Event ID 103 — Windows NT Token-Based Application - Miscellaneous
Applies To: Windows Server 2008
Monitor miscellaneous authentication requests that are made to the Windows token-based agent.
Event Details
Product: | Windows Operating System |
ID: | 103 |
Source: | Microsoft-Windows-ADFS |
Version: | 6.0 |
Symbolic Name: | WSEXT_ORIG_REDIR_FAILURE |
Message: | The AD FS Web Agent for Windows NT token-based applications encountered a serious error. The client was successfully authenticated using the token from the Federation Service, but the Web agent was not able to redirect the client back to the application page that was originally requested. User Action If this error persists, enable the AD FS troubleshooting log. |
Resolve
Enable the AD FS troubleshooting log
If this error persists, enable the Active Directory Federation Services (AD FS) troubleshooting log.
To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.
To enable the AD FS troubleshooting log:
Caution: Incorrectly editing the registry might severely damage your system. Before making changes to the registry, you should back up any valued data.
- Click Start, click Run, type regedit, and then click OK.
- Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ifssvc\ Parameters
- Right-click Parameters, click New, and then click DWORD Value.
- In the New Value name box, type ADFSEvent, and then press ENTER.
- Double-click the new entry, and then, in Value data, provide a value for one of the following levels (or add values to configure multiple levels) and then click OK:
- Warning: 0x01
- Information: 0x02
- Success: 0x04
- Failure: 0x08
For more information, see Configure event logging for a Windows NT token-based application (https://go.microsoft.com/fwlink/?LinkId=94741).
Verify
Verify that you can access the Active Directory Federation Services (AD FS)-enabled application from a client browser and that the resource can be accessed with the appropriate authorization.
If you cannot access the application successfully, verify that the Windows token-based agent is configured with correct URL values and that all configuration parameters contain valid values.
To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.
To verify that the Windows token-based agent is configured with correct values:
- Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
- In the console tree, click YourComputerName**(local computer)**.
- In the console tree, double-click Sites, and then click YourWebSiteName.
- In the center pane, double-click Authentication, highlight AD FS Windows Token-Based Agent, and then in the Actions pane click Edit.
- In the AD FS Windows Token-Based Agent dialog box, confirm that the Enable AD FS Web Agent check box is selected.
- Make sure that the following values are valid, and then click OK.
- Cookie path
- Cookie domain
- Return URL