Event ID 725 — Trust Policy and Configuration

Updated: December 3, 2008

Applies To: Windows Server 2008 R2

red

The Active Directory Federation Services (AD FS) trust policy file defines the set of parameters that a Federation Service requires to identify partners, certificates, account stores, claims, and the various properties of these entities that are associated with the Federation Service.

Event Details

Product: Windows Operating System
ID: 725
Source: Microsoft-Windows-ADFS
Version: 6.1
Symbolic Name: GroupPolicyProhibitsFederationService
Message: The Group Policy setting 'DisallowFederationService' is configured for this machine. The Federation Service will fail all requests until this condition is corrected.

User Action
Disable or do not configure the DisallowFederationService Group Policy setting for Active Directory Federation Services.

Resolve

Disable or do not configure the DisallowFederationService Group Policy setting for AD FS

Disable or do not configure the DisallowFederationService Group Policy setting (also known as Turn off Federation Service) for Active Directory Federation Services (AD FS).

To perform this procedure, you must be a member of the Domain Admins or Enterprise Admins group in Active Directory Domain Services (AD DS), or you must have been delegated the appropriate authority.

To disable the Turn off Federation Service Group Policy setting:

  1. On a domain controller running Windows Server 2008, click Start, point to Administrative Tools, and then click Group Policy Management.
  2. Double click Forest:forestname, double-click Domains, double-click domainname, right-click Default Domain Policy, and then click Edit.
  3. Under Computer Configuration, double-click Administrative Templates, double-click Windows Components, and then click Active Directory Federation Services.
  4. In the details pane, double-click Turn off Federation Service.
  5. In the Turn off Federation Service Properties dialog box, click Disabled or Not Configured, and then click OK.

Verify

Verify that you can access the Active Directory Federation Services (AD FS)-enabled application from a client browser and that the resource can be accessed.

Related Management Information

Trust Policy and Configuration

Active Directory Federation Services

Community Additions

ADD
Show: