TechNet
Products
IT Resources
Downloads
Training
Support
Products
Windows
Windows Server
System Center
Microsoft Edge
Office
Office 365
Exchange Server
SQL Server
SharePoint Products
Skype for Business
See all products »
Resources
Channel 9 Video
Evaluation Center
Learning Resources
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Script Center
Server and Tools Blogs
TechNet Blogs
TechNet Flash Newsletter
TechNet Gallery
TechNet Library
TechNet Magazine
TechNet Wiki
Windows Sysinternals
Virtual Labs
Solutions
Networking
Cloud and Datacenter
Security
Virtualization
Updates
Service Packs
Security Bulletins
Windows Update
Trials
Windows Server 2016
System Center 2016
Windows 10 Enterprise
SQL Server 2016
See all trials »
Related Sites
Microsoft Download Center
Microsoft Evaluation Center
Drivers
Windows Sysinternals
TechNet Gallery
Training
Expert-led, virtual classes
Training Catalog
Class Locator
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
Microsoft Official Courses On-Demand
Certifications
Certification overview
Special offers
MCSE Cloud Platform and Infrastructure
MCSE: Mobility
MCSE: Data Management and Analytics
MCSE Productivity
Other resources
Microsoft Events
Exam Replay
Born To Learn blog
Find technical communities in your area
Azure training
Official Practice Tests
Support options
For business
For developers
For IT professionals
For technical support
Support offerings
More support
Microsoft Premier Online
TechNet Forums
MSDN Forums
Security Bulletins & Advisories
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
Sign in
Home
Library
Wiki
Learn
Gallery
Downloads
Support
Forums
Blogs
Resources For IT Professionals
United States (English)
Россия (Pусский)
中国(简体中文)
Brasil (Português)
Skip to locale bar
Get this Tag RSS feed
Translate this page
Powered by
Microsoft® Translator
Popular Tags
Active Directory
AD
AD DS
adfs
ASP.NET
azure
BizTalk
BizTalk Server
BizTalk Server 2010
C#
Candidate for deletion
certification
cloud
core docs
de-DE
EAA
Ed Price
Ed's Stub Pages
en-US
ESA
es-ES
Excel
Exchange
Exchange 2010
fa-IR
Fernando Lugao Veltem
FIM
FIM 2010
FIM Resources
FIM-HELP
forefront
forums
fr-FR
Gokan Ozcifci
has code
has comment
has comments
has image
has Images
has Other Languages
has See Also
Has Table
Has TOC
Horizon_Net
How To
Hyper-V
id-ID
IIS
Italian Wiki Articles
it-IT
ja-JP
Jordano Mazzoni
Link Collection
Luciano Lima
Luigi Bruno
Lync Server 2010
MIISILMFIM MACAULAY
Multi Language Wiki Articles
needs work
operations manager
Pirated Content
Portal
Português Brasil
PowerShell
pt-BR
security
SharePoint
SharePoint 2010
SharePoint 2013
SharePoint Pirate
Small Basic
solucionando problemas
SQL Server
SQL Server 2012
stub
System Center
System Center 2012
TechNet Guru
TechNet Wiki
TechNet Wiki Featured Article
tonyso
Translated into Japanese
troubleshooting
tr-TR
vídeo
Video
Virtualization
VMM
Wiki
Windows
Windows 7
Windows 8
Windows Azure
Windows Server
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
yottun8
اکتیو دایرکتوری
Browse by Tags
>
TechNet Articles
>
All Tags
>
AD FS 2.0
Tagged Content List
Wiki Page:
Windows Identity Foundation (WIF) Throws Exception: "ID6018: Digest verification failed for reference"
Maheshkumar S Tiwari
Symptoms During a federation passive request to a WIF-protected web application, WIF throws an exception on the web server. When WIF tracing is enabled, the following exception is found in the service trace: < <ExceptionType>System.Security.Cryptography.CryptographicException...
on
22 Sep 2013
Wiki Page:
Forefront UAG Troubleshooting: Event ID 167: The KCD Shadow User Name Claim Cannot Be Retrieved
Maheshkumar S Tiwari
Symptoms — When end users attempt to access the Forefront UAG portal, they may receive the following message " You are not authorized to access this application. " There may also be an event 167 in the event viewer or in the Web Monitor with the description " The KCD shadow user name...
on
22 Sep 2013
Wiki Page:
Forefront UAG Troubleshooting: The AD FS 2.0 Authentication Server Is Used in More than One Trunk
Carsten Siemens
Description —You have configured a single AD FS 2.0 authentication server and you have attempted to use it for trunk authentication in more than one trunk and you receive the following message " The AD FS 2.0 authentication server 'authentication_server' is used in more than one trunk...
