Please make sure that all the farm nodes are patched with the latest Windows Updates. AD FS checks regularly for the required updates to enable the new KDFv2 feature. An event 182 will be logged when a check is successful. For more information on this, please see https://go.microsoft.com/fwlink/?linkid=2153807.

Description

AD FS enabled the new KDFv2 feature successfully. For more information on this, please see https://go.microsoft.com/fwlink/?linkid=2153807.

Message #

AD FS enabled the new KDFv2 feature successfully. For more information on this, please see https://go.microsoft.com/fwlink/?linkid=2153807.

Description

AD FS enabled the new KDFv2 feature successfully. For more information on this, please see https://go.microsoft.com/fwlink/?linkid=2153807.

Message #

KDFv2 feature is disabled on AD FS farm. Please make sure that all the farm nodes are patched with latest Windows Updates and the KDFv2 feature is enabled to enhance the security of the farm. For more information on this, please see https://go.microsoft.com/fwlink/?linkid=2153807.

Description

A token request was received for a relying party identified by the key 'data1', but the request could not be fulfilled because the key does not identify any known relying party trust.

Message #

A token request was received for a relying party identified by the key '%1', but the request could not be fulfilled because the key does not identify any known relying party trust. 
Key: %1 

This request failed. 

User Action 
If this key represents a URI for which a token should be issued, verify that its prefix matches the relying party trust that is configured in the AD FS configuration database.

Fields #

Description

A token request was received for a relying party identified by the key 'data1', but the request could not be fulfilled because the key does not identify any known relying party trust.

Fields #

Message #

The Federation Service could not fulfill the token-issuance request. More than  one claim based on SamlNameIdentifierClaimResource was produced after the issuance  transform rules were applies for relying party '%2'. See event 500 with the same Instance ID for claims after application of issuance transform rules. 

Additional Data 
Instance ID: %1 

User Action 
Ensure that the issuance transform rules that are configured for the relying party do not result in multiple claims based on SamlNameIdentifierClaimResource.

Fields #

Fields #

Message #

AD FS server received a JWT token without nonce in the assertion and it was accepted based on the current configuration setting of EnforceNonceInJWT. However, it indicates a potential replay of the JWT token by a malicious client or the possibility that the client is not patched with latest Windows Updates. Please make sure to update the EnforceNonceInJWT setting to reject all such JWT tokens after patching the clients with latest Windows Updates. 
For more information on this, please see https://go.microsoft.com/fwlink/?linkid=2238156. 

Additional Data 
    Client IP: %1 
    User Agent: %2

Fields #

Fields #

Message #

AD FS server is not configured to reject JWT tokens that did not have nonce in the assertion. The corresponding setting (EnforceNonceInJWT) should be enabled for security reasons after making sure that all the clients are patched with the latest Windows Updates. 
The event 187 indicates the instances where AD FS received such tokens and accepted due to the current setting of EnforceNonceInJWT. 
For more information on this, please see https://go.microsoft.com/fwlink/?linkid=2238156.

Message #

AD FS server received an OAuth authorization request in the device code flow without a Cross Site Request Forgery (CSRF) protection code in the UserCode cookie. This indicates that the AD FS server that issued the UserCode cookie has not  been patched with the latest Windows security updates. It is recommended to install the latest Windows security updates  on all the AD FS servers of the farm in order to be protected from CSRF attacks. Your environment is currently vulnerable  to the CSRF attacks in OAuth device code flow due to one or more unpatched AD FS servers. 

Additional Data 
    Usercode: %1 
    Client IP: %2 
    User Agent: %3

Fields #

Fields #

Description

The Federation Service could not satisfy a token request because the relying party requested an unknown authentication type.

Message #

The Federation Service could not satisfy a token request because the relying party requested an unknown authentication type. 
Comparison type: %1 
Desired authentication type(s): %2 
Relying party: %3 

This request failed. 

User Action 
Use the AD FS PowerShell commands to configure the authentication context order property. 
Ensure that the relying party is configured to request the correct authentication type.

Fields #

Description

The Federation Service could not satisfy a token request because the relying party requested an unknown authentication type.

Fields #

Description

The Federation Service could not satisfy a token request because the accompanying credentials do not meet the authentication type requirement of 'data2' for the relying party 'data3'.

Message #

The Federation Service could not satisfy a token request because the accompanying credentials do not meet the authentication type requirement of '%2' for the relying party '%3'. 
Authentication type: %1 
Desired authentication type(s): %2 
Relying party: %3 

This request failed.

Fields #

Description

The Federation Service could not satisfy a token request because the accompanying credentials do not meet the authentication type requirement of 'data2' for the relying party 'data3'.

Fields #

Description

The federation server proxy started successfully.

Message #

The federation server proxy started successfully.

Description

The federation server proxy started successfully.

Description

The federation server proxy could not be started.

Message #

The federation server proxy could not be started. 
Reason: %1 

Additional Data 
Exception details: 
%2

Fields #

Description

The federation server proxy could not be started.

