Event ID 617 — Claims-Aware Application Malformed Requests

Applies To: Windows Server 2008 R2

Web Agent for Claims-Aware Applications Malformed Requests logs token requests, session cookies, and sign-in requests that are associated with the claims-aware agent. Malformed Requests also provides information about protocol requests that are made to the AD FS Web Agent and client cookies, and it records any sign-on issues.

Event Details

Product: Windows Operating System
ID: 617
Source: Microsoft-Windows-ADFS
Version: 6.1
Symbolic Name: WsUnknownMessageType
Message: A malformed protocol request was received by the AD FS Web Agent. A '%1' message was received, but that message type is not handled at the Web agent.
Message type: %1

This request will be failed.

This situation can occur if other components mistake this server for the Federation Service.

User Action
If you are using non-Microsoft federation software in your environment, verify that it is compatible with Active Directory Federation Services (AD FS).

Ensure that the Uniform Resource Locator (URL) for this application is not configured as the Federation Service URL at any Web agent, Federation Service Proxy, or resource partner.

Resolve

Use compatible federation software with AD FS and check the URL for this application

If you are using non-Microsoft federation software in your environment, check that the federation software is compatible with Active Directory Federation Services (AD FS). For software to be compatible with AD FS, it must comply with the WS-Federation Passive Requestor Profile (https://go.microsoft.com/fwlink/?LinkID=89387).

Ensure that the Uniform Resource Locator (URL) for this application is not configured as the Federation Service URL on any Web agent, federation server proxy, or resource partner.

Verify

Verify that you can access the Active Directory Federation Services (AD FS)-enabled application from a client browser and that the resource can be accessed with the appropriate authorization.

If a failure occurs, verify that the web.config file is configured with correct URL values and that all configuration parameters contain valid values.

To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.

To verify that the web.config file is configured with the correct Return URL value:

  1. On a resource federation server, click Start, point to Administrative Tools, and then click Active Directory Federation Services.
  2. Double-click Federation Service, double-click Trust Policy, double-click My Organization, click Applications, right-click the application in the list that represents this claims-aware application, and then click Properties.
  3. Verify that the https value specified in Application URL—for example, https://www.treyresearch.net/ApplicationName/— is identical to the value specified between the returnurl tags within the web.config file.

Claims-Aware Application Malformed Requests

Active Directory Federation Services