Event ID 615 — Claims-Aware Application Malformed Requests
Applies To: Windows Server 2008
Web Agent for Claims-Aware Applications Malformed Requests logs token requests, session cookies, and sign-in requests that are associated with the claims-aware agent. Malformed Requests also provides information about protocol requests that are made to the AD FS Web Agent and client cookies, and it records any sign-on issues.
Event Details
Product: | Windows Operating System |
ID: | 615 |
Source: | Microsoft-Windows-ADFS |
Version: | 6.0 |
Symbolic Name: | NoWctxParameter |
Message: | A malformed protocol request was received by the AD FS Web Agent. The context parameter from the request was not returned in the response. This request will be failed. User Action If you are using non-Microsoft federation software in your environment, verify that it is compatible with Active Directory Federation Services (AD FS). |
Resolve
Check the cookie domain or path and return URL
This error can occur when:
- The cookie domain configuration is not set correctly in the application configuration.
- The "Path" component of the Uniform Resouce Locator (URL) that was entered in the Web browser does not start with the cookie path that is specified in the Internet Information Services (IIS) snap-in (for Windows NT token-based applications) or in the web.config file (for claims-aware applications). Note that this is a case-sensitive comparison.
To correct this error, do one of the following:
- Make sure that the server name portion of the URL that is typed in the Web browser matches the server name in the return URL that is specified for the Web application.
- If you have a Web farm setup, you may have to configure the "cookie domain" to account for the fact that AD FS authentication may have occurred on one computer in the farm, and the cookies may have to be sent to another server in the farm. If a cookie domain is set for this Web application, make sure that the server name portion of the original URL that is typed into the Web browser ends with this cookie domain. For example, if a cookie domain is named treyresearch.net, the URL that is typed in the Web browser must contain this value, for example, https://sales.treyresearch.net/myapp.
- Make sure that the cookie path that is configured in the Web application is configured correctly. For example, if the accessed application is https://example.com/subdir/gradsubdir.html, the cookie path should be either / or /subdir. This is case sensitive.
Verify
Verify that you can access the Active Directory Federation Services (AD FS)-enabled application from a client browser and that the resource can be accessed with the appropriate authorization.
If a failure occurs, verify that the web.config file is configured with correct URL values and that all configuration parameters contain valid values.
To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.
To verify that the web.config file is configured with the correct Return URL value:
- On a resource federation server, click Start, point to Administrative Tools, and then click Active Directory Federation Services.
- Double-click Federation Service, double-click Trust Policy, double-click My Organization, click Applications, right-click the application in the list that represents this claims-aware application, and then click Properties.
- Verify that the https value specified in Application URL—for example, https://www.treyresearch.net/ApplicationName/— is identical to the value specified between the returnurl tags within the web.config file.