Event ID 704 — Trust Policy and Configuration
Applies To: Windows Server 2008
The Active Directory Federation Services (AD FS) trust policy file defines the set of parameters that a Federation Service requires to identify partners, certificates, account stores, claims, and the various properties of these entities that are associated with the Federation Service.
Event Details
Product: | Windows Operating System |
ID: | 704 |
Source: | Microsoft-Windows-ADFS |
Version: | 6.0 |
Symbolic Name: | SigningMethodUntrustedCert |
Message: | The Federation Service has detected a discrepancy between its signing and verification methods. If this condition is caused by a change in trust policy, the Federation Service will continue to use the old trust policy until the condition is resolved. If this condition occurs at startup, the Federation Service will not be able to service requests until the condition is resolved. Signing certificate thumbprint: %1 Neither the signing certificate nor any certificate in its chain was found in the verification certificates collection. User Action Add the signing certificate or a certification authority from its chain to the collection of verification certificates. |
Resolve
Add the token-signing certificate chain to the collection of verification certificates
Add the token-signing certificate chain to the collection of verification certificates.
To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.
To add a token-signing certificate to the verification list of an account partner:
- Click Start, point to Administrative Tools, and then click Active Directory Federation Services.
- Double-click Federation Service, double-click Trust Policy, double-click Partner Organizations, double-click Account Partners, right-click the account partner, and then click Properties.
- Click the Verification Certificates tab, and then click Add.
- In the Browse for Verification Certificate file dialog box, locate the certificate chain file (.p7b) that you want to add.
- Select the certificate file, and then click Open.
- In the Trust Policy Properties dialog box, click OK.
Verify
Verify that you can access the Active Directory Federation Services (AD FS)-enabled application from a client browser and that the resource can be accessed.