Event ID - 664

Event Id664
SourceMicrosoft-Windows-ADFS
DescriptionThe Federation Service failed a privileged Web method call because Secure Sockets Layer (SSL) client authentication information was not available. This event can occur if the client does not provide a client certificate or if Internet Information Services (IIS) rejects the client's certificate because it does not chain to a trusted root certification authority in the Federation Service. User Action If this is a valid call from the Federation Service Proxy, ensure that the root of the Federation Service Proxy client certificate is trusted by the Federation Service.
Event Information According to Microsoft :

Cause :

This event is logged when the Federation Service failed a privileged Web method call.

Resolution :

Trust federation server proxy client certificate

Ensure that the federation server proxy client certificate is present in the FSP certificates section in the properties of the trust policy of the Federation Service. If it is not present, add the federation server proxy client certificate to the Federation Service.

To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.

To ensure that the federation server proxy client certificate is present in the trust policy of the Federation Service:
  1. Click Start , point to Administrative Tools , and then click Active Directory Federation Services .
  2. Double-click Federation Service , right-click Trust Policy , and then click Properties .
  3. On the FSP Certificates tab, verify that the Federation Service Proxy certificate is present in the list. If it is not present, add the appropriate Federation Service Proxy certificate to this list by clicking Add .
Verify :

A specific event (ID 674) should be generated on the federation server proxy computer if the federation server proxy is able to communicate successfully with the Federation Service.

To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.

To verify that the federation server proxy can communicate with the Federation Service:
  1. Log on to a client computer with Internet access.
  2. Open a browser window, and then type the Uniform Resource Locator (URL) for the Federation Service endpoint, along with the path to the clientlogon.aspx page that is stored on the federation server proxy.
    3. Press ENTER.
    At this point your browser should display the error message "Server Error in '/adfs' Application." This step is necessary to generate event message 674 to verify that the clientlogon.aspx page is being loaded properly by Internet Information Services (IIS).
  3. Log on to the federation server proxy.
  4. Click Start , point to Administrative Tools , and then click Event Viewer .
  5. In the details pane, double-click Application .
  6. In the Event column, look for event ID 674.
If the federation server proxy is configured properly, you see a new event in the Application log of Event Viewer, with the event ID 674. This event verifies that the federation server proxy was able to communicate successfully with the Federation Service.
Reference LinksEvent ID 664 from Source Microsoft-Windows-ADFS

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.
 Refresh