locked
ADFS 2.0 Windows Service will not start on Server 2008 SP2

    Question

  • Hello,

    I'm attempting to follow the "AD FS 2.0 Federation with a windows identity foundation application step-by-step guide" ( https://connect.microsoft.com/site642/Downloads/DownloadDetails.aspx?DownloadID=25361 ) to determine if AD FS is a feasable solution for an enterprise system I will be developing.  I successfully run adfssetup.exe, and it appears to complete without error.... however, after restarting, the ADFS 2.0 Windows Service fails to start.  Attempts to start this service manually fail as well. 

    The error message given when the service fails to start manually is,

    "Error 1053: The service did not respond to the start or control request in a timely fashion."

    Two error events are logged to the System event log, both basically saying the same thing (30000 ms timeout reached, and one that simply repeats the error above). No other event log messages are generated that I can find.  Furthermore, I can't seem to locate any log files that may indicate why the service is failing.

    I did some google searching, and found a bug report that seems to mirror this condition (lost the link... sorry :( ), but it was closed with a status of 'unable to reproduce'. I'm trying to set this up on Windows Server 2008 (x64) with Service Pack 2 installed.  In addition to the base OS, I installed .Net 3.5 SP1, and Visual Studio 2008 (as required by the instructions).  The most recent time I've tried to get this working, the IIS role was enabled prior to running the adfs installer, but not the AD FS role.  Enabling the ADFS server role does not appear to have an effect - I attempted to run ADFSSetup in both conditions. 

    I have also tried starting over with a clean 2008 install and building the machine up from scratch, in case I missed a step in the walk through somehow, but at this point it doesn't appear to be working. I would greatly appreciate any advice on how to successfully install AD FS on Server 2008 enterprise, or any pointers on how to enable additional logging so that I can determine why the AD FS web service is failing to start.  Without this service, the AD FS 2.0 Setup Wizard will not complete.

    Has anyone successfully run ADFSsetup.exe on Server 2008?

    I guess the better question is, what is the difference between the adfs server role that can be enabled on 2008 server, and the windows service that is installed by adfssetup?

    This question was posted to the Active Directory discussion group, but received no response.  My apologies for the cross-post, but I've had pretty good success here in the past.

    Thanks in advance for any help you can provide!
    Wednesday, February 03, 2010 4:53 PM

Answers

  • Thanks all for the information and feedback.  We do test heavily on Windows 2008; as well, our internal MS deployments have used Windows 2008.  All the same, I'm sorry to hear the trouble that is being reported.

    We have seen, from time to time, the service not being able to start up. An engineer on our team found the behavior described in the following blog post:

    http://blogs.msdn.com/amolravande/archive/2008/07/20/startup-performance-disable-the-generatepublisherevidence-property.aspx

    to be a cause.

    "Background : When assemblies are authenticode signed, the signed assemblies need to be verified by the certificate authority. When CA certificate is not present on the same machine the assemblies require network or internet access. If the signed assemblies are installed on machine where CA certificate is not on the same machine and does not have network/internet access the .NET thread might timeout waiting to connect. Below is one case study I have presented. There are other ways to avoid this performance issue including performing strong name signing of assemblies, placing the CA certificate on the same machine"


    Could this be the problem some folks are hitting?   There are some (config-based) solutions suggested in the blog post.

    Best,
    Colin.
    Colin
    • Marked as answer by mimatas Tuesday, October 07, 2014 7:05 PM
    Wednesday, March 17, 2010 11:07 PM

All replies

  • Did you run the configuration wizard (FsConfigWizard.exe) after adfssetup.exe?
    Wednesday, February 03, 2010 7:37 PM
  • I did.  The configuration wizard goes through the process of stopping the adfs 2.0 web service, doing some fun stuff, then restarting the service.  Unfortunately, the service does not restart when it reaches that point in the automated process, and the config wizard aborts at that point.

    I'm sorry if I wasn't clear in my previous post - the adfs 2.0 "setup wizard" I mentioned is actually the adfs configuration wizard.  My apologies for using the incorrect name. :)
    Wednesday, February 03, 2010 9:40 PM
  • Can you open eventvwr, and look into the "Applications and Services Logs", and locate the node for AD FS 2.0\Admin, and see if you have any events there?
    Thursday, February 04, 2010 6:13 AM
  • Hello!

    Applications and Service logs -> AD FS 2.0 Event Log -> Admin has no entries at all... no information, no warnings, no events.... unless there is some kind of filtering present that isn't obvious (I would expect to see some kind of status message when the service attempts to start at the very least... but the log is literally empty).

    Is there a way to turn on trace logging on the AD FS 2.0 Weindows Service?  I would expect to see some kind of error events in the event log, but since there's nothing there (other than the messages I've mentioned already), I'm wondering if maybe the service is just taking too long to start, possibly because it is waiting for some resource, and reaching the 30 second timeout limit.

    If the service is just taking too long to start, would the Service Control Manager terminate the process after 30 seconds, or does it just log the timeout errors, but allow the process to continue?  I can see justification for implementing in either situation.

    Is there possibly a way to increase the Service Control Manager's timeout?  Granted, the AD FS Windows Service may be hung (and 30 seconds is plenty of time if the OnStart or equivalent method was implemented properly and returns immediately)... but at this point I'm looking for anything!

    Thanks!
    Thursday, February 04, 2010 4:56 PM
  • Hi,

    In Event Viewer

    Go to Applications and Services Logs -> AD FS 2.0
    Right click and select View-> Show analytic and debug Logs
    You will see a new node for AD FS 2.0 Tracing.
    Navigate to AD FS 2.0 Tracing->Debug, right click, Enable Log.
    Try to start the service
    Refresh the AD FS 2.0 Tracing->Debug node in event viewer to see the trace logs.

    Thursday, February 04, 2010 7:32 PM
  • Thank you for the quick reply Sriram. :)

    I followed the steps you described to enable trace logging.  I then attempted to start the service, and when it errored, I refreshed the AD FS 2.0 Tracing -> Debug log.  There were no events.  The log file size is 64k, and upon attempting to start the service, the log file size does not change, which leads me to believe that new trace events are not being logged (as opposed to them being hidden by a filter that I'm not aware of).

    This would seem to imply that the service isn't even attempting to start.  I did confirm that the file C:\Program Files\Active Directory Federation Services 2.0\Microsoft.IdentityServer.ServiceHost.exe is present on the system (the file specified in the services snap-in). 

    As an aside, while looking at the event viewer, I noticed the following message in the Application event log.  It appears to be an error with the ADFS Web Agent, installed when I enabled the AD FS server role. 


    The AD FS Web Agent was unable to update trust information from the Federation Service. A Hypertext Transfer Protocol (HTTP) or networking error has occurred.
    Federation Service URL: https://<server name>/adfs/fs/federationserverservice.asmx
    WebExceptionStatus value: ProtocolError
    WebException message: The request failed with HTTP status 503: Service Unavailable.

    If this failure occurs during startup, no users will be authenticated until the Federation Service can be contacted. If the Federation Service cannot be contacted, the Web agent will continue to be authenticated users with the existing trust information, and it will attempt this operation again at a later time.

    User Action
    Verify that the Federation Service Uniform Resource Locator (URL) is properly configured, the Federation Service is started, and the Federation Service can be contacted from this computer.

    I'm wondering if there could be a configuration issue related to IIS?  I followed the directions in the walk-through, and have a valid certificate bound to https.  I can uninstall the AD FS server role if there's a chance it could cause a problem, though I tried this before and still was unable to get the AD FS 2.0 windows service to start.

    Any ideas?

    Thanks again for the help!


    Thursday, February 04, 2010 10:01 PM
  • Can you try starting the service using "net start adfssrv" from an administrator command prompt? After it fails, try querying the service using "sc query adfssrv" for a couple of minutes. Does it go to the "RUNNING" state at any point?

    Friday, February 05, 2010 2:51 AM
  • I'm the one that reported the bug that you mentioned. I can reproduce this on three different ADFS2 installs. Every time I restart it fails with the timeout. I can then start the service successfully. Just likes to fail every other time. :)
    Friday, February 05, 2010 12:45 PM
  • Hello Sriram,

    I followed your instructions.  After running net start adfssrv from an admin command prompt, I switched to the service window and started clicking refresh.  The service state went to Starting... then failed.  After that, I periodically ran sc query adfssrv.  At no point did the service ever reach the 'running' state after it had failed. 

    Microsoft Windows [Version 6.0.6002]
    Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

    C:\Windows\system32>net start adfssrv
    The service is not responding to the control function.

    More help is available by typing NET HELPMSG 2186.


