Federation Service Auditing
Applies To: Windows Server 2008
The Federation Service uses auditing to record success and failure audits, such as audits that are written when tokens are created and received.
Events
| Event ID | Source | Message |
|---|---|---|
Microsoft-Windows-ADFS |
The AD FS auditing subsystem could not register itself with the system. The auditing privilege is not held. The AD FS component will not be able to start unless it is granted the auditing privilege. User Action AD FS components that write audits must be configured to run as LocalSystem, NetworkService, or a domain principal that has explicitly been granted the "Generate Security Audits" privilege (SeAuditPrivilege). If the failing component is the Federation Service, configure the application pool (ADFSAppPool) to run as an appropriate principal. If the failing component is the AD FS Web Agent Authentication Service, configure the Windows NT service to run as an appropriate principal. If the failing component is the AD FS Web Agent for claims-aware applications, configure the application pool for the protected application to run as an appropriate principal. |
|
Microsoft-Windows-ADFS |
The AD FS auditing subsystem could not register itself with the system. An unexpected error occurred. Additional Data The data field contains a Win32 error code. |
|
Microsoft-Windows-ADFS |
The AD FS auditing subsystem failed to write an audit event. An unexpected error ocurred. Additional Data The data field contains a Win32 error code. |
|
Microsoft-Windows-ADFS |
Transaction ID: %1 Summary %2 Proxy certificate thumbprint: %3 Target URI: %4 Exception information: %5 Output Resource Token %6 Token ID: %7 Identity: %8 Output Logon Accelerator Token %9 Token ID: %10 Identity: %11 Input Logon Accelerator Token %12 Token ID: %13 Identity: %14 Input Federation Token %15 Token ID: %16 Identity: %17 Input Credentials %18 Credential type: %19 Credential hint: %20 Account store URI: %21 Error code: %22 Error string: %23 |
|
Microsoft-Windows-ADFS |
Transaction ID: %1 This event contains details of the errors encountered while processing the input logon accelerator token that was received as part of the referenced transaction. %2 Token ID: %3 Issuer: %4 Identity: %5 Audience: %6 Key identifier: %7 Validation time: %8 %9 Effective time: %10 %11 Expiration time: %12 %13 Error code: %14 |
|
Microsoft-Windows-ADFS |
Transaction ID: %1 This event contains details of the errors encountered while processing the input federation token that was received as part of the referenced transaction. %2 Token ID: %3 Issuer: %4 Identity: %5 Audience: %6 Key identifier: %7 Validation time: %8 %9 Effective time: %10 %11 Expiration time: %12 %13 Error code: %14 |
|
Microsoft-Windows-ADFS |
Transaction ID: %1 This event contains the details of the output resource token that was issued as part of the referenced transaction. Token ID: %2 Issuer: %3 Audience: %4 Effective time: %5 %6 Expiration time: %7 %8 Claim source: %9 Authentication methods: Method%t%tTime %10 UPN: %11 E-mail: %12 Common name: %13 Groups: (%14 sensitive values omitted) %15 Custom claims: Name%t%tValue %16 SIDs: %17 |
|
Microsoft-Windows-ADFS |
Transaction ID: %1 This event contains the details of the output logon accelerator token that was issued as part of the referenced transaction. Token ID: %2 Issuer: %3 Audience: %4 Effective time: %5 %6 Expiration time: %7 %8 Claim source: %9 Authentication methods: Method%t%tTime %10 UPN: %11 E-mail: %12 Common name: %13 Groups: (%14 sensitive values omitted) %15 Custom claims: Name%t%tValue %16 SIDs: %17 |
|
Microsoft-Windows-ADFS |
Transaction ID: %1 This event contains the details of the input logon accelerator token that was received as part of the referenced transaction. Token ID: %2 Issuer: %3 Audience: %4 Effective time: %5 %6 Expiration time: %7 %8 Claim source: %9 Authentication methods: Method%t%tTime %10 UPN: %11 E-mail: %12 Common name: %13 Groups: (%14 sensitive values omitted) %15 Custom claims: Name%t%tValue %16 SIDs: %17 |
|
Microsoft-Windows-ADFS |
Transaction ID: %1 This event contains the details of the input federation token that was received as part of the referenced transaction. Token ID: %2 Issuer: %3 Audience: %4 Effective time: %5 %6 Expiration time: %7 %8 Claim source: %9 Authentication methods: Method%t%tTime %10 UPN: %11 E-mail: %12 Common name: %13 Groups: (%14 sensitive values omitted) %15 Custom claims: Name%t%tValue %16 SIDs: %17 |
|
Microsoft-Windows-ADFS |
Transaction ID: %1 This event contains the list of claims that were retrieved using the input credentials that were received as part of the referenced transaction. UPN: %2 E-mail: %3 Common name: %4 Groups: (%5 sensitive values omitted) %6 Custom claims: Name%t%tValue %7 SIDs: %8 |