Event ID 600 — Trust Policy and Configuration

Updated: December 3, 2008

Applies To: Windows Server 2008 R2


The Active Directory Federation Services (AD FS) trust policy file defines the set of parameters that a Federation Service requires to identify partners, certificates, account stores, claims, and the various properties of these entities that are associated with the Federation Service.

Event Details

Product: Windows Operating System
ID: 600
Source: Microsoft-Windows-ADFS
Version: 6.1
Symbolic Name: BadConfigurationFormatError
Message: During processing of web.config section '%1', the parameter '%2' was found to have invalid data. The configured data '%3' could not be parsed as type '%4'.
Section: %1
Parameter: %2
Data: %3
Type: %4

The Federation Service or Federation Service Proxy will not be able to start until this configuration parameter is corrected.

User Action
Correct the specified web.config parameter to conform to the given type.


Review invalid fields in the web.config file

This error was generated because there is an invalid field in the web.config file on the federation server proxy or because the user has manually modified the web.config file without using the Active Directory Federation Services snap-in to set the audit level. To fix the problem, use one of the following procedures.

To perform these procedures, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.

Open the web.config file on the federation server proxy, and make sure that a valid value is present in the FSURI field.

To check the FSURI value using the web.config file:

  1. In Notepad or another text editor, open the web.config file that is in %systemdrive%\windows\systemdata\adfs\sts\on the federation server proxy.
  2. Search for fsuri.
  3. Check that a value is present and that it is correct.

Reconfigure the web.config file on the federation server proxy by using the Active Directory Federation Services snap-in.

To check the Federation Service Uniform Resource Identifier (URI) value using the Active Directory Federation Services snap-in:

  1. Click Start, point to Administrative Tools, and then click Active Directory Federation Services.
  2. Right-click Federation Service Proxy, and then click Properties.
  3. On the General tab, check that Federation Service URL is present and that it has the correct value.


Verify that you can access the Active Directory Federation Services (AD FS)-enabled application from a client browser and that the resource can be accessed.

Related Management Information

Trust Policy and Configuration

Active Directory Federation Services

Community Additions