    C:\Windows\system32>sc query adfssrv

    SERVICE_NAME: adfssrv
            TYPE               : 10  WIN32_OWN_PROCESS
            STATE              : 1  STOPPED
            WIN32_EXIT_CODE    : 0  (0x0)
            SERVICE_EXIT_CODE  : 0  (0x0)
            CHECKPOINT         : 0x0
            WAIT_HINT          : 0x0

    Chadrw seems to be having more success than I am - I can't get the service to start successfully ever.

    Is there anything else that I should be doing?  IIS configurations maybe?  At this point, I'm 100% out of ideas.

    Thanks!
    Monday, February 08, 2010 3:07 PM
  • To reduce the variables here, can you uninstall the AD FS roles (v1) from server manager?

    Is there anything you can tell us that can help us repro this problem internally? (We dont have a repro of this at all)

    OS version
    SKU
    RAM size
    Is this a virtual machine?

    Looks like the service exe is failing to load in the first place. Can you check if you have .net framework 3.5 SP1 and WIF installed on your machine? (AD FS should have done this for you, but it is good to double check).

    Monday, February 08, 2010 6:57 PM
  • Hey Sriram,

    I removed the AD FS roles.  I understand how it must be frustrating to be unable to repro a problem.  I did install WIF and .net 3.5, in accordance with the guide referenced in my original message.

    If you'd like, I can roll back to a bare 2008 install and start over using whatever instructions you prefer.  I managed to commandeer a physical machine in an attempt to try the same install in a non-virtual environment, to see if that may help things.

    In the meantime, here's a full spec of my system:

    It's a VMware Virtual Machine, running on ESX server (3.5 I believe).

    Windows 2008 Enterprise, SP 2
    Intel Xeon E5540 processor, 2.53Ghz
    4GB RAM
    64-bit
    The VM has a 40 gig hard drive allocated, with 5.83gigs free.

    The OS has not been activated yet - the machine is on a physically disconnected network, and dialing in is a hassle, especially when I only plan to use this for a few days.

    The system has Visual Studio 2008 installed... I can give you a list of components that are installed as part of that if you need them, but it's a default install of 2008 professional.  This includes SQL Server 2005.

    In addition, the system is running:

    VMWare tools 3.1.2.10559
    MagicDisc 2.7.106 (to install Visual Studio from an iso)
    .Net Framework 3.5 SP1

    The following features are enabled:
    .Net Framework 3.0
    - .Net Framework 3.0
    - XPS Viewer

    Remote Server Administration Tools
    - Role Administration Tools
    - - Web Server (IIS) Tools

    Windows Internal Database
    Windows PowerShell
    Windows Process Activation Service
    - Process Model
    - .NET Environment
    - Configuration APIs

    The following service packs are installed...

    Microsoft .NET Framework 3.5 SP1:
    Hotfix for Microsoft .Net Framework 3.5 SPI (KB953595)

    Microsoft Windows:
    Active Directory Federation Service 2.0 (KB974408)
    Hotfix for Microsoft Windows (KB975955)
    Windows Identity Foundation (KB974405)
    Hotfix for Microsoft Windows (KB973975)
    Hotfix for Microsoft Windows (KB973606)
    Update for Microsoft Windows (KB955430)
    Service Pack for Microsoft Windows (KB948465)

    The VM is a member of a domain, has a static IP address, has a certificate that was issued by our local development CA (which happens to be the domain controller).  IIS has https bound to this certificate.

    I'm not sure how I could find the specific SKU # for this machine - the OS was installed from a MSDN-licensed CD by my IT dept.  If it's stored somewhere in the OS, I'll happily provide it to you. :)

    Thanks!

    Monday, February 08, 2010 8:33 PM
  • If it helps, I just finished installing on a physical machine, to eliminate virtualization as a factor.  I personally installed Server 2008 Enterprise from the MSDN ISO containing 2008, 2008 Enterprise, and 2008 Datacenter (en_windows_server_2008_datacenter_enterprise_standard_sp2_x64_dvd_342336.iso, still couldn't find a SKU#).

    From there, I followed the directions in
    https://connect.microsoft.com/site642/Downloads/DownloadDetails.aspx?DownloadID=25361 , though I did not pre-install Visual Studio 2008.  I still received the same problem - attempting to run the configuration wizard after installing ADFS fails because the AD FS 2.0 Web Service fails to start.
    Tuesday, February 09, 2010 5:13 PM
  • Thanks for all the information. We are going to try an internal repro, and will get back to this thread when we have an update.
    Tuesday, February 09, 2010 6:10 PM
  • Thank you Sriram.

    If you are unable to repro, perhaps you could tell me what you are doing (which versions of the OS, order of installation and location of install file downloads, any settings you change manually, etc).  It stands to reason that if you follow certain steps and can't repro, then when I follow those steps, the problem should go away. :)

    One other thing I should note that may be of importance (though, in theory, it shouldn't) - I'm using the MSDN release of the .net 3.5 SP1 installer (en_.net_framework_3.5_service_pack_1_x86_x64_ia64.exe).  Since my systems are not connected to the Internet, I needed to get the full redistributable package.  The link in the walk-through points to an online installer.


    Tuesday, February 09, 2010 6:57 PM
  • Have you had any luck reproducing the problem?

    I'm eagerly awaiting your findings.

    Thanks!
    Thursday, February 11, 2010 4:21 PM
  • Our test team tried to repro this, but couldnt. 

    The most probable cause is that the exe failed to load on your machine. I dont have any ideas why. I can suggest a few things like

    loading the servicehost.exe into .net reflector and looking for errors that indicate assembly dependency issues
    Trying to turn off strong name verification by setting the following regkeys to ensure this is not a signature verification issue.

    "%systemroot%\system32\reg.exe" delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\StrongName\Verification /f

    "%systemroot%\system32\reg.exe" add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\StrongName\Verification\*,* /f

     

     

    But honestly these are are shots in the dark. I will need access to the machine that repros this problem to be able to debug it.
    Thursday, February 11, 2010 5:53 PM
  • I'm sorry to hear that Sriram.

    Would it be possible for you to post the steps that you followed to attempt to reproduce this, including links to the specific, stand-alone installers you used for Service Pack 2, .Net 3.5 SP1, ADFS 2.0, and the WIF SDK?  Also, the specific steps you followed when enabling the IIS role would be useful.  I can consistently (unfortunately) duplicate the problem - so far, I've had issue on 4 separate attempts, 2 physical, 2 virtual.  If you've failed to reproduce the problem after two days of trying, it stands to reason that I'm doing something wrong while trying to set up the system.  If I have your detailed set of steps, I may be able to reproduce your success.

    Thank you!
    Friday, February 12, 2010 12:40 AM
  • Here is what we do in our testing:

    1. Install clean Windows 2008.
    2. Install Windows 2008 SP2 (if not already @ SP2)
    3. Use windows update to install all critical updates
    4. Install .net framework 3.5 SP2 from http://go.microsoft.com/fwlink/?LinkId=183338
    5. Install ADFS using the download URL http://www.microsoft.com/downloads/details.aspx?familyid=118c3588-9070-426a-b655-6cec0a92c10b&displaylang=en&Hash=cQVMVG03un1jwZAEt8m4NkQ0snL9%2bVeL40XiX7XB%2brD%2b98allb4y1eq1FIycxWvffGgaizdHK3uK1xjjIqysWA%3d%3d (Make sure you get the one from 2008\ for your processor architecture)
    6. Start the ADFS administration snapin at the end of the install
    7. Configure your SSL certificate for IIS.
    8. Use the Configuration wizard to do a standalone deployment (Chose "Create a new Federation Service", and in the next page "Stand-alone federation server")
    9. Complete the configuration wizard

    Result: Everything works.

    Can you confirm the exact steps above fail for you?
    Friday, February 12, 2010 7:56 PM
  • Hello Sriram,

    Perhaps if you followed all of those steps except for step 3, you may reproduce the problem.  As I mentioned before, my systems are not Internet-connected.  Since I have no connection to the Internet, I can not run Windows Update - this is why I needed to use the redistributable installers for all of the products I installed.  If Windows Update provides updates that are required in order to get this working, I need to know specifically which patches they are so that I can download them manually and install them.  This is necessary both because our security restrictions prevent us from having internet-accessible prototype machines, but also because we will eventually need to provide to our customer a complete, detailed list of everything installed on the system, so that their security departments can approve it.  Furthermore, the destination system that this will be used on will not have Internet access.

    I know you've already spent a lot of time on this issue, but I would greatly appreciate if you would do this last thing for me... or alternatively, if you could provide me a list of the microsoft updates that were applied when you ran Windows Update, so that I can download and install them manually. :)

    Thank you again for being so helpful.
    Monday, February 15, 2010 4:44 PM
  • Hello All,

    Even we are facing the same issue.. for you to reproduce this let me give you the environment in which i have installed ADFS V 2.0

    OS: Windows Server 2008 with SP2 Enterprise Edition
    Tools installed - Latest azure development toolkit (as of today), Windows identity foundation SDK and framework, VSTS 2008 with SP1

    We had WSS 3.0 installed before but had to un-install it due to a warning when we initially tried to install ADFS (as you call it as V 1.0) by adding server roles. But since the steps given in the guide were different we figured out that its not ADFS v 2.0 and hence we did not install it and left the installation.

