Share via


Windows NT Token-Based Application Auditing

Applies To: Windows Server 2008 R2

Audit events are written to the audit log during the auditing process. The Windows token-based agent records Success and Failure audits, such as the state of the AD FS Web Agent Authentication Service.

Events

Event ID Source Message

125

Microsoft-Windows-ADFS

The AD FS Web Agent Authentication Service could not start. The authentication service has not been configured to run as a principal that has been granted the "Generate Security Audits" privilege (SeAuditPrivilege).

Users will not be able to access protected resources until the authentication service can be restarted.

User Action
Either grant the AD FS authentication service principal the "Generate Security Audits" privilege or configure the authentication service to run as a principal that has already been granted the "Generate Security Audits" privilege. (For example, configure the authentication service to run as LocalSystem.)

126

Microsoft-Windows-ADFS

The AD FS Web Agent Authentication Service was not able to start. A failure was encountered when registering as an event source.

Users will not be able to access protected resources until the authentication service can be restarted.

Additional Data
The data field contains a Win32 error code.

10560

Microsoft-Windows-ADFS

%1
Key identifier: %2
Error code: %3
Token ID: %4
Identity: %5
Issuer: %6
Audience: %7
Effective time: %8 %9
Expiration time: %10 %11
Claim source: %12
Authentication methods:
Method%t%tTime
%13
UPN: %14
E-mail: %15
Common name: %16

Web Agent for Windows NT Token-Based Applications

Active Directory Federation Services