Event ID 728 — Trust Policy and Configuration
Applies To: Windows Server 2008 R2
The Active Directory Federation Services (AD FS) trust policy file defines the set of parameters that a Federation Service requires to identify partners, certificates, account stores, claims, and the various properties of these entities that are associated with the Federation Service.
Event Details
Product: | Windows Operating System |
ID: | 728 |
Source: | Microsoft-Windows-ADFS |
Version: | 6.1 |
Symbolic Name: | AccountPartnerCertsDueToExpire |
Message: | The last remaining valid verification certificate for account partner %1, or a certificate in its trust chain, is due to expire within %2 days. Account partner name: %1 When this certificate expires input from the account partner will not be verifiable. User Action Contact the account partner administrator as soon as possible and replace or renew the certificate. Additional Data Subject: %3 Issuer: %4 Thumbprint: %5 |
Resolve
Replace or renew the certificate for the account partner
Contact the account partner administrator as soon as possible, and replace or renew the token-signing certificate.
To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.
To add a token-signing certificate to the verification list of an account partner:
- Click Start, point to Administrative Tools, and then click Active Directory Federation Services.
- Double-click Federation Service, double-click Trust Policy, double-click Partner Organizations, double-click Account Partners, right-click the account partner, and then click Properties.
- Click the Verification Certificates tab, and then click Add.
- In the Browse for Verification Certificate file dialog box, locate the certificate file that you want to add.
- Select the certificate file, and then click Open.
- In the Trust Policy Properties dialog box, click OK.
Verify
Verify that you can access the Active Directory Federation Services (AD FS)-enabled application from a client browser and that the resource can be accessed.