    We downloaded the ADFS 2.0 setup - got it installed no issues - but while configuring gave the same problem. Fails to start the service. Even i tried everything that is mentioned here but no luck.

    Any clues guys ?

    Regards
    Badal
    bkk
    Tuesday, February 16, 2010 11:38 AM
  • Hi Sriram, The link above for .NET 3.5 SP2 (which i think is misspelled) points to SP1. I guess there is no SP2 for .NET 3.5 famework as yet.

    Please correct me if i am wrong.

    Regards
    Badal
    bkk
    Tuesday, February 16, 2010 12:07 PM
  • Ok guys..

    Here is the thing...

    When i looked at the Microsoft.IdentityServer.Servicehost.exe.config at the service executable location (C:\Program Files\Active Directory Federation Services 2.0), i noticed it is using named pipe connection to create some database on Local SQL Express edition.

    I went to SQL Server configuration Manager and enabled named pipe for "Protocols for SQLEXPRESS" and "Protocols for Microsoft##SSEE" under SQL Server Network configuratino..

    But still service did not start.. but i could now see the logs getting generated in the debug location (Refer Sriram's Thursday, February 04, 2010 7:32 PM post above) and this is what the log says...

    after Verbose information below

    Entered DeployCardIssuanceSite( )

    Error:

    ServiceControllerStatus.Start gave exception. Cannot start service adfssrv on computer '.'.

    And in the application event log this is the error:

    An error occurred in the service broker manager, Error: 3602, State: 145. Source: MSSQL$MICROSOFT##SSEE

    I was wondering what is MICROSOFT##SSEE and figured out that its windows internal database. But not sure how and where this name is formed MSSQL$MICROSOFT##SSEE

    And the configuration in above file (Microsoft.IdentityServer.Servicehost.exe.config) says

      <microsoft.identityServer.service>
        <policyStore connectionString="Data Source=\\.\pipe\mssql$microsoft##ssee\sql\query;Initial Catalog=AdfsConfiguration;Integrated Security=True"
          administrationUrl="net.tcp://localhost:1500/policy" />
        <trustMonitoring enabled="true" />
      </microsoft.identityServer.service>
    


    As you notice its expecting integrated security.. but the service itself is running under NT Authority/Network service so not sure if it will work at all.

    Then i tried to find out how to connect to this internal database. Which as per different forums you can do by typing the named pipe url in the server drop down (in my case it is the same as given above in the connection string)
    http://social.msdn.microsoft.com/Forums/en-US/sqldatabaseengine/thread/1af64e91-9fc1-4646-a5c8-98c0ec432ffc

    But it says login failed for my domain account. That means i cant connect it using integrated authentication.. so how the service is supposed to start ?

    I am not sure if I am on the right track.. but can someone help me understand how this thing is supposed to work.

    Regards
    Badal

    bkk
    Tuesday, February 16, 2010 1:43 PM
  • Run SQL SErver 2008 management studio as administrator and now i am able to open the windows internal database just by entering the named pipe url.

    I tried running the ADFS configuration wizard as administrator but still service did not start ! :(

    What could be wrong here?

    Regards
    Badal


    bkk
    Tuesday, February 16, 2010 1:57 PM
  • Correct, it should be .NET 3.5 SP1. That was a typo.

    Tuesday, February 16, 2010 6:08 PM
  • The service runs as network service, and the database that was created in the WID would have permissions for network service to connect to the database. (we create the database that way).

    Can both of you answer questions below, so we can narrow down the repro steps?

    Is your machine domain joined?
    Is your machine a domain controller?
    Is your machine connected to your local network?
    What point in the repro steps was the machine connected to your local network?
    Was WID already installed on your machines, or was it installed by the Federation Service Configuration Wizard? 
    What is the "Log On as" value for the WID service (using services.msc)?
    Can you also give me an output of "netsh http show urlacl" from your command prompt (as administrator)?


    Thanks!

    Tuesday, February 16, 2010 6:25 PM
  • Is your machine domain joined? Yes.  Renaming the machine and joining the domain happened immediately after installing Server 2008 Enterprise.

    Is your machine a domain controller? No.  I have another machine that acts as a domain controller, DNS server, and certificate authority.

    Is your machine connected to your local network? Yes, but this network is not routable to the Internet.  The IP and DNS server addresses are manually, statically assigned, and there is no gateway address.

    What point in the repro steps was the machine connected to your local network? The machine was always connected to my local network.

    Was WID already installed on your machines, or was it installed by the Federation Service Configuration Wizard?  The configuration wizard installed it; it was not installed ahead of time. (I'm not sure I would know how to install it ahead of time).

    What is the "Log On as" value for the WID service (using services.msc)?  Currently, its set to Network Service.  I've also tried setting it to a domain user's account, as well as NTAuthority/System (the localsystem radio button).
     
    Can you also give me an output of "netsh http show urlacl" from your command prompt (as administrator)?


    Here's the output.  Note that I've done some things to try to troubleshoot this (such as adding ASPNet to the admin group and other generally terrible things, so this may not be the default configuration.  If you'd like, I can revert the machine to a base 2008 enterprise install and start over to give you a clean reading.  Let me know.)

    C:\Windows\system32>netsh http show urlacl

    URL Reservations:
    -----------------

        Reserved URL            : http://*:2869/
            User: NT AUTHORITY\LOCAL SERVICE
                Listen: Yes
                Delegate: No
                SDDL: D:(A;;GX;;;LS)

        Reserved URL            : http://+:8731/Design_Time_Addresses/
            User: NT AUTHORITY\INTERACTIVE
                Listen: Yes
                Delegate: No
                SDDL: D:(A;;GX;;;IU)

        Reserved URL            : https://+:2178/BITS-peer-caching/
            User: NT SERVICE\BITS
                Listen: Yes
                Delegate: No
                SDDL: D:(A;;GX;;;S-1-5-80-864916184-135290571-3087830041-1716922880-4237303741)

        Reserved URL            : http://*:5357/
            User: BUILTIN\Users
                Listen: Yes
                Delegate: No
            User: NT AUTHORITY\LOCAL SERVICE
                Listen: Yes
                Delegate: No
                SDDL: D:(A;;GX;;;BU)(A;;GX;;;LS)

        Reserved URL            : https://*:5358/
            User: BUILTIN\Users
                Listen: Yes
                Delegate: No
            User: NT AUTHORITY\LOCAL SERVICE
                Listen: Yes
                Delegate: No
                SDDL: D:(A;;GX;;;BU)(A;;GX;;;LS)

        Reserved URL            : http://+:80/wsman/
            User: NT AUTHORITY\NETWORK SERVICE
                Listen: Yes
                Delegate: Yes
                SDDL: D:(A;;GA;;;NS)

        Reserved URL            : http://+:80/Temporary_Listen_Addresses/
            User: \Everyone
                Listen: Yes
                Delegate: No
                SDDL: D:(A;;GX;;;WD)

        Reserved URL            : https://+:443/sra_{BA195980-CD49-458b-9E23-C84EE0A DCD75}/
            User: NT SERVICE\SstpSvc
                Listen: Yes
                Delegate: Yes
            User: BUILTIN\Administrators
                Listen: No
                Delegate: No
            User: NT AUTHORITY\SYSTEM
                Listen: Yes
                Delegate: Yes
                SDDL: D:(A;;GA;;;S-1-5-80-3435701886-799518250-3791383489-3228296122-2938884314)(A;;GR;;;BA)(A;;GA;;;SY)

        Reserved URL            : https://*:8172/
            User: NT SERVICE\WMSvc
                Listen: Yes
                Delegate: No
                SDDL: D:(A;;GX;;;S-1-5-80-257763619-1023834443-750927789-3464696139-1457670516)

        Reserved URL            : http://+:80/adfs/services/
            User: NT SERVICE\adfssrv
                Listen: Yes
                Delegate: Yes
                SDDL: D:(A;;GA;;;S-1-5-80-2246541699-21809830-3603976364-117610243-975697593)

        Reserved URL            : https://+:443/adfs/services/
            User: NT SERVICE\adfssrv
                Listen: Yes
                Delegate: Yes
                SDDL: D:(A;;GA;;;S-1-5-80-2246541699-21809830-3603976364-117610243-975697593)

        Reserved URL            : https://+:443/FederationMetadata/2007-06/
            User: NT SERVICE\adfssrv
                Listen: Yes
                Delegate: Yes
                SDDL: D:(A;;GA;;;S-1-5-80-2246541699-21809830-3603976364-117610243-975697593)

        Reserved URL            : https://+:443/adfs/fs/federationserverservice.asmx/
            User: NT SERVICE\adfssrv
                Listen: Yes
                Delegate: Yes
                SDDL: D:(A;;GA;;;S-1-5-80-2246541699-21809830-3603976364-117610243-975697593)

    Thanks!

