Event ID 108 — Windows NT Token-Based Application - Miscellaneous

Applies To: Windows Server 2008

Monitor miscellaneous authentication requests that are made to the Windows token-based agent.

Event Details

Product: Windows Operating System
ID: 108
Source: Microsoft-Windows-ADFS
Version: 6.0
Symbolic Name: WSEXT_GET_ACCOUNT_NAME_FAILURE
Message: The AD FS Web Agent for Windows NT token-based applications encountered a serious error. The account name for this user could not be retrieved from the Windows NT token.

Additional Data
The data field contains the Win32 error code.

Resolve

Check the authentication method settings for the application in the Federation Service

The AD FS Web Agent for Windows NT token-based applications failed to retrieve the user name for the user account in the format domain\username. Confirm that the application settings in the Federation Service are set to the user name and password authentication method.

To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.

To confirm that the application in the Federation Service is configured for the user name and password authentication method:

  1. Click Start, point to Administrative Tools, and then click Active Directory Federation Services.
  2. Double-click Federation Service, double-click Trust Policy, double-click My Organization, double-click Applications, right-click the application whose authentication methods you want to check, and then click Properties.
  3. On the Authentication Methods tab, confirm that at least one of the following options is selected:
    • To allow all possible authentication methods in the list, including the user name and password method, ensure that the Any check box is selected.
    • To allow only the user name and password method, ensure that the Any check box is not selected and that the User name and password check box is selected.
  4. When you are finished checking the authentication method settings, click OK.

Verify

Verify that you can access the Active Directory Federation Services (AD FS)-enabled application from a client browser and that the resource can be accessed with the appropriate authorization.

If you cannot access the application successfully, verify that the Windows token-based agent is configured with correct URL values and that all configuration parameters contain valid values.

To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.

To verify that the Windows token-based agent is configured with correct values:

  1. Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
  2. In the console tree, click YourComputerName**(local computer)**.
  3. In the console tree, double-click Sites, and then click YourWebSiteName.
  4. In the center pane, double-click Authentication, highlight AD FS Windows Token-Based Agent, and then in the Actions pane click Edit.
  5. In the AD FS Windows Token-Based Agent dialog box, confirm that the Enable AD FS Web Agent check box is selected.
  6. Make sure that the following values are valid, and then click OK.
    • Cookie path
    • Cookie domain
    • Return URL

Windows NT Token-Based Application - Miscellaneous

Active Directory Federation Services