AD FS Access Over Windows Trusts

Applies To: Windows Server 2008

When a Windows trust exists between two Active Directory forests, the user accounts in one forest can access a Windows NT token-based application in another forest, which eliminates the need for resource accounts. Windows trusts enable service administrators to create or extend collaborative relationships between two or more domains or forests.

Events

Event ID Source Message

661

Microsoft-Windows-ADFS

The Federation Service encountered an error while attempting to update the Windows trust cache.

The Federation Service will continue to use previously cached Windows trust data until the update completes successfully. The next attempt at a cache update will occur in %1 minutes.
Retry period: %1

User Action
If this error persists, verify that your Windows trust relationships are functional.

Additional Data
Domain last processed: %2
Native error code: %3

662

Microsoft-Windows-ADFS

The Federation Service encountered an error while attempting to update the Windows trust cache.

The Federation Service never successfully built the Windows trust cache. Therefore, tokens that are issued by account partners that use a Windows trust will be rejected until the update completes successfully. The next attempt at a cache update will occur in %1 minutes.
Retry period: %1

User Action
If this error persists, verify that your Windows trust relationships are functional.

Additional Data
Domain last processed: %2
Native error code: %3

Federation Service

Active Directory Federation Services