    Tuesday, February 16, 2010 7:04 PM
  • Is your machine domain joined?
    Yes the machine is in a domain

    Is your machine a domain controller?
    No

    Is your machine connected to your local network?
    Yes

    What point in the repro steps was the machine connected to your local network?
    It was connected all the time... why is that question important ?

    Was WID already installed on your machines, or was it installed by the Federation Service Configuration Wizard? 
    Yes, It was already installed.

    What is the "Log On as" value for the WID service (using services.msc)?
    Network Service

    Can you also give me an output of "netsh http show urlacl" from your command prompt (as administrator)?
    Here it is

    URL Reservations:
    -----------------

        Reserved URL            : http://*:2869/
            User: NT AUTHORITY\LOCAL SERVICE
                Listen: Yes
                Delegate: No
                SDDL: D:(A;;GX;;;LS)

        Reserved URL            : https://*:8172/
            User: NT SERVICE\WMSvc
                Listen: Yes
                Delegate: No
                SDDL: D:(A;;GX;;;S-1-5-80-257763619-1023834443-750927789-3464696139-
    1457670516)

        Reserved URL            : http://+:8731/Design_Time_Addresses/
            User: NT AUTHORITY\INTERACTIVE
                Listen: Yes
                Delegate: No
                SDDL: D:(A;;GX;;;IU)

        Reserved URL            : http://+:80/wsman/
            User: NT AUTHORITY\NETWORK SERVICE
                Listen: Yes
                Delegate: Yes
                SDDL: D:(A;;GA;;;NS)

        Reserved URL            : http://+:80/Temporary_Listen_Addresses/
            User: \Everyone
                Listen: Yes
                Delegate: No
                SDDL: D:(A;;GX;;;WD)

        Reserved URL            : https://+:443/sra_{BA195980-CD49-458b-9E23-C84EE0A
    DCD75}/
            User: NT SERVICE\SstpSvc
                Listen: Yes
                Delegate: Yes
            User: BUILTIN\Administrators
                Listen: No
                Delegate: No
            User: NT AUTHORITY\SYSTEM
                Listen: Yes
                Delegate: Yes
                SDDL: D:(A;;GA;;;S-1-5-80-3435701886-799518250-3791383489-3228296122
    -2938884314)(A;;GR;;;BA)(A;;GA;;;SY)

        Reserved URL            : http://127.0.0.1:10000/
            User: MINDTREE\M1000700
                Listen: Yes
                Delegate: No
                SDDL: D:(A;;GX;;;S-1-5-21-448539723-746137067-1801674531-10498)

        Reserved URL            : http://127.0.0.1:10001/
            User: MINDTREE\M1000700
                Listen: Yes
                Delegate: No
                SDDL: D:(A;;GX;;;S-1-5-21-448539723-746137067-1801674531-10498)

        Reserved URL            : http://127.0.0.1:10002/
            User: MINDTREE\M1000700
                Listen: Yes
                Delegate: No
                SDDL: D:(A;;GX;;;S-1-5-21-448539723-746137067-1801674531-10498)

        Reserved URL            : http://*:5357/
            User: BUILTIN\Users
                Listen: Yes
                Delegate: No
            User: NT AUTHORITY\LOCAL SERVICE
                Listen: Yes
                Delegate: No
                SDDL: D:(A;;GX;;;BU)(A;;GX;;;LS)

        Reserved URL            : https://*:5358/
            User: BUILTIN\Users
                Listen: Yes
                Delegate: No
            User: NT AUTHORITY\LOCAL SERVICE
                Listen: Yes
                Delegate: No
                SDDL: D:(A;;GX;;;BU)(A;;GX;;;LS)

        Reserved URL            : http://+:47001/wsman/
            User: NT SERVICE\WinRM
                Listen: Yes
                Delegate: No
            User: NT SERVICE\Wecsvc
                Listen: Yes
                Delegate: No
                SDDL: D:(A;;GX;;;S-1-5-80-569256582-2953403351-2909559716-1301513147
    -412116970)(A;;GX;;;S-1-5-80-4059739203-877974739-1245631912-527174227-299656351
    7)

        Reserved URL            : http://+:5985/wsman/
            User: NT SERVICE\WinRM
                Listen: Yes
                Delegate: No
            User: NT SERVICE\Wecsvc
                Listen: Yes
                Delegate: No
                SDDL: D:(A;;GX;;;S-1-5-80-569256582-2953403351-2909559716-1301513147
    -412116970)(A;;GX;;;S-1-5-80-4059739203-877974739-1245631912-527174227-299656351
    7)

        Reserved URL            : https://+:5986/wsman/
            User: NT SERVICE\WinRM
                Listen: Yes
                Delegate: No
            User: NT SERVICE\Wecsvc
                Listen: Yes
                Delegate: No
                SDDL: D:(A;;GX;;;S-1-5-80-569256582-2953403351-2909559716-1301513147
    -412116970)(A;;GX;;;S-1-5-80-4059739203-877974739-1245631912-527174227-299656351
    7)

        Reserved URL            : http://+:80/116B50EB-ECE2-41ac-8429-9F9E963361B7/

            User: NT AUTHORITY\NETWORK SERVICE
                Listen: Yes
                Delegate: No
                SDDL: D:(A;;GX;;;NS)

        Reserved URL            : https://+:443/C574AC30-5794-4AEE-B1BB-6651C5315029
    /
            User: NT AUTHORITY\NETWORK SERVICE
                Listen: Yes
                Delegate: No
                SDDL: D:(A;;GX;;;NS)

        Reserved URL            : http://+:80/adfs/services/
            User: NT SERVICE\adfssrv
                Listen: Yes
                Delegate: Yes
                SDDL: D:(A;;GA;;;S-1-5-80-2246541699-21809830-3603976364-117610243-9
    75697593)

        Reserved URL            : https://+:443/adfs/services/
            User: NT SERVICE\adfssrv
                Listen: Yes
                Delegate: Yes
                SDDL: D:(A;;GA;;;S-1-5-80-2246541699-21809830-3603976364-117610243-9
    75697593)

        Reserved URL            : https://+:443/FederationMetadata/2007-06/
            User: NT SERVICE\adfssrv
                Listen: Yes
                Delegate: Yes
                SDDL: D:(A;;GA;;;S-1-5-80-2246541699-21809830-3603976364-117610243-9
    75697593)

        Reserved URL            : https://+:443/adfs/fs/federationserverservice.asmx
    /
            User: NT SERVICE\adfssrv
                Listen: Yes
                Delegate: Yes
                SDDL: D:(A;;GA;;;S-1-5-80-2246541699-21809830-3603976364-117610243-9
    75697593)


    Let us know if you need any additional information


    bkk
    Wednesday, February 17, 2010 4:32 AM
  • In addition to above information... here are some logs from Application event log which has shown some errors

    Error:

    The description for Event ID 9645 from source MSSQL$MICROSOFT##SSEE cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

    If the event originated on another computer, the display information had to be saved with the event.

    The following information

    was included with the event:

     

    The handle is invalid



    Error:

    Could not start Service Broker for database id: 6. A problem is preventing SQL Server from starting Service Broker. Check the SQL Server error log for additional messages.

     

    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="MSSQL$MICROSOFT##SSEE" /> 
      <EventID Qualifiers="16384">9697</EventID> 
      <Level>4</Level> 
      <Task>2</Task> 
      <Keywords>0x80000000000000</Keywords> 
      <TimeCreated SystemTime="2010-02-17T04:52:20.000Z" /> 
      <EventRecordID>24893</EventRecordID> 
      <Channel>Application</Channel> 
      <Computer>xxxxxxxxxxxxx</Computer> 
      <Security /> 
      </System>
    <EventData>
      <Data>6</Data> 
      <Binary>E12500000A0000001A000000410034004D005300300038003500320032005C004D004900430052004F0053004F0046005400230023005300530045004500000012000000410064006600730041007200740069006600610063007400530074006F00720065000000</Binary> 
      </EventData>
      </Event>

    Does this help ?

    Regards
    Badal


    bkk
    Wednesday, February 17, 2010 5:00 AM
  • Hi,

    I was able to get past this issue with following changes, not sure if all these are required though :).

    Assumption one has followed the step by step configuration of ADFS document and use "ADFS 2.0 RC".

