Event ID 726 — Trust Policy and Configuration

Updated: February 27, 2008

Applies To: Windows Server 2008

red

The Active Directory Federation Services (AD FS) trust policy file defines the set of parameters that a Federation Service requires to identify partners, certificates, account stores, claims, and the various properties of these entities that are associated with the Federation Service.

Event Details

Product: Windows Operating System
ID: 726
Source: Microsoft-Windows-ADFS
Version: 6.0
Symbolic Name: GroupPolicyInaccessible
Message: The Federation Service has encountered an error while reading Group Policy settings. This may indicate an attempt by the local administrator to bypass Group Policy. The Federation Service will fail all requests until this condition is corrected.

User Action
Ensure that the Access Control List for the registry path HKLM\Software\Policies\Microsoft\Windows\ADFS grants read access to the Federation Service principal.

Additional Data
Exception information:
%1

Resolve

Grant Read access permissions to the federation application pool

Ensure that the access control list (ACL) for the registry path HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ADFS grants Read access permissions to the identity under which the federation application pool is running.

To perform this procedure, you must be a member of the Administrators group or you must have been delegated the appropriate authority.

To assign permissions in the ADFS registry key:

Caution: Incorrectly editing the registry might severely damage your system. Before making changes to the registry, you should back up any valued data.

  1. On the federation server, click Start.
  2. In the Start Search text box, type regedit, and then press ENTER.
  3. Right-click the following key in the registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ADFS and then click Permissions.
  4. In the Permissions for ADFS dialog box, under Group or user names, check to make sure that the same account that is associated with the identity under which the federation application pool is running is present and that it is assigned the Read permission.
  5. Click OK, and close Registry Editor.

Verify

Verify that you can access the Active Directory Federation Services (AD FS)-enabled application from a client browser and that the resource can be accessed.

Related Management Information

Trust Policy and Configuration

Active Directory Federation Services

Community Additions

ADD
Show: