Event ID 691 — Federation Service Communication

Applies To: Windows Server 2008 R2

Federation Service communication is communication between federation servers and Web servers that host the claims-aware agent. The Web server should be updated from the Federation Service. Federation Service communication fails when the Active Directory Federation Services (AD FS) Web Agent cannot be updated.

Event Details

Product: Windows Operating System
ID: 691
Source: Microsoft-Windows-ADFS
Version: 6.1
Symbolic Name: GettingFsTrustInfoSoapException
Message: The AD FS Web Agent was unable to update trust information from the Federation Service. The Federation Service returned an error.
Federation Service URL: %1

User Action
Ensure that the Federation service is properly configured and started.

Additional Data
SoapException error message:
%2

Resolve

Start the Federation Service and configure it properly

Check whether federation servers in the resource partner organization are running and whether general settings in the trust policy have been configured.

To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.

To check whether the trust policy settings are configured:

  1. On a resource federation server, click Start, point to Administrative Tools, and then click Active Directory Federation Services.
  2. In the console tree, right-click Federation Service, click Properties, check whether a valid trust policy file location is specified in Trust policy file, and then click OK.
  3. In the console tree, double-click Federation Service, right-click Trust Policy, and then click Properties.
  4. Check whether correct values are provided in Federation Service URI and Federation Service endpoint URL, and then click OK.

Verify

To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.

To verify that the AD FS-enabled Web server can access the Federation Service URL specified in the web.config file:

  1. On the AD FS-enabled Web server that is hosting the claims-aware agent, locate the web.config file for your claims-aware application, and then open it with Notepad. This file should be located in \inetpub\wwwroot\virtualdirectory, where your claims-aware application files are stored.
  2. Check that the value between the fs tags is a valid Federation Service URL. To do this:
    1. On the AD FS-enabled Web server, copy the value between the fs tags in the web.config file, paste it into the address bar of a Web browser, and then hit ENTER. For example, a valid Federation Service URL format would be https://fs1.treyresearch.net/adfs/fs/federationserverservice.asmx.
    2. If a Web page with the title FederationServerService is displayed, then you have successfully verified that the Web server can communicate with a resource federation server and that the Federation Service URL is valid.

Federation Service Communication

Active Directory Federation Services