Troubleshooting artifact resolution failures with AD FS 2.0
Updated: May 5, 2010
Applies To: Active Directory Federation Services (AD FS) 2.0
This topic provides event-based troubleshooting guidance for failed artifact resolution with Active Directory Federation Services (AD FS) 2.0.
Before you begin the troubleshooting process, we recommend that you first try to configure AD FS 2.0 for troubleshooting and check for known common issues that might prevent normal functioning for the Federation Service. For detailed instructions for configuring and performing related system checks, see Configuring Computers for Troubleshooting AD FS 2.0 and Things to Check Before Troubleshooting AD FS 2.0.
Troubleshooting Failure to Resolve Artifacts
The following table provides troubleshooting guidance for the specific error event messages or other issues that you may encounter if you are having problems resolving artifact requests.
Event or symptom | Possible cause | Resolution |
---|---|---|
Event ID 278 |
The SAML artifact resolution endpoint might not be configured or turned on. |
If the artifact resolution service is required, use the AD FS 2.0 snap-in to configure or turn on the SAML artifact resolution endpoint. |
Event ID 284 |
A malformed response was received from the claims provider. See the inner exception details for more information about the possible cause for this event. |
Use the AD FS 2.0 snap-in to review the following possible configuration changes:
|
Event ID 285 |
The claims provider configuration is either incomplete or configured differently than expected. |
For more information, contact the administrator for your claims provider partner organization. |
Event ID 297 |
The index for the artifact resolution endpoint is not configured at the relying party. If the relying party trust is configured using imported metadata, this event could occur because a partner configuration has an inaccurate index configured. |
Ensure that the configured value and the actual index value for the artifact resolution endpoint are configured to match each other. For imported metadata, the index value should be adjusted at the source or metadata partner configuration first. |
Event ID 328 |
The artifact resolution endpoint is not configured correctly at the relying party. |
For more information, contact the claims provider. |
Event ID 353 |
The claims provider configuration or its signing certificate is out of date. |
Verify that the claims provider trust in the AD FS 2.0 configuration database is up to date. Verify that the claims provider trust's signing certificate is up to date. You can verify this certificate on the Certificates tab in the claims provider trust properties. |
Event ID 354 |
The claims provider configuration or its signing certificate is not configured to sign requests or is out of date. |
Configure the relying party certificate for request signing. Verify that the relying party certificate is up to date. |
Event ID 373 |
The relying party is not configured to accept artifact resolution requests with the expected signature algorithm. |
Check that the relying party is configured to accept the artifact resolution request with the expected signature algorithm. To configure the SignatureAlgorithm property, use the Set-ADFSRelyingPartyTrust cmdlet (included with the Windows PowerShell cmdlets for AD FS 2.0). |
Troubleshooting Trust Partner Failure to Resolve Artifacts
The following table provides troubleshooting guidance for the specific error event messages or other issues that you may encounter if you are having problems with a trust partner that fails to resolve artifacts.
Event or symptom | Possible cause | Resolution |
---|---|---|
Event ID 279 |
The claims provider trust either does not exist, or its configuration is stale. |
Verify that a claims provider trust exists in the AD FS 2.0 configuration database. Ensure that the data for the claims provider trust is up to date. |
Event ID 280 |
The configuration for the claims provider trust does not have the artifact resolution endpoint configured or turned on. |
Verify that the claims provider trust in the AD FS 2.0 configuration database is up to date. Add the artifact resolution service endpoint to the claims provider trust. |
Event ID 281 |
The claims provider trust does not have the required artifact resolution endpoint with the specified index configured. |
Verify that the claims provider trust in the AD FS 2.0 configuration database is up to date. Use the AD FS 2.0 snap-in to configure the artifact resolution endpoint with the specified index. |