Event ID - 643

Event Id643
SourceMicrosoft-Windows-ADFS
DescriptionThe Federation Service encountered an error while loading the trust policy. An account partner with Windows trust enabled has been configured with a group-to-UPN transformation. If this error occurs during startup of the Federation Service, the Federation Service will be not be able to start, and all requests to the Federation Service will fail until the configuration is corrected. If this error occurs while the Federation Service is running, the Federation Service will continue to use the last trust policy that was loaded successfully. User Action This error should occur only if the trust policy file has been modified without use of the AD FS administrative tools. Remove the group-to-UPN transformation from this account partner.
Event Information According to Microsoft :

Cause :

This event is logged when the Federation Service encountered an error while loading the trust policy.

Resolution :

Remove the group-to-UPN mapping

This error occurs only if the trust policy file has been modified without the use of the Active Directory Federation Services snap-in.

Group-to-UPN mappings should not be specified when federation partners are configured to use Windows trust. Remove the group-to-UPN mapping from this account partner.

To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.

To remove the group-to-UPN mapping from this account partner:
  1. In Notepad or another text editor, open the TrustPolicy.xml file that, by default, is in %systemdrive%\windows\systemdata\adfs.
  2. In the trustedrealms section, find your account partner that has been configured to use Windows trust by locating its Uniform Resource Identifier (URI) under the trustpolicyentryuri section.
  3. Delete the content that is specified in the grouptoupnclaimtransformations section.
Verify :

Verify that you can access the Active Directory Federation Services (AD FS)-enabled application from a client browser and that the resource can be accessed.
Reference LinksEvent ID 643 from Source Microsoft-Windows-ADFS

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.