    1.       Created the certification based on the system name .domain name in this case “SystemName.DomainName” Example: Systeme1.Microsoft.com

    2.       Re pointed the https binding of the default web site to the newly created certificate

    3.       Assigned the "default pool" to all the web applications inside the "default web site"

    4.       Set the “connect as” property to all the web application to local “Administrator” account

    5.      Started the “AD FS 2.0 Windows Service” manualy with local systems “Administrator” account, just before clicking on the "Next" button in the ADFS configuration wizard that starts the actual configuration.
    Note if you restart the system please make sure that the service is started again with “Administrator” account.

    6.       Additionally I have started the “Card space” related service and all the SQL related services


    Hope it helps.
     

    Thanks & Regards,

    Pramod.

     

     

    Thursday, February 18, 2010 7:20 PM
  • Hi Pramod,

    Yes that works, BUT.. ADFS 2.0 configuration will still give you a problem. You can go and start the service with administrative account but rest of the configuration process will not be completed (for creating default claims and related stuff).

    Once i start the service - if i go to visual studio project and try to add STS reference-it doesnt recognize it. Are we missing anything here...

    If i run the adfs config wizard again - it by default tries to start the service with network service account.

    I am still stuck.


    Regards
    Badal
    bkk
    Sunday, February 21, 2010 12:25 PM
  • Can someone also guide me on how to un-install adfs 2.0 ?
    bkk
    Sunday, February 21, 2010 1:26 PM
  • Hi Badal,

    Answers to some of your questions.
    1. Un-Install ADFS 2.0 ..  
       Go to Control panel Add or remove programs 
       Click on View Installed Updates

       You will find ADFS 2.0 listed there select “Un-Install option” (ADFS 2.0 (KB974408) and WIF (Kb944405)
               

    2. STS option not figuring in Visual Studio could be some ADFS/WIF deployment problems, use the “fedUtil” directly to add the metadata to the project.

     

    3. Just one correction in my post above .. instead of logging using Administrator account use your domain account, make sure you do this while running ADFS 2.0 configuration wizard .. the process is just to avoid the time out issue from the wizard. Note ADFS 2.0 configuration wizards sets the default account to “Network Service” every time you start the configuration.

     

    PS: My post above is just a workaround and are not main stream steps.

    Thanks & Regards,
    Pramod.

    Monday, February 22, 2010 8:12 AM
  • From what you are asying above, it does look like a permissions problem.

    Can you give me the output of the following commands?

    "sc qsiddtype adfssrv"
    "sc showsid adfssrv"
    Monday, February 22, 2010 6:29 PM
  • sc qsidtype adfssrv
    ====================

    [SC] QueryServiceConfig2 SUCCESS

    SERVICE_NAME: adfssrv
    SERVICE_SID_TYPE:  UNRESTRICTED

    sc showsid adfssrv
    ===================
    NAME: adfssrv
    SERVICE SID: S-1-5-80-2246541699-21809830-3603976364-117610243-975697593


    In the mean time i will try what pramod is suggesting.

    thanks Pramod.

    Badal

    Tuesday, February 23, 2010 4:14 AM
  • All,

    We have been struggling to get a solution for this. I tried what pramod suggests but when the configuration wizard runs.. at the time of running the service it sets the account details to network service and we cant really do anything during that time (change the logon credentials of the service to domain account).

    Most of the places there is a step mentioned in FSConfigWizard to mention the service account but looks like Release candidate completely omits this task and setting the service account step does not show up. Neither there is any config file for this config wizard where we can do something.

    Sriram - I am not sure how you are not able to reproduce this problem but i tried uninstalling and installing it again.. still doesnt work :(

    Can you let us know the steps you are following and the configuration of the server you are using to make it run

    We are using 32 bit Windows 2008 server (Enterprise edition) with SP2 and not the R2 version.

    Regards
    Badal
    bkk
    Tuesday, February 23, 2010 6:27 AM
  • The problem seems to stem from the fact that we are not able to look at the trace logs. Can others who are seeing this problem try the same repro steps and get me a trace log?

    In Event Viewer

    Go to Applications and Services Logs -> AD FS 2.0
    Right click and select View-> Show analytic and debug Logs
    You will see a new node for AD FS 2.0 Tracing.
    Navigate to AD FS 2.0 Tracing->Debug, right click, and choose Enable Log.
    Run the Configuration wizard, and let it fail per the repro steps.
    Refresh the AD FS 2.0 Tracing->Debug node in event viewer to see the trace logs.

    The repro steps that you mention above do not repro a problem in any of our machines.

    The standalone configuration always configures the service to run as NetworkService. Only farm deployments can be configured to run as a specific service account. You could choose to configure your server as a first in the federation server farm, and not configure any other servers for the farm. Please see deployment guide for help on that.

    Tuesday, February 23, 2010 6:08 PM
  • I have the same problem, I have try many time but I always have this problem.

    For your information I have this kind of things in the debug log (like explain before) :

    Log Name:      AD FS 2.0 Tracing/Debug
    Source:        AD FS 2.0 Tracing
    Date:          2/26/2010 4:38:04 PM
    Event ID:      104
    Task Category: None
    Level:         Information
    Keywords:      ADFSConfigTool
    User:          ###USER###
    Computer:      ###COMPUTER###
    Description:
    DebugLog initialized
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="AD FS 2.0 Tracing" Guid="{f1aa12b3-dba2-4cab-b909-2c2b7afcf1fd}" />
        <EventID>104</EventID>
        <Version>0</Version>
        <Level>4</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000100000</Keywords>
        <TimeCreated SystemTime="2010-02-26T15:38:04.906Z" />
        <EventRecordID>0</EventRecordID>
        <Correlation />
        <Execution ProcessID="296" ThreadID="3736" ProcessorID="0" KernelTime="1" UserTime="8" />
        <Channel>AD FS 2.0 Tracing/Debug</Channel>
        <Computer>###COMPUTER###</Computer>
        <Security UserID="S-1-5-21-3254040651-4163668645-3879608203-1239" />
      </System>
      <UserData>
        <Event xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="ADFSNs">
          <EventData>DebugLog initialized</EventData>
        </Event>
      </UserData>
    </Event>

    Log Name:      AD FS 2.0 Tracing/Debug
    Source:        AD FS 2.0 Tracing
    Date:          2/26/2010 4:38:13 PM
    Event ID:      104
    Task Category: None
    Level:         Information
    Keywords:      ADFSConfigTool
    User:          ###USER###
    Computer:      ###COMPUTER###
    Description:
    WID service startup type set to automatic.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="AD FS 2.0 Tracing" Guid="{f1aa12b3-dba2-4cab-b909-2c2b7afcf1fd}" />
        <EventID>104</EventID>
        <Version>0</Version>
        <Level>4</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000100000</Keywords>
        <TimeCreated SystemTime="2010-02-26T15:38:13.884Z" />
        <EventRecordID>1</EventRecordID>
        <Correlation />
        <Execution ProcessID="296" ThreadID="3736" ProcessorID="0" KernelTime="10" UserTime="40" />
        <Channel>AD FS 2.0 Tracing/Debug</Channel>
        <Computer>###COMPUTER###</Computer>
        <Security UserID="S-1-5-21-3254040651-4163668645-3879608203-1239" />
      </System>
      <UserData>
        <Event xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="ADFSNs">
          <EventData>WID service startup type set to automatic.</EventData>
        </Event>
      </UserData>
    </Event>

    Log Name:      AD FS 2.0 Tracing/Debug
    Source:        AD FS 2.0 Tracing
    Date:          2/26/2010 4:38:17 PM
    Event ID:      104
    Task Category: None
    Level:         Information
    Keywords:      ADFSConfigTool
    User:          ###USER###
    Computer:      ###COMPUTER###
    Description:
    WID service startup type set to automatic.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="AD FS 2.0 Tracing" Guid="{f1aa12b3-dba2-4cab-b909-2c2b7afcf1fd}" />
        <EventID>104</EventID>
        <Version>0</Version>
        <Level>4</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000100000</Keywords>
        <TimeCreated SystemTime="2010-02-26T15:38:17.877Z" />
        <EventRecordID>2</EventRecordID>
        <Correlation />
        <Execution ProcessID="296" ThreadID="812" ProcessorID="0" KernelTime="0" UserTime="0" />
        <Channel>AD FS 2.0 Tracing/Debug</Channel>
        <Computer>###COMPUTER###</Computer>
        <Security UserID="S-1-5-21-3254040651-4163668645-3879608203-1239" />
      </System>
      <UserData>
        <Event xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="ADFSNs">
          <EventData>WID service startup type set to automatic.</EventData>
        </Event>
      </UserData>
    </Event>

