Share via


Event ID 2008 — AD FS Claim Transform Module

Applies To: Windows Server 2008

You can use a claim transform module when existing claim rules are not sufficient to generate claims that meet user requirements. You configure a claim transform module in the custom module settings in the trust policy.

Event Details

Product: Windows Operating System
ID: 2008
Source: Microsoft-Windows-ADFS
Version: 6.0
Symbolic Name: Remote_External_Code_Execution_Error
Message: An error occurred during calling of the custom transform module, which is an extensibility point for third-party code. The error may have occurred in the Microsoft .NET Remoting infrastructure or in the third-party code.
Assembly path: %1

User Action
Review the custom module settings in the trust policy file and the client and server remote configuration settings, and ensure that appropriate listeners are operating correctly. In addition, consider reviewing the code in the custom transform module for possible defects.

Additional Data
Exception information:
%2

Resolve

Review custom module settings and code

Review the custom module settings in the trust policy (trustpolicy.xml) file and the client and server remote configuration settings, ensure that the location of dynamic-link library (DLL) file is correct, and ensure that the appropriate listeners are operating correctly. In addition, consider reviewing the code in the claim transform module constructor for possible defects.

For more information about checking that the custom claim module settings have been programmed correctly, see Custom Claims Transformation Modules (https://go.microsoft.com/fwlink/?LinkId=110571).

To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.

To review the transform module settings in the trust policy:

  1. On the federation server, click Start, point to Administrative Tools, and then click Active Directory Federation Services.
  2. In the console tree, under Federation Service, right-click Trust Policy, and then click Properties.
  3. Click the Transform Module tab, and then review the settings.

Verify

You use Active Directory Federation Services (AD FS) claim transform modules to modify claim names and values as they pass through the federation server. If you experience problems running a claim transform module, verify that the settings in the trust policy are configured appropriately.

To perform these procedures, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.

To verify trust policy settings for a claim transform module:

  1. On the federation server whose transform module you want to change, click Start, point to Administrative Tools, and then click Active Directory Federation Services.
  2. Double-click Federation Service, right-click Trust Policy, and then click Properties.
  3. In the Trust Policy Properties dialog box, click the right arrow to scroll to the Transform Module tab, and then click the Transform Module tab.
  4. In DLL file, verify that the path to the dynamic-link library (DLL) file is correct.
  5. In Class name, verify that the namespace-qualified class name that the transform module will use is correct.

Also, in your AD FS scenario, click the Uniform Resource Locator (URL) of the configured Web server from the client computer, and the use the following procedure to check certain particular events.

To verify event details for a claim transform module:

  1. On the account federation server, click Start, point to Administrative Tools, and then click Event Viewer.

  2. Click Security, and in the details pane of the Success Audit events, locate Event ID 10550.

    This event provides the details of the claims that have been sent by the account partner. Look for claims that are supposed to be modified by the custom claim transform module. If the modified claims are listed in the event, the claim transform module should work properly.

AD FS Claim Transform Module

Active Directory Federation Services