Client Certificate Authentication
Updated: February 27, 2008
Applies To: Windows Server 2008
Clients must authenticate to a federation server by presenting a client authentication certificate. Authentication is granted when the federation server accepts a client authentication certificate from a federation server proxy.
|The Federation Service was not able to communicate with the AD FS Authentication Package.
Until this situation is resolved, the Federation Service will not be able to authenticate Active Directory Domain Services users by using Transport Layer Security / Secure Sockets Layer (TLS/SSL) client certificates.
Check for the presence of the authentication package binary (ifsap.dll) in %%systemroot%%\system32. If it is not present, reinstall AD FS.
Check for the value "ifsap" in the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa value "Security Packages". If this value is absent, add it to the list, and then restart the computer.
The data field contains the NTSTATUS error code from LsaLookupAuthenticationPackage.