    Log Name:      AD FS 2.0 Tracing/Debug
    Source:        AD FS 2.0 Tracing
    Date:          2/26/2010 4:38:17 PM
    Event ID:      105
    Task Category: None
    Level:         Verbose
    Keywords:      ADFSConfigTool
    User:          ###USER###
    Computer:      ###COMPUTER###
    Description:
    SqlSetupTask : Reinstall was set.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="AD FS 2.0 Tracing" Guid="{f1aa12b3-dba2-4cab-b909-2c2b7afcf1fd}" />
        <EventID>105</EventID>
        <Version>0</Version>
        <Level>5</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000100000</Keywords>
        <TimeCreated SystemTime="2010-02-26T15:38:17.883Z" />
        <EventRecordID>3</EventRecordID>
        <Correlation />
        <Execution ProcessID="296" ThreadID="812" ProcessorID="0" KernelTime="0" UserTime="0" />
        <Channel>AD FS 2.0 Tracing/Debug</Channel>
        <Computer>###COMPUTER###</Computer>
        <Security UserID="S-1-5-21-3254040651-4163668645-3879608203-1239" />
      </System>
      <UserData>
        <Event xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="ADFSNs">
          <EventData>SqlSetupTask : Reinstall was set.</EventData>
        </Event>
      </UserData>
    </Event>

    Log Name:      AD FS 2.0 Tracing/Debug
    Source:        AD FS 2.0 Tracing
    Date:          2/26/2010 4:38:19 PM
    Event ID:      44
    Task Category: None
    Level:         Information
    Keywords:      ADFSPolicyModel
    User:          ###USER###
    Computer:      ###COMPUTER###
    Description:
    ADMIN0085: An unrecognized attribute:'EventLogThrottlingIntervalInMinutes' with value:'5' at line:'70' was found while parsing the configuration XML.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="AD FS 2.0 Tracing" Guid="{f1aa12b3-dba2-4cab-b909-2c2b7afcf1fd}" />
        <EventID>44</EventID>
        <Version>0</Version>
        <Level>4</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000000100</Keywords>
        <TimeCreated SystemTime="2010-02-26T15:38:19.938Z" />
        <EventRecordID>5</EventRecordID>
        <Correlation />
        <Execution ProcessID="296" ThreadID="812" ProcessorID="0" KernelTime="3" UserTime="8" />
        <Channel>AD FS 2.0 Tracing/Debug</Channel>
        <Computer>###COMPUTER###</Computer>
        <Security UserID="S-1-5-21-3254040651-4163668645-3879608203-1239" />
      </System>
      <UserData>
        <Event xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="ADFSNs">
          <EventData>ADMIN0085: An unrecognized attribute:'EventLogThrottlingIntervalInMinutes' with value:'5' at line:'70' was found while parsing the configuration XML.</EventData>
        </Event>
      </UserData>
    </Event>

    Log Name:      AD FS 2.0 Tracing/Debug
    Source:        AD FS 2.0 Tracing
    Date:          2/26/2010 4:38:19 PM
    Event ID:      44
    Task Category: None
    Level:         Information
    Keywords:      ADFSPolicyModel
    User:          ###USER###
    Computer:      ###COMPUTER###
    Description:
    ADMIN0084: An unrecognized node:'5' was found at line:'70' while parsing the configuration XML.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="AD FS 2.0 Tracing" Guid="{f1aa12b3-dba2-4cab-b909-2c2b7afcf1fd}" />
        <EventID>44</EventID>
        <Version>0</Version>
        <Level>4</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000000100</Keywords>
        <TimeCreated SystemTime="2010-02-26T15:38:19.938Z" />
        <EventRecordID>4</EventRecordID>
        <Correlation />
        <Execution ProcessID="296" ThreadID="812" ProcessorID="0" KernelTime="3" UserTime="8" />
        <Channel>AD FS 2.0 Tracing/Debug</Channel>
        <Computer>###COMPUTER###</Computer>
        <Security UserID="S-1-5-21-3254040651-4163668645-3879608203-1239" />
      </System>
      <UserData>
        <Event xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="ADFSNs">
          <EventData>ADMIN0084: An unrecognized node:'5' was found at line:'70' while parsing the configuration XML.</EventData>
        </Event>
      </UserData>
    </Event>

    Log Name:      AD FS 2.0 Tracing/Debug
    Source:        AD FS 2.0 Tracing
    Date:          2/26/2010 4:38:19 PM
    Event ID:      105
    Task Category: None
    Level:         Verbose
    Keywords:      ADFSConfigTool
    User:          ###USER###
    Computer:      ###COMPUTER###
    Description:
    New database was created - So setting the ppid entropy, default certs, soap settings
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="AD FS 2.0 Tracing" Guid="{f1aa12b3-dba2-4cab-b909-2c2b7afcf1fd}" />
        <EventID>105</EventID>
        <Version>0</Version>
        <Level>5</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000100000</Keywords>
        <TimeCreated SystemTime="2010-02-26T15:38:19.987Z" />
        <EventRecordID>6</EventRecordID>
        <Correlation />
        <Execution ProcessID="296" ThreadID="812" ProcessorID="0" KernelTime="3" UserTime="9" />
        <Channel>AD FS 2.0 Tracing/Debug</Channel>
        <Computer>###COMPUTER###</Computer>
        <Security UserID="S-1-5-21-3254040651-4163668645-3879608203-1239" />
      </System>
      <UserData>
        <Event xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="ADFSNs">
          <EventData>New database was created - So setting the ppid entropy, default certs, soap settings</EventData>
        </Event>
      </UserData>
    </Event>

    Log Name:      AD FS 2.0 Tracing/Debug
    Source:        AD FS 2.0 Tracing
    Date:          2/26/2010 4:38:23 PM
    Event ID:      105
    Task Category: None
    Level:         Verbose
    Keywords:      ADFSConfigTool
    User:          ###USER###
    Computer:      ###COMPUTER###
    Description:
    Entered DeployFederationPassiveSite( )
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="AD FS 2.0 Tracing" Guid="{f1aa12b3-dba2-4cab-b909-2c2b7afcf1fd}" />
        <EventID>105</EventID>
        <Version>0</Version>
        <Level>5</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000100000</Keywords>
        <TimeCreated SystemTime="2010-02-26T15:38:23.108Z" />
        <EventRecordID>7</EventRecordID>
        <Correlation />
        <Execution ProcessID="296" ThreadID="812" ProcessorID="0" KernelTime="5" UserTime="199" />
        <Channel>AD FS 2.0 Tracing/Debug</Channel>
        <Computer>###COMPUTER###</Computer>
        <Security UserID="S-1-5-21-3254040651-4163668645-3879608203-1239" />
      </System>
      <UserData>
        <Event xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="ADFSNs">
          <EventData>Entered DeployFederationPassiveSite( )</EventData>
        </Event>
      </UserData>
    </Event>

    Log Name:      AD FS 2.0 Tracing/Debug
    Source:        AD FS 2.0 Tracing
    Date:          2/26/2010 4:38:23 PM
    Event ID:      105
    Task Category: None
    Level:         Verbose
    Keywords:      ADFSConfigTool
    User:          ###USER###
    Computer:      ###COMPUTER###
    Description:
    Entered FederationPassiveDeployment.DeploySite( )
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="AD FS 2.0 Tracing" Guid="{f1aa12b3-dba2-4cab-b909-2c2b7afcf1fd}" />
        <EventID>105</EventID>
        <Version>0</Version>
        <Level>5</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000100000</Keywords>
        <TimeCreated SystemTime="2010-02-26T15:38:23.124Z" />
        <EventRecordID>8</EventRecordID>
        <Correlation />
        <Execution ProcessID="296" ThreadID="812" ProcessorID="0" KernelTime="5" UserTime="200" />
        <Channel>AD FS 2.0 Tracing/Debug</Channel>
        <Computer>###COMPUTER###</Computer>
        <Security UserID="S-1-5-21-3254040651-4163668645-3879608203-1239" />
      </System>
      <UserData>
        <Event xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="ADFSNs">
          <EventData>Entered FederationPassiveDeployment.DeploySite( )</EventData>
        </Event>
      </UserData>
    </Event>

    Log Name:      AD FS 2.0 Tracing/Debug
    Source:        AD FS 2.0 Tracing
    Date:          2/26/2010 4:38:23 PM
    Event ID:      105
    Task Category: None
    Level:         Verbose
    Keywords:      ADFSConfigTool
    User:          ###USER###
    Computer:      ###COMPUTER###
    Description:
    Exited FederationPassiveDeployment.DeploySite
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="AD FS 2.0 Tracing" Guid="{f1aa12b3-dba2-4cab-b909-2c2b7afcf1fd}" />
        <EventID>105</EventID>
        <Version>0</Version>
        <Level>5</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000100000</Keywords>
        <TimeCreated SystemTime="2010-02-26T15:38:23.166Z" />
        <EventRecordID>9</EventRecordID>
        <Correlation />
        <Execution ProcessID="296" ThreadID="812" ProcessorID="0" KernelTime="5" UserTime="202" />
        <Channel>AD FS 2.0 Tracing/Debug</Channel>
        <Computer>###COMPUTER###</Computer>
        <Security UserID="S-1-5-21-3254040651-4163668645-3879608203-1239" />
      </System>
      <UserData>
        <Event xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="ADFSNs">
          <EventData>Exited FederationPassiveDeployment.DeploySite</EventData>
        </Event>
      </UserData>
    </Event>