on
21 Sep 2013
Wiki Page:
AD FS 2.x: Error Event IDs 102 and 277 - The type initializer for 'TraceUtil' threw an exception
Maheshkumar S Tiwari
Symptom AD FS 2.x is not able to issue tokens, and the AD FS Management console shows that it is not able to connect to the configuration database. The AD FS Admin Event Log contains the following events with the following XML data: Log Name: AD FS 2.0/Admin Source: AD FS 2.0...
on
19 Sep 2013
Wiki Page:
AD FS 2.0: Understanding AutoCertificateRollover Threshold Properties
Maheshkumar S Tiwari
Item Sample Value Description of Item Effect AutoCertificateRollover True Specifies whether the system will manage certificates for the administrator and generate new certificates before the expiration date of current certificates. ...
on
19 Sep 2013
Wiki Page:
AD FS 2.0: Asserting the NameID Claim Type with Additional Properties
Maheshkumar S Tiwari
Overview The SAML NameID claim type is a special claim type used to identify the principal of the session, and this claim type can be asserted containing only the value data, or you can also choose to assert additional NameID properties. Below, you will find a Claim Rule Language sample, which...
on
19 Sep 2013
Wiki Page:
AD FS 2.0: Configuration options for shared computers and kiosks
Maheshkumar S Tiwari
Introduction Using claims aware applications on a shared computer or kiosk adds additional challenges for configuration. One common challenge faced by administrators is with users gaining access to applications as the previous user. Scenario: - User A browses to a claims aware application...
on
17 Sep 2013
Wiki Page:
Forefront UAG Troubleshooting: Web Monitor ID 45: Users Cannot Sign In and Receive Error about Attempting to Access Restricted URL
Maheshkumar S Tiwari
Symptoms —When end users attempt to access the Forefront UAG portal, they may receive the following message " You have attempted to access a restricted URL. The URL contains an invalid parameter. " There may also be an event 45 in the Forefront UAG Web Monitor with the short description "...
on
13 Sep 2013
Wiki Page:
Forefront UAG: Troubleshooting Forefront UAG with AD FS 2.0 Event Viewer Messages
Maheshkumar S Tiwari
This topic lists the messages that you may encounter on Forefront Unified Access Gateway (UAG) in the event viewer or in the Forefront UAG Web Monitor when end users attempt to access your published site using Active Directory Federation Services (AD FS) 2.0 authentication. Event ID/Web...
on
13 Sep 2013
Wiki Page:
Forefront UAG Troubleshooting: Associate Your Current AD FS 2.0 Application with the Authentication Server
Maheshkumar S Tiwari
Description —When you add an AD FS 2.0 authentication repository for trunk authentication in the Forefront UAG Management console, Forefront UAG automatically creates an AD FS 2.0 application on that trunk and you may receive the following message " An AD FS 2.0 authentication server is used in...
on
13 Sep 2013
Wiki Page:
AD FS 2.0: Continuously Prompted for Credentials When Using FireFox 3.6.3
Maheshkumar S Tiwari
Symptoms Users are continuously prompted for credentials when authenticating to AD FS 2.0 while using FireFox 3.6.3. Internet Explorer does not exhibit this behavior. Cause The default FireFox 3.6.3 network authentication configuration is incorrect. Resolution...
on
13 Sep 2013
Wiki Page:
AD FS 2.0: The AD FS 2.0 Windows Service Fails to Start, Event 102 and 220 Logged
Maheshkumar S Tiwari
Symptoms Starting AD FS 2.0 Windows Service fails From the Services console: "Windows could not start the AD FS 2.0 Windows Service service on Local Computer. Error 1064: An exception occurred in the service when handling the control request." From the command line...
on
13 Sep 2013
Wiki Page:
AD FS 2.0: How to Configure the SPN (servicePrincipalName) for the Service Account
Maheshkumar S Tiwari
Summary When you deploy an AD FS 2.0 Federation Server farm you must specify a domain-based service account , and the AD FS 2.0 service account needs to have a SPN ( servicePrincipalName ) registered to allow Kerberos to function for the Federation Service. When you initially configure...
on
13 Sep 2013
Wiki Page:
AD FS 2.0: How to Enable and Immediately Use AutoCertificateRollover
Maheshkumar S Tiwari
Summary When the GUI Initial Configuration Wizard (ICW) of AD FS 2.0 has been executed, AutoCertificateRollover is automatically enabled by default and the token-signing and token-decrypting certificates are self-signed and maintained by the AD FS 2.0 service. When the command line ICW of...
on
12 Sep 2013
Wiki Page:
AD FS 2.0: "Script is disabled. Click Submit to continue."
