Event ID 106 — Windows NT Token-Based Application Configuration

Applies To: Windows Server 2008

Web Agent for Windows NT token-based application configuration contains information about the AD FS Web Agent Authentication Service, creation of Windows NT tokens, and Windows token-based agent authentication requests.

Event Details

Resolve

Add the AD FS Authentication Service principal account to the IIS_IUSRS group

Add the AD FS Authentication Service principal account as a member of the IIS_IUSRS group. This group is located in Computer Management\System Tools\Local Users and Groups\Groups.

Verify

Verify that you can access the Active Directory Federation Services (AD FS)-enabled application from a client browser and that the resource can be accessed with the appropriate authorization.

If you cannot access the application successfully, verify that the Windows token-based agent is configured with correct URL values and that all configuration parameters contain valid values.

To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.

To verify that the Windows token-based agent is configured with correct values:

1. Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
2. In the console tree, click YourComputerName**(local computer)**.
3. In the console tree, double-click Sites, and then click YourWebSiteName.
4. In the center pane, double-click Authentication, highlight AD FS Windows Token-Based Agent, and then in the Actions pane click Edit.
5. In the AD FS Windows Token-Based Agent dialog box, confirm that the Enable AD FS Web Agent check box is selected.
6. Make sure that the following values are valid, and then click OK.
   • Cookie path
   • Cookie domain
   • Return URL

Related Management Information

Windows NT Token-Based Application Configuration

Active Directory Federation Services