Event ID 702 — Trust Policy and Configuration

Applies To: Windows Server 2008 R2

The Active Directory Federation Services (AD FS) trust policy file defines the set of parameters that a Federation Service requires to identify partners, certificates, account stores, claims, and the various properties of these entities that are associated with the Federation Service.

Event Details

Product: Windows Operating System
ID: 702
Source: Microsoft-Windows-ADFS
Version: 6.1
Symbolic Name: SigningMethodUnknownSKI
Message: The Federation Service has detected a discrepancy between its signing and verification methods. If this condition is caused by a change in trust policy, the Federation Service will continue to use the old trust policy until the condition is resolved. If this condition occurs at startup, the Federation Service will not be able to service requests until the condition is resolved.
Signing certificate thumbprint: %1

The signing method identifies a Subject Key Identifier (SKI) which is not recognized by the verification method.
SKI: %2

User Action
If a signing method is to be identified by the SKI, the verification method must contain the signing certificate. Add the signing certificate to the verification certificate list.

Resolve

Add the signing certificate to the verification certificate list

If a signing method is to be identified by the Subject Key Identifier (SKI), which is set to thumbprint by default, the verification method must contain the token-signing certificate of the proper SKI for that account partner. Add the token-signing certificate to the verification certificate list.

To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.

To add a token-signing certificate to the verification list of an account partner:

  1. Click Start, point to Administrative Tools, and then click Active Directory Federation Services.
  2. Double-click Federation Service, double-click Trust Policy, double-click Partner Organizations, double-click Account Partners, right-click the account partner, and then click Properties.
  3. Click the Verification Certificates tab, and then click Add.
  4. In the Browse for Verification Certificate file dialog box, locate the certificate file that you want to add.
  5. Select the certificate file, and then click Open.
  6. In the Trust Policy Properties dialog box, click OK.

Verify

Verify that you can access the Active Directory Federation Services (AD FS)-enabled application from a client browser and that the resource can be accessed.

Trust Policy and Configuration

Active Directory Federation Services