Maheshkumar S Tiwari
Symptoms When accessing an AD FS-protected resource using a web browser (passive requestor), the AD FS server presents a page similar to the following: "Script is disabled. Click Submit to continue." Once the user clicks the "Submit" button, access to the application is...
on
12 Sep 2013
Wiki Page:
Forefront UAG Troubleshooting: Federation Metadata Retrieval Errors
Maheshkumar S Tiwari
Forefront Unified Access Gateway (UAG) performs a number of tests and checks when you retrieve the federation metadata from the Active Directory Federation Services (AD FS) 2.0 server. This topic describes how to troubleshoot any errors you may receive when retrieving the federation metadata. ...
on
10 Sep 2013
Wiki Page:
AD FS 2.0: Error Event 323, "MSIS5009: The impersonation authorization failed" and Event 364, "MSIS3126: Access denied"
Maheshkumar S Tiwari
Symptoms Token issuance fails The following events are logged in the AD FS 2.0/Admin Event Log: Log Name: AD FS 2.0/Admin Source: AD FS 2.0 Date: 2/14/2011 1:32:23 PM Event ID: 323 Task Category: None Level: Error Keywords: AD FS User: NETWORK SERVICE Computer...
on
10 Sep 2013
Wiki Page:
Forefront UAG: Troubleshoot Forefront UAG with AD FS 2.0 Activation Errors
Maheshkumar S Tiwari
When you use Forefront Unified Access Gateway (UAG) with Active Directory Federation Services (AD FS) 2.0 authentication, you may encounter a number of errors when activating the configuration in the Forefront UAG Management console. The following table provides links to troubleshooting topics for...
on
10 Sep 2013
Wiki Page:
Forefront UAG Troubleshooting: Event ID 158: The Application Settings Could Not Be Read
Maheshkumar S Tiwari
Symptoms — When end users attempt to access the Forefront UAG portal, they may receive the following message " An unexpected error occurred when starting the application. " There may also be an event 158 in the event viewer or in the Web Monitor with the description " ADFSv2Site: The...
on
10 Sep 2013
Wiki Page:
Forefront UAG Troubleshooting: Event ID 165: The Single Sign-Out for a User Was Not Complete
Maheshkumar S Tiwari
Symptoms — End users click the Log Off button in the Forefront UAG portal and are logged out of the portal, but an event 165 appears in the event viewer or in the Web Monitor with the description " ADFSv2Site: Single sign out process for user with lead user claim value [user_name] was not complete...
on
10 Sep 2013
Wiki Page:
Forefront UAG Troubleshooting: Event ID 159: The Trunk Received a Request with More than One Identity
Maheshkumar S Tiwari
Symptoms — When end users attempt to access the Forefront UAG portal, they may receive the following message " A request was received with an incorrect number of identities. Only single identity requests are supported. " There may also be an event 159 in the event viewer or the Web Monitor...
on
10 Sep 2013
Wiki Page:
Automatic Login to SharePoint 2010 with AD FS 2.0 & WS-Federation
Richard Mueller
Table of Contents Introduction Pre-formatted Link Sample URL Broken Down Removing or Seperating Windows Authentication Links Introduction Consider the situation where you have a SharePoint 2010 site secured by AD FS 2.0 and you have a partner that accesses this application that also uses AD...
on
3 Sep 2013
Wiki Page:
AD FS 2.x: When a User is Not Authorized Access to a Relying Party, Redirect the User to a Specific Location
Maheshkumar S Tiwari
Overview Consider the following scenario: You have deployed AD FS 2.x, and you wish to provide granular access to specific relying parties by utilizing Issuance Authorization Rules on each Relying Party Trust As an example, you have Contoso SharePoint as a relying party, and you wish to only...
on
31 Aug 2013
Wiki Page:
AD FS 2.0 & Higher: Truncate strings in claims using RegEx
Joji Oshima
Scenario: There is an incoming claim ( or user attribute ) that is being sent to a relying party When the claim is sent, the value must not exceed a certain character limit Data that exceeds this limit must be truncated to accommodate this requirement Example: Incoming claim http...
on
21 Aug 2013
Wiki Page:
Understanding Claim Rule Language in AD FS 2.0 & Higher
Joji Oshima
Table of Contents Introduction Understanding Claim Sets General Syntax of the Claim Rule Language Condition Statements Issuance Statements Multiple Conditions Combining Values Aggregate Functions Using Regular Expressions Querying Attribute Stores SQL Attribute Stores LDAP Attribute Stores Links to Additional...
on
21 Aug 2013
Page 1 of 5 (102 items)
1
2
3
4
5
Can't find it? Write it!
Post an Article