Event Id | 125 |
Source | Microsoft-Windows-ADFS |
Description | The AD FS Web Agent Authentication Service could not start. The authentication service has not been configured to run as a principal that has been granted the "Generate Security Audits" privilege (SeAuditPrivilege). Users will not be able to access protected resources until the authentication service can be restarted. |
Event Information | According to Microsoft : Cause : This event is logged when the AD FS Web Agent Authentication Service could not start. Resolution : Grant the AD FS Authentication Service the Generate Security Audits privilege Active Directory Federation Services (AD FS) components that write audits must be configured to run as LocalSystem, NetworkService, or a domain principal account that has been granted the Generate Security Audits privilege (SeAuditPrivilege) explicitly. Either grant the AD FS Authentication Service principal account the Generate Security Audits privilege in Local Security Policy or configure the authentication service to run as a domain principal that has already been granted the Generate Security Audits privilege. To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority. To configure the AD FS Web Agent Authentication Service to run as LocalSystem, NetworkService, or a custom domain principal account: 1.On the AD FS-enabled Web server, click Start, point to Administrative Tools, and then click Services. 2.Right-click AD FS Web Agent Authentication Service, and then click Properties. 3.On the Log On tab, do one of the following, depending on the type of account that you want to assign, and then click OK: Click Local System account. Click This account, and then type a domain principal account name and password for an account that has been granted the Generate Security Audits privilege. Verify : Verify that the principal account specified in the properties of the AD FS Authentication Service has been granted the Generate Security Audits privilege in Local Security Policy. To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority. To verify that the Generate Security Audits privilege has been granted to the principal account specified in the AD FS Authentication Service: 1.On the AD FS-enabled Web server, click Start, point to Administrative Tools, and then click Services. 2.Right-click AD FS Web Agent Authentication Service, and then click Properties.Record the name of the account that is used as the principal account before you start the Local Security Policy snap-in. 3.After you identify this account, click Start, point to Administrative Tools, click Local Security Policy, and then double-click Local Policies. 4.Double-click User Rights Assignment 5.In the details pane, right-click Generate Security Audits, and then click Properties. 6.Verify that the principal account you recorded is present in the list. |
Reference Links | Event ID 125 from Source Microsoft-Windows-ADFS |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.