    Log Name:      AD FS 2.0 Tracing/Debug
    Source:        AD FS 2.0 Tracing
    Date:          2/26/2010 4:38:23 PM
    Event ID:      105
    Task Category: None
    Level:         Verbose
    Keywords:      ADFSConfigTool
    User:          ###USER###
    Computer:      ###COMPUTER###
    Description:
    Entered DeployCardIssuanceSite( )
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="AD FS 2.0 Tracing" Guid="{f1aa12b3-dba2-4cab-b909-2c2b7afcf1fd}" />
        <EventID>105</EventID>
        <Version>0</Version>
        <Level>5</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000100000</Keywords>
        <TimeCreated SystemTime="2010-02-26T15:38:23.174Z" />
        <EventRecordID>10</EventRecordID>
        <Correlation />
        <Execution ProcessID="296" ThreadID="812" ProcessorID="0" KernelTime="5" UserTime="202" />
        <Channel>AD FS 2.0 Tracing/Debug</Channel>
        <Computer>###COMPUTER###</Computer>
        <Security UserID="S-1-5-21-3254040651-4163668645-3879608203-1239" />
      </System>
      <UserData>
        <Event xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="ADFSNs">
          <EventData>Entered DeployCardIssuanceSite( )</EventData>
        </Event>
      </UserData>
    </Event>

    Log Name:      AD FS 2.0 Tracing/Debug
    Source:        AD FS 2.0 Tracing
    Date:          2/26/2010 4:38:53 PM
    Event ID:      102
    Task Category: None
    Level:         Error
    Keywords:      ADFSConfigTool
    User:          ###USER###
    Computer:      ###COMPUTER###
    Description:
    ServiceControllerStatus.Start gave exception.
    Cannot start service adfssrv on computer '.'.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="AD FS 2.0 Tracing" Guid="{f1aa12b3-dba2-4cab-b909-2c2b7afcf1fd}" />
        <EventID>102</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000100000</Keywords>
        <TimeCreated SystemTime="2010-02-26T15:38:53.323Z" />
        <EventRecordID>11</EventRecordID>
        <Correlation />
        <Execution ProcessID="296" ThreadID="812" ProcessorID="0" KernelTime="5" UserTime="205" />
        <Channel>AD FS 2.0 Tracing/Debug</Channel>
        <Computer>###COMPUTER###</Computer>
        <Security UserID="S-1-5-21-3254040651-4163668645-3879608203-1239" />
      </System>
      <UserData>
        <Event xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="ADFSNs">
          <EventData>ServiceControllerStatus.Start gave exception.
    Cannot start service adfssrv on computer '.'.</EventData>
        </Event>
      </UserData>
    </Event>

    Log Name:      AD FS 2.0 Tracing/Debug
    Source:        AD FS 2.0 Tracing
    Date:          2/26/2010 4:38:53 PM
    Event ID:      105
    Task Category: None
    Level:         Verbose
    Keywords:      ADFSConfigTool
    User:          ###USER###
    Computer:      ###COMPUTER###
    Description:
    Call Stack:
       at System.ServiceProcess.ServiceController.Start(String[] args)
       at System.ServiceProcess.ServiceController.Start()
       at Microsoft.IdentityServer.ConfigTool.Tasks.ServiceStartTask.DoConfig()
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="AD FS 2.0 Tracing" Guid="{f1aa12b3-dba2-4cab-b909-2c2b7afcf1fd}" />
        <EventID>105</EventID>
        <Version>0</Version>
        <Level>5</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000100000</Keywords>
        <TimeCreated SystemTime="2010-02-26T15:38:53.324Z" />
        <EventRecordID>12</EventRecordID>
        <Correlation />
        <Execution ProcessID="296" ThreadID="812" ProcessorID="0" KernelTime="5" UserTime="206" />
        <Channel>AD FS 2.0 Tracing/Debug</Channel>
        <Computer>###COMPUTER###</Computer>
        <Security UserID="S-1-5-21-3254040651-4163668645-3879608203-1239" />
      </System>
      <UserData>
        <Event xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="ADFSNs">
          <EventData>Call Stack:
       at System.ServiceProcess.ServiceController.Start(String[] args)
       at System.ServiceProcess.ServiceController.Start()
       at Microsoft.IdentityServer.ConfigTool.Tasks.ServiceStartTask.DoConfig()</EventData>
        </Event>
      </UserData>
    </Event>

    Log Name:      AD FS 2.0 Tracing/Debug
    Source:        AD FS 2.0 Tracing
    Date:          2/26/2010 4:38:53 PM
    Event ID:      102
    Task Category: None
    Level:         Error
    Keywords:      ADFSConfigTool
    User:          ###USER###
    Computer:      ###COMPUTER###
    Description:
    RunTask encountered an exception.
    An error occured while trying to perform the configuration task: Unable to start the AD FS 2.0 Windows Service. Check Event Viewer for details.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="AD FS 2.0 Tracing" Guid="{f1aa12b3-dba2-4cab-b909-2c2b7afcf1fd}" />
        <EventID>102</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000100000</Keywords>
        <TimeCreated SystemTime="2010-02-26T15:38:53.325Z" />
        <EventRecordID>15</EventRecordID>
        <Correlation />
        <Execution ProcessID="296" ThreadID="812" ProcessorID="0" KernelTime="5" UserTime="206" />
        <Channel>AD FS 2.0 Tracing/Debug</Channel>
        <Computer>###COMPUTER###</Computer>
        <Security UserID="S-1-5-21-3254040651-4163668645-3879608203-1239" />
      </System>
      <UserData>
        <Event xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="ADFSNs">
          <EventData>RunTask encountered an exception.
    An error occured while trying to perform the configuration task: Unable to start the AD FS 2.0 Windows Service. Check Event Viewer for details.</EventData>
        </Event>
      </UserData>
    </Event>

    Log Name:      AD FS 2.0 Tracing/Debug
    Source:        AD FS 2.0 Tracing
    Date:          2/26/2010 4:38:53 PM
    Event ID:      105
    Task Category: None
    Level:         Verbose
    Keywords:      ADFSConfigTool
    User:          ###USER###
    Computer:      ###COMPUTER###
    Description:
    Call Stack:
       at Microsoft.IdentityServer.UI.Shared.ConfigWizards.ConfigTask.Execute()
       at Microsoft.IdentityServer.UI.Shared.ConfigWizards.ConfigTaskList.RunTask(ConfigTask task)
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="AD FS 2.0 Tracing" Guid="{f1aa12b3-dba2-4cab-b909-2c2b7afcf1fd}" />
        <EventID>105</EventID>
        <Version>0</Version>
        <Level>5</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000100000</Keywords>
        <TimeCreated SystemTime="2010-02-26T15:38:53.325Z" />
        <EventRecordID>16</EventRecordID>
        <Correlation />
        <Execution ProcessID="296" ThreadID="812" ProcessorID="0" KernelTime="5" UserTime="206" />
        <Channel>AD FS 2.0 Tracing/Debug</Channel>
        <Computer>###COMPUTER###</Computer>
        <Security UserID="S-1-5-21-3254040651-4163668645-3879608203-1239" />
      </System>
      <UserData>
        <Event xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="ADFSNs">
          <EventData>Call Stack:
       at Microsoft.IdentityServer.UI.Shared.ConfigWizards.ConfigTask.Execute()
       at Microsoft.IdentityServer.UI.Shared.ConfigWizards.ConfigTaskList.RunTask(ConfigTask task)</EventData>
        </Event>
      </UserData>
    </Event>

    Log Name:      AD FS 2.0 Tracing/Debug
    Source:        AD FS 2.0 Tracing
    Date:          2/26/2010 4:38:53 PM
    Event ID:      102
    Task Category: None
    Level:         Error
    Keywords:      ADFSConfigTool
    User:          ###USER###
    Computer:      ###COMPUTER###
    Description:
    Error while performing the configuration task.
    Unable to start the AD FS 2.0 Windows Service. Check Event Viewer for details.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="AD FS 2.0 Tracing" Guid="{f1aa12b3-dba2-4cab-b909-2c2b7afcf1fd}" />
        <EventID>102</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000100000</Keywords>
        <TimeCreated SystemTime="2010-02-26T15:38:53.325Z" />
        <EventRecordID>13</EventRecordID>
        <Correlation />
        <Execution ProcessID="296" ThreadID="812" ProcessorID="0" KernelTime="5" UserTime="206" />
        <Channel>AD FS 2.0 Tracing/Debug</Channel>
        <Computer>###COMPUTER###</Computer>
        <Security UserID="S-1-5-21-3254040651-4163668645-3879608203-1239" />
      </System>
      <UserData>
        <Event xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="ADFSNs">
          <EventData>Error while performing the configuration task.
    Unable to start the AD FS 2.0 Windows Service. Check Event Viewer for details.</EventData>
        </Event>
      </UserData>
    </Event>

