Windows NT Token-Based Application Auditing
Applies To: Windows Server 2008
Audit events are written to the audit log during the auditing process. The Windows token-based agent records Success and Failure audits, such as the state of the AD FS Web Agent Authentication Service.
Events
| Event ID | Source | Message |
|---|---|---|
Microsoft-Windows-ADFS |
The AD FS Web Agent Authentication Service could not start. The authentication service has not been configured to run as a principal that has been granted the "Generate Security Audits" privilege (SeAuditPrivilege). Users will not be able to access protected resources until the authentication service can be restarted. User Action Either grant the AD FS authentication service principal the "Generate Security Audits" privilege or configure the authentication service to run as a principal that has already been granted the "Generate Security Audits" privilege. (For example, configure the authentication service to run as LocalSystem.) |
|
Microsoft-Windows-ADFS |
The AD FS Web Agent Authentication Service was not able to start. A failure was encountered when registering as an event source. Users will not be able to access protected resources until the authentication service can be restarted. Additional Data The data field contains a Win32 error code. |
|
Microsoft-Windows-ADFS |
%1 Key identifier: %2 Error code: %3 Token ID: %4 Identity: %5 Issuer: %6 Audience: %7 Effective time: %8 %9 Expiration time: %10 %11 Claim source: %12 Authentication methods: Method%t%tTime %13 UPN: %14 E-mail: %15 Common name: %16 |