Event ID 640 — Trust Policy and Configuration
Applies To: Windows Server 2008
The Active Directory Federation Services (AD FS) trust policy file defines the set of parameters that a Federation Service requires to identify partners, certificates, account stores, claims, and the various properties of these entities that are associated with the Federation Service.
Event Details
Product: | Windows Operating System |
ID: | 640 |
Source: | Microsoft-Windows-ADFS |
Version: | 6.0 |
Symbolic Name: | CollectionDoesNotAllowDuplicates |
Message: | The Federation Service encountered an error while loading the trust policy. A collection contains a duplicate item. Collection: %1 Duplicate key: %2 If this error occurs during startup of the Federation Service, the Federation Service will be not be able to start, and all requests to the Federation Service will fail until the configuration is corrected. If this error occurs while the Federation Service is running, the Federation Service will continue to use the last trust policy that was loaded successfully. User Action This error should occur only if the trust policy file has been modified without use of the AD FS administrative tools. Either enable Windows trust on the account partner or remove the AllowedTrustedWindowsDomains field. |
Resolve
Remove the duplicate verification certificates that are listed in the trust policy file
This error occurs only if the trust policy file has been modified without the use of the Active Directory Federation Services snap-in.
Check that there are no duplicate verification certificates listed in the trust policy file, and verify that there are no duplicate items in the collection that is given in the event.
To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.
To locate duplicate verification certificates:
- In Notepad or another text editor, open the TrustPolicy.xml file that, by default, is in %systemdrive%\windows\systemdata\adfs.
- Check the VerificationMethod sections for any duplicate verification certificates.
- Remove any duplicate verification certificates that may exist.
Verify
Verify that you can access the Active Directory Federation Services (AD FS)-enabled application from a client browser and that the resource can be accessed.