ADFS authentication

Peter Osazuwa 21 Reputation points


Our users are having what seems like an ADFS authentication error code: Reference number: d270fca6-e14e-4af0-80eb-efb29c74e535"

When I explored further it seems it has to do with authentication certificate as I received this message "The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuuerNameRegistery to return a valid name for this user"

How to I reset this ADFS authentication

The server is Windows 2008 R2 standard, which of cause is out of Microsoft support, so this forum is our only support and hope to find a fix!

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,034 questions
0 comments No comments
{count} votes

Accepted answer
  1. Pierre Audonnet - MSFT 10,091 Reputation points Microsoft Employee

    First of all, the migration path to Windows Server 2012 R2 ADFS (and higher) is quite straight forward and well documented: (the document is for 2008R2 to 2012R2 but that's the same drift for 2016 and 2019). The upgrade is actually a parallel run. You export the config from the old farm and import it on the new one. Both can be active at the same time. Of course the user will still use the old one until you update your DNS and load-balancers. And you can test it yourself with modifying the HOSTS file of your machine. In other words, I'd strongly recommend you upgrade. Not only your version is unsupported, but it also has no protection against password attacks putting your environment at risk.

    Then, the reference number you quote (assuming it is from the ADFS error page) is an activity ID. It is like a GUID valid only for the specific context of that one user and connection. It is useless to share it with us. But you can look for that GUID in the eventlogs to see what actual message it is connected to.

    About your error message. It is possible that either the URI of your relying party has changed. Or if this message is displayed at the application level, that your Token Signing certificate has changed.

    Anyhow, if you are still working on this issue let us know.

0 additional answers

Sort by: Most helpful