Event ID 725 — Trust Policy and Configuration
Applies To: Windows Server 2008 R2
The Active Directory Federation Services (AD FS) trust policy file defines the set of parameters that a Federation Service requires to identify partners, certificates, account stores, claims, and the various properties of these entities that are associated with the Federation Service.
Event Details
Product: | Windows Operating System |
ID: | 725 |
Source: | Microsoft-Windows-ADFS |
Version: | 6.1 |
Symbolic Name: | GroupPolicyProhibitsFederationService |
Message: | The Group Policy setting 'DisallowFederationService' is configured for this machine. The Federation Service will fail all requests until this condition is corrected. User Action Disable or do not configure the DisallowFederationService Group Policy setting for Active Directory Federation Services. |
Resolve
Disable or do not configure the DisallowFederationService Group Policy setting for AD FS
Disable or do not configure the DisallowFederationService Group Policy setting (also known as Turn off Federation Service) for Active Directory Federation Services (AD FS).
To perform this procedure, you must be a member of the Domain Admins or Enterprise Admins group in Active Directory Domain Services (AD DS), or you must have been delegated the appropriate authority.
To disable the Turn off Federation Service Group Policy setting:
- On a domain controller running Windows Server 2008, click Start, point to Administrative Tools, and then click Group Policy Management.
- Double click **Forest:**forestname, double-click Domains, double-click domainname, right-click Default Domain Policy, and then click Edit.
- Under Computer Configuration, double-click Administrative Templates, double-click Windows Components, and then click Active Directory Federation Services.
- In the details pane, double-click Turn off Federation Service.
- In the Turn off Federation Service Properties dialog box, click Disabled or Not Configured, and then click OK.
Verify
Verify that you can access the Active Directory Federation Services (AD FS)-enabled application from a client browser and that the resource can be accessed.