Event ID 105 — Windows NT Token-Based Application - Miscellaneous

Updated: December 3, 2008

Applies To: Windows Server 2008 R2

red

Monitor miscellaneous authentication requests that are made to the Windows token-based agent.

Event Details

Product: Windows Operating System
ID: 105
Source: Microsoft-Windows-ADFS
Version: 6.1
Symbolic Name: WSEXT_INITIAL_REDIR_FAILURE
Message: The AD FS Web Agent for Windows NT token-based applications encountered a serious error. The Web agent was not able to redirect the unauthenticated client to the Federation Service.

User Action
If this error persists, enable the AD FS troubleshooting log.

Resolve

Enable the AD FS troubleshooting log

If this error persists, enable the Active Directory Federation Services (AD FS) troubleshooting log.

To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.

To enable the AD FS troubleshooting log:

Caution: Incorrectly editing the registry might severely damage your system. Before making changes to the registry, you should back up any valued data.

  1. Click Start, click Run, type regedit, and then click OK.
  2. Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ifssvc\ Parameters
  3. Right-click Parameters, click New, and then click DWORD Value.
  4. In the New Value name box, type ADFSEvent, and then press ENTER.
  5. Double-click the new entry, and then, in Value data, provide a value for one of the following levels (or add values to configure multiple levels) and then click OK:
    • Warning: 0x01
    • Information: 0x02
    • Success: 0x04
    • Failure: 0x08

For more information, see Configure event logging for a Windows NT token-based application (http://go.microsoft.com/fwlink/?LinkId=94741).

Verify

Verify that you can access the Active Directory Federation Services (AD FS)-enabled application from a client browser and that the resource can be accessed with the appropriate authorization.

If you cannot access the application successfully, verify that the Windows token-based agent is configured with correct URL values and that all configuration parameters contain valid values.

To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.

To verify that the Windows token-based agent is configured with correct values:

  1. Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
  2. In the console tree, click YourComputerName(local computer).
  3. In the console tree, double-click Sites, and then click YourWebSiteName.
  4. In the center pane, double-click Authentication, highlight AD FS Windows Token-Based Agent, and then in the Actions pane click Edit.
  5. In the AD FS Windows Token-Based Agent dialog box, confirm that the Enable AD FS Web Agent check box is selected.
  6. Make sure that the following values are valid, and then click OK.
    • Cookie path
    • Cookie domain
    • Return URL

Related Management Information

Windows NT Token-Based Application - Miscellaneous

Active Directory Federation Services

Community Additions

ADD
Show: