Disclaimer: All postings are provided "AS IS" with no warranties, and confer no rights. This weblog does not represent the thoughts, intentions, plans or strategies of Microsoft. Because a weblog is intended to provide a semi-permanent point-in-time snapshot, you should not consider out of date posts to reflect current thoughts and opinions.
The following is logged in the event log on an ADFS Proxy or ADFS Server:
Log Name: AD FS 2.0/AdminSource: AD FS 2.0Date: 15.09.2011 14:28:16Event ID: 364Task Category: NoneLevel: ErrorKeywords: AD FSUser: NETWORK SERVICEComputer: ADFSProxy01Description:Encountered error during federation passive request.
Additional Data:Exception details: System.ServiceModel.Security.MessageSecurityException: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. ---> System.ServiceModel.FaultException: An error occurred when verifying security for the message. --- End of inner exception stack trace ---
......System.ServiceModel.FaultException: An error occurred when verifying security for the message.....Event Xml:…. <TimeCreated SystemTime="2011-09-15T12:28:16.218750000Z" />
(...this suggests a time difference between the ADFS Proxy and STS servers of 1 hour or greater.)
Possible causes for Event ID 364:
- The time difference between the ADFS proxy and the ADFS server is too big (should be synchronized as close together as possible - manually or via Win32Time)
- The SSL certificate of either the ADFS proxy or the ADFS server is failing revocation checking on either side (standard PKI troubleshooting applies).
- The SSL certificate of either the ADFS proxy or the ADFS server is unable to chain up to a Trusted Root on either side (verify all CA certificates in the chain are installed in the personal store of the application pool service account).