Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

Client Certificate Authentication

Updated: February 27, 2008

Applies To: Windows Server 2008

Clients must authenticate to a federation server by presenting a client authentication certificate. Authentication is granted when the federation server accepts a client authentication certificate from a federation server proxy.

Events

Event ID Source Message

680

Microsoft-Windows-ADFS

The Federation Service was not able to communicate with the AD FS Authentication Package.

Until this situation is resolved, the Federation Service will not be able to authenticate Active Directory Domain Services users by using Transport Layer Security / Secure Sockets Layer (TLS/SSL) client certificates.

User Action
Check for the presence of the authentication package binary (ifsap.dll) in %%systemroot%%\system32. If it is not present, reinstall AD FS.

Check for the value "ifsap" in the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa value "Security Packages". If this value is absent, add it to the list, and then restart the computer.

Additional Data
The data field contains the NTSTATUS error code from LsaLookupAuthenticationPackage.

Related Management Information

Federation Service

Active Directory Federation Services

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.