    Log Name:      AD FS 2.0 Tracing/Debug
    Source:        AD FS 2.0 Tracing
    Date:          2/26/2010 4:38:53 PM
    Event ID:      105
    Task Category: None
    Level:         Verbose
    Keywords:      ADFSConfigTool
    User:          ###USER###
    Computer:      ###COMPUTER###
    Description:
    Call Stack:
       at Microsoft.IdentityServer.ConfigTool.Tasks.ServiceStartTask.DoConfig()
       at Microsoft.IdentityServer.UI.Shared.ConfigWizards.ConfigTask.Execute()
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="AD FS 2.0 Tracing" Guid="{f1aa12b3-dba2-4cab-b909-2c2b7afcf1fd}" />
        <EventID>105</EventID>
        <Version>0</Version>
        <Level>5</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000100000</Keywords>
        <TimeCreated SystemTime="2010-02-26T15:38:53.325Z" />
        <EventRecordID>14</EventRecordID>
        <Correlation />
        <Execution ProcessID="296" ThreadID="812" ProcessorID="0" KernelTime="5" UserTime="206" />
        <Channel>AD FS 2.0 Tracing/Debug</Channel>
        <Computer>###COMPUTER###</Computer>
        <Security UserID="S-1-5-21-3254040651-4163668645-3879608203-1239" />
      </System>
      <UserData>
        <Event xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="ADFSNs">
          <EventData>Call Stack:
       at Microsoft.IdentityServer.ConfigTool.Tasks.ServiceStartTask.DoConfig()
       at Microsoft.IdentityServer.UI.Shared.ConfigWizards.ConfigTask.Execute()</EventData>
        </Event>
      </UserData>
    </Event>

    Hope you can help to resolve this problem.

    Friday, February 26, 2010 4:02 PM
  • Having the exact same problem as described earlier in this thread. Per your request, I'm having our local Microsoft rep forward you the trace logs from the failed ADFS 2 startup.  Please let me know if there's anything else you need.
    Tuesday, March 02, 2010 3:08 PM
  • Dear All,

    Looks like ADFS 2.0 does not work on Windows Server 2008 (32 bit) editions (Std / Enterprise). When i reformatted the machine to install Windows 2008 Enterprise R2 (64 bit) ADFS 2.0 got working without any hitch. Note: I did not install ADFS through add server roles. Download the RC of ADFS 2.0 and run the setup.

    Would suggest dont waste your time and move to R2.

    Please mark as answered if it solves ur concern

    Regards
    Badal
    bkk
    • Proposed as answer by Badal Friday, March 05, 2010 6:06 AM
    • Unproposed as answer by mimatas Monday, March 15, 2010 11:55 PM
    Friday, March 05, 2010 5:51 AM
  • Hi,
    (My configuration : MS Virtual PC 2007, WinServer2008 Ent (x86) + SP2 as guest OS, .NET 3.5 SP1)

    To pass through ADFS 2.0 configuration Wizard "problem" you should do only this steps:
    1) Install ASFS 2.0 (launch adfssetup.exe for WinServer2008 x86)
    2) Lauch ADFS 2.0 configuration Wizard
    3) After you have got installation error in this wizard, you must start "ADFS 2.0 Windows Service" manually (without any account changing) from default Services snap-in.
    4) Launch ADFS 2.0 configuration Wizard again. As a result you'll get installed ADFS configuration. (in my case it works).

    But we all understand that this is not a solution. 
    Friday, March 05, 2010 7:28 AM
  • In my case.. service would not start... and would give the same timeout issue.

    Not sure what is so different in your VPC.

    Regards
    Badal
    bkk
    Monday, March 08, 2010 6:34 AM
  • Badal, I came to the same conclusion as you - I was able to flawlessly run AD FS 2.0 on 2008 R2, this is not an 'answer' to the problem. I've moved forward with development using 2008 R2 as a temporary stand-in, but my customers still require a solution that will run on 2008. Unfortunately, since AD FS 2.0 is not officially released, even my call to Microsoft Developer Support did not yield an answer. I guess we're stuck waiting and hoping until the final version is released - hopefully they'll have addressed this by then.
    Monday, March 15, 2010 11:58 PM
  • Thanks all for the information and feedback.  We do test heavily on Windows 2008; as well, our internal MS deployments have used Windows 2008.  All the same, I'm sorry to hear the trouble that is being reported.

    We have seen, from time to time, the service not being able to start up. An engineer on our team found the behavior described in the following blog post:

    http://blogs.msdn.com/amolravande/archive/2008/07/20/startup-performance-disable-the-generatepublisherevidence-property.aspx

    to be a cause.

    "Background : When assemblies are authenticode signed, the signed assemblies need to be verified by the certificate authority. When CA certificate is not present on the same machine the assemblies require network or internet access. If the signed assemblies are installed on machine where CA certificate is not on the same machine and does not have network/internet access the .NET thread might timeout waiting to connect. Below is one case study I have presented. There are other ways to avoid this performance issue including performing strong name signing of assemblies, placing the CA certificate on the same machine"


    Could this be the problem some folks are hitting?   There are some (config-based) solutions suggested in the blog post.

    Best,
    Colin.
    Colin
    • Marked as answer by mimatas Tuesday, October 07, 2014 7:05 PM
    Wednesday, March 17, 2010 11:07 PM
  • Spent some time with Microsoft troubleshooting this problem on our Win2008 SP2 server, and below is the fix that solved it for us.  Hope this helps.

    Registry key for changing service startup time:

     

    Under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control, I added a DWORD value "ServicesPipeTimeout". That is the amount of time SCM will wait before timing out when starting the service. By default its 30 seconds, and no DWORD value is present in the registry. Add the DWORD and set it to 240000 milliseconds. SCM now waits longer and you’ll be able to start the service.

    • Proposed as answer by MattVA Monday, March 29, 2010 7:29 PM
    Monday, March 29, 2010 7:29 PM
  • UPDATE:

    Microsoft provided a more precise fix.  Add the entry below to Microsoft.IdentityServer.Servicehost.exe.config file, located in the ADFS 2 install directory (default C:\Program Files\Active Directory Federation Services 2.0)

      <runtime>
        <generatePublisherEvidence enabled="false"/>
      </runtime>

     

    • Proposed as answer by MattVA Thursday, April 01, 2010 7:28 PM
    Thursday, April 01, 2010 7:28 PM
  • UPDATE:

    Microsoft provided a more precise fix.  Add the entry below to Microsoft.IdentityServer.Servicehost.exe.config file, located in the ADFS 2 install directory (default C:\Program Files\Active Directory Federation Services 2.0)

      <runtime>
        <generatePublisherEvidence enabled="false"/>
      </runtime>

     

    This works, same error on a 2008 SP2 machine. Adding the above to the config file fixes the problem.

     

    Thx.

    Tuesday, December 13, 2011 9:06 AM
  • I had this problem starting the ADFS service on a 2008 R2 server with no internet access and without the latest updates. 

    Adding the above XML entries did not provide a fix.  What fixed it for me was adding the  DWORD value "ServicesPipeTimeout" and setting the value to 60000 under under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control.  The service then started.

    Thanks,

    Wednesday, August 29, 2012 8:32 PM
  • This also fixed the issue on 2008 Server R2 SP1.  Thanks...!!!

    **********

    Microsoft provided a more precise fix.  Add the entry below to Microsoft.IdentityServer.Servicehost.exe.config file, located in the ADFS 2 install directory (default C:\Program Files\Active Directory Federation Services 2.0)

      <runtime>
        <generatePublisherEvidence enabled="false"/>
      </runtime>

    **********


    Chris


    • Edited by Chris0071 Thursday, November 08, 2012 3:08 AM
    Thursday, November 08, 2012 3:07 AM
  • Adding

    <runtime>
        <generatePublisherEvidence enabled="false"/>
    </runtime>

    Fixed my issue, thank you

    Wednesday, February 27, 2013 10:59 PM
  • This one also worked for me

    Win 2008 r2 Entreprise as DC, no internet access, adfs configured as a battery.

    Kinda curious to know why tho...

    Tuesday, January 14, 2014 9:02 AM
  • It is a security feature. As far as I know it checks the signature of your codefiles to a CA on the internet to validate it's not modified or revocated.


    Find me on linkedin: http://nl.linkedin.com/in/tranet


    • Edited by Robin Gaal Tuesday, January 14, 2014 9:45 AM
    Tuesday, January 14, 2014 9:45 AM