Event ID 731 — Trust Policy and Configuration
Applies To: Windows Server 2008 R2
.jpg)
The Active Directory Federation Services (AD FS) trust policy file defines the set of parameters that a Federation Service requires to identify partners, certificates, account stores, claims, and the various properties of these entities that are associated with the Federation Service.
Event Details
| Product: | Windows Operating System |
| ID: | 731 |
| Source: | Microsoft-Windows-ADFS |
| Version: | 6.1 |
| Symbolic Name: | CannotContactDomainController |
| Message: | The Federation Service was unable to read configuration information from the domain controller. User Action Ensure that the Federation Server is joined to an Active Directory Domain Services (AD DS) domain. Ensure that the domain controller is available and can be accessed by the Federation Service. |
Resolve
Make sure that the federation server is joined to an AD DS domain and that it can contact a domain controller
Ensure that the federation server is joined to an Active Directory Domain Services (AD DS) domain.
To perform these procedures, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.
To ensure that the federation server is joined to an AD DS domain:
- On the federation server, click Start, click Control Panel, and then double-click System.
- Under Computer Name, domain, and workgroup settings, click Change settings.
- In the System Properties dialog box, on the Computer Name tab, click Change.
- In the Computer Name/Domain Changes dialog box, under Member of, click Domain. If a value is not present, type the name of the domain that this federation server will join, and then click OK.
- Click OK, and then restart the computer.
Ensure that a domain controller is available and that the federation server can access it.
To check the connectivity of a domain member to the domain controller:
- On the federation server, click Start, and then click Command Prompt.
- Type nltest /server:server /query to verify that the NetLogon service is working, and then press ENTER. Replace server with the computer name of the federation server.
To resolve the domain on the network:
- On the federation server, click Start, and then click Command Prompt.
- Type nltest /dsgetdc, and then press ENTER. The domain controller that this computer is joined to should appear in the command output.
Verify
Verify that you can access the Active Directory Federation Services (AD FS)-enabled application from a client browser and that the resource can be accessed.