Event ID - 608

Event Id608
SourceMicrosoft-Windows-ADFS
DescriptionA token request was received for an application with the Uniform Resource Locator (URL) '%1', but the request could not be fulfilled because the URL does not identify any known application. URL: %1 This request will be failed. User Action If this URL should be handled, verify that it matches the URL for the application in the Federation Service trust policy. Hypertext Transfer Protocol (HTTP) URLs are matched according to a set of rules in the HTTP specification. Host names are case insensitive, but the path portion of the URL is matched in a case-sensitive manner. Additional Data Refer to Request for Comments (RFC) 2616 for HTTP URL matching rules.
Event Information According to Microsoft :

Cause :

This event is logged when a token request was received for an application with the Uniform Resource Locator, but the request could not be fulfilled because the URL does not identify any known application.

Resolution :

Examine the URL of the application

If this Uniform Resource Locator (URL) should be handled, check that the return URL in the web.config file or on the ADFS Windows Token-Based Agent tab in Internet Information Services (IIS) for the application on the Web server matches exactly the URL for the application in the trust policy.

To perform these procedures, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.

To check the return URL using IIS or the web.config file for a claims aware application:
  1. In Notepad or another text editor, open the web.config file that is in the Web application directory (typically \Inetpub\wwwroot\ApplicationName) on the Web server.
  2. Search for returnurl .
  3. Record the URL value, and compare it with the value in the Active Directory Federation Services snap-in.
To check the return URL for a Windows NT token-based application:
  1. Click Start , point to Administrative Tools , and then click Internet Information Services (IIS) Manager .
  2. Double-click ComputerName .
  3. Double-click Sites .
  4. Find the Virtual Directory where your Windows NT token-based application is created.
  5. Double-click the Authentication icon under the IIS settings.
  6. Click AD FS Windows Token-Based Agent .
  7. In the details pane, click Edit .
  8. Check the value of Return URL in the dialog box, and compare it with the value in the Active Directory Federation Services snap-in.
To check the URL for an application using the Active Directory Federation Services snap-in:
  1. Click Start , point to Administrative Tools , and then click Active Directory Federation Services .
  2. Double-click Federation Service , double-click Trust Policy , double-click My Organization , and then double-click Applications .
  3. Right-click the application, and then click Properties .
  4. On the General tab, locate the Application URL value, and check that it is configured the same as the value previously discovered in the web.config file or on the ADFS Windows Token-Based Agent tab.
Hypertext Transfer Protocol (HTTP) URLs are matched according to a set of rules in the HTTP specification. Host names are case insensitive, but the path portion of the URL is matched in a case-sensitive manner.

Verify :

Verify that you can access the Active Directory Federation Services (AD FS)-enabled application from a client browser and that the resource can be accessed with the appropriate authorization.
Reference LinksEvent ID 608 from Source Microsoft-Windows-ADFS

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.
 Refresh