Client Certificate Authentication
Applies To: Windows Server 2008
Clients must authenticate to a federation server by presenting a client authentication certificate. Authentication is granted when the federation server accepts a client authentication certificate from a federation server proxy.
Events
| Event ID | Source | Message |
|---|---|---|
Microsoft-Windows-ADFS |
The Federation Service was not able to communicate with the AD FS Authentication Package. Until this situation is resolved, the Federation Service will not be able to authenticate Active Directory Domain Services users by using Transport Layer Security / Secure Sockets Layer (TLS/SSL) client certificates. User Action Check for the presence of the authentication package binary (ifsap.dll) in %%systemroot%%\system32. If it is not present, reinstall AD FS. Check for the value "ifsap" in the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa value "Security Packages". If this value is absent, add it to the list, and then restart the computer. Additional Data The data field contains the NTSTATUS error code from LsaLookupAuthenticationPackage. |