Fields #

Description

The federation server proxy stopped successfully.

Message #

The federation server proxy stopped successfully.

Description

The federation server proxy stopped successfully.

Message #

The Federation Service %1 encountered an Access Denied error while trying to register one or more endpoint URLs. This condition typically occurs when the ACL for the endpoint URL is missing or the HTTP namespace in the ACL is not a prefix match of the endpoint URL. 

 The %1 could not be opened. 

User Action 
Ensure that a valid ACL for each of the URLs has been configured on this computer. 

Additional Data 
Exception details: 
%2

Fields #

Fields #

Description

The Federation Service data1 could not be opened.

Message #

The Federation Service %1 could not be opened. 

Additional Data 
Exception details: 
%2

Fields #

Description

The Federation Service could not be opened.

Fields #

Description

The Federation Service data1 could not be shut down properly.

Message #

The Federation Service %1 could not be shut down properly. 

Additional Data 
Exception details: 
%2

Fields #

Description

The Federation Service could not be shut down properly.

Fields #

Description

The Federation Service data1 could not be closed.

Message #

The Federation Service %1 could not be closed. 

Additional Data 
Exception details: 
%2

Fields #

Description

The Federation Service could not be closed.

Fields #

Description

The Federation Service could not fulfill the token-issuance request because the relying party 'data1' is missing a WS-Federation Passive endpoint address.

Message #

The Federation Service could not fulfill the token-issuance request because the relying party '%1' is missing a WS-Federation Passive endpoint address. 
Relying party: %1 

This request failed. 

User Action 
Use the AD FS Management snap-in to configure a WS-Federation Passive endpoint on this relying party.

Fields #

Description

The Federation Service could not fulfill the token-issuance request because the relying party 'data1' is missing a WS-Federation Passive endpoint address.

Fields #

Description

An attempt to write to the Security event log failed.

Message #

An attempt to write to the Security event log failed. 

Additional Data 
Windows error code: %1 
Exception details: 
%2

Fields #

Description

An attempt to write to the Security event log failed.

Fields #

Description

An error occurred during an attempt to register the event source for the Security log.

Message #

An error occurred during an attempt to register the event source for the Security log.  

User Action 
Ensure that the Federation Service has the correct permissions to write to the Security log.

Description

An error occurred during an attempt to register the event source for the Security log.

Description

The Security log event source for the Federation Service could not be registered.

Message #

The Security log event source for the Federation Service could not be registered. 

Additional Data 
Windows error code: %1 
Exception details: 
%2

Fields #

Description

The Security log event source for the Federation Service could not be registered.

Fields #

Description

The Federation Service at 'data1' did not return any WS-Trust endpoints to be published by the federation server proxy.

Message #

The Federation Service at '%1' did not return any WS-Trust endpoints to be published by the federation server proxy. 

User Action 
If you want to publish WS-Trust endpoints to the federation server proxy, make sure that the endpoints are enabled for proxy use on the federation server.

Fields #

Description

The Federation Service at 'data1' did not return any WS-Trust endpoints to be published by the federation server proxy.

Fields #

Description

A WS-Trust endpoint that was configured could not be opened.

Message #

A WS-Trust endpoint that was configured could not be opened. 

Additional Data 
Address: %1 
Mode: %2 

Error: 
%3

Fields #

Description

A WS-Trust endpoint that was configured could not be opened.

Fields #

Description

The federation server proxy received error code 'data2' while making a request to the Federation Service at 'data1'. This could mean that the Federation Service is not started on the remote host.

Message #

The federation server proxy received error code '%2' while making a request to the Federation Service at '%1'. This could mean that the Federation Service is not started on the remote host. 

User Action 
Verify that the Federation Service is running on the remote host.

Fields #

Description

The federation server proxy received error code 'data2' while making a request to the Federation Service at 'data1'. This could mean that the Federation Service is not started on the remote host.

Fields #

Description

The Federation Service configuration could not be loaded correctly from the AD FS configuration database.

Message #

The Federation Service configuration could not be loaded correctly from the AD FS configuration database. 

Additional Data 
Error:  
%1

Fields #

Example Event #

{
  "system": {
    "provider": "AD FS",
    "guid": "2FFB687A-1571-4ACE-8550-47AB5CCAE2BC",
    "event_source_name": "",
    "event_id": 220,
    "version": 0,
    "level": 2,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775809,
    "time_created": "2026-03-13T23:11:11.159207+00:00",
    "event_record_id": 297,
    "correlation": {},
    "execution": {
      "process_id": 12444,
      "thread_id": 11500
    },
    "channel": "AD FS/Admin",
    "computer": "LAB-DC01.ludus.domain",
    "security": {
      "user_id": "S-1-5-21-1006758700-2167138679-1475694448-1309"
    }
  },
  "user_data": {
    "Event": {
      "EventData": {
        "Data": "ADMIN0012: OperationFault"
      }
    }
  },
  "message": ""
}