Troubleshooting artifact service problems with AD FS 2.0
Updated: May 5, 2010
Applies To: Active Directory Federation Services (AD FS) 2.0
The following table provides troubleshooting guidance for the specific error event messages or other issues that you may encounter if you are having problems with working with the artifact resolution service in Active Directory Federation Services (AD FS) 2.0.
Before you begin the troubleshooting process, we recommend that you first try to configure AD FS 2.0 for troubleshooting and check for known common issues that might prevent normal functioning for the Federation Service. For detailed instructions for configuring and performing related system checks, see Configuring Computers for Troubleshooting AD FS 2.0 and Things to Check Before Troubleshooting AD FS 2.0.
Event or symptom | Possible cause | Resolution |
---|---|---|
Event ID 250 |
This event can indicate that there is either a problem with the artifact storage service itself, or it is an expired artifact. Some of the possible causes for this event include the following:
For more specific information about the cause of this event, see the additional data that is provided in the event. |
Review the additional data provided in this event to determine the exact cause, and to decide on appropriate resolution steps. Some of the possible resolutions for this event include the following:
|
Event ID 291 |
One possible cause for this event is that the artifact service cannot connect to the artifact database. For more specific information about the cause of this event, see the additional data that is provided in the event. |
Ensure that the artifact connection to the artifact storage server is configured correctly. You can review the ArtifactDbConnection property by executing the Get-ADFSProperties cmdlet. If necessary, you can modify it by using the ArtifactDbConnection parameter with the Set-ADFSProperties cmdlet. Additional events that are related to problems with the artifact database might also occur together with this event. For more information, see Troubleshooting artifact database errors with AD FS 2.0. |
Event ID 292 |
The signing certificate for the relying party trust is not up to date, or the signature algorithm is not matching what is expected. |
Ensure that the relying party signing certificate is configured correctly for the relying party trust by using the AD FS 2.0 snap-in. Also, verify that the signature algorithm matches what is expected here. You can view or change the setting on the Advanced tab of the relying party trust properties. |
Event ID 293 |
The artifact resolution service is not turned on, or the artifact service cannot connect to the artifact database. |
Use the AD FS 2.0 snap-in to configure or turn on the SAML artifact resolution endpoint. Also, ensure that the artifact connection to the artifact storage server is configured correctly. You can review the ArtifactDbConnection property by executing the Get-ADFSProperties cmdlet. If necessary, you can modify it by using the ArtifactDbConnection parameter with the Set-ADFSProperties cmdlet. |
Event ID 294 |
The issuer that is specified in the SAML artifact resolution request is not configured at the relying party. This could be because an identifier is missing from the list of identifiers for the relying party trust. |
Ensure that the relying party is configured correctly by using the AD FS 2.0 snap-in. Review the additional details in the event to determine whether the issuer is an identifier that must be specified in the relying party trust properties. If it is missing, add it to the list. |