Disclaimer: All postings are provided "AS IS" with no warranties, and confer no rights. This weblog does not represent the thoughts, intentions, plans or strategies of Microsoft. Because a weblog is intended to provide a semi-permanent point-in-time snapshot, you should not consider out of date posts to reflect current thoughts and opinions.
AD Troubleshooting
Problem:
The following is logged in the event log on an ADFS Proxy or ADFS Server:
Log Name: AD FS 2.0/AdminSource: AD FS 2.0Date: 15.09.2011 14:28:16Event ID: 364Task Category: NoneLevel: ErrorKeywords: AD FSUser: NETWORK SERVICEComputer: ADFSProxy01Description:Encountered error during federation passive request.
Additional Data:Exception details: System.ServiceModel.Security.MessageSecurityException: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. ---> System.ServiceModel.FaultException: An error occurred when verifying security for the message. --- End of inner exception stack trace ---
......System.ServiceModel.FaultException: An error occurred when verifying security for the message.....Event Xml:…. <TimeCreated SystemTime="2011-09-15T12:28:16.218750000Z" />
(...this suggests a time difference between the ADFS Proxy and STS servers of 1 hour or greater.)
Possible causes for Event ID 364:
- The time difference between the ADFS proxy and the ADFS server is too big (should be synchronized as close together as possible - manually or via Win32Time)
- The SSL certificate of either the ADFS proxy or the ADFS server is failing revocation checking on either side (standard PKI troubleshooting applies).
- The SSL certificate of either the ADFS proxy or the ADFS server is unable to chain up to a Trusted Root on either side (verify all CA certificates in the chain are installed in the personal store of the application pool service account).