Event ID - 684

Event Id684
SourceMicrosoft-Windows-ADFS
DescriptionThe AD FS Web Agent was unable to update trust information from the Federation Service. The Federation Service Secure Sockets Layer (SSL) server certificate could not be validated.
Federation Service URL: %1
Event InformationAccording to Microsoft :
Cause :
This event is logged when the AD FS Web Agent was unable to update trust information from the Federation Service
Resolution :
Check the federation server's SSL server authentication certificate
Determine whether the server authentication certificate on all federation servers in the farm chains to a trusted root certificate and whether it has the correct subject name.
To perform these procedures, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.
To determine whether a certificate chains to a trusted root:root:
1.On a federation server, click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
2.In the console tree, click ComputerName
3.In the center pane double-click Server Certificates.
4.Double-click the server authentication certificate.
5.In the Certificate dialog box, click on the Certification Path tab.
6.Read the description provided in the Certificate status text box.
If the description indicates that the certificate is trusted, the certificate is chaining to a trusted root.
If the description indicates that this certificate is not trusted, then the server authentication certificate is not chaining to a trusted root. In this case, you should replace the certificate with a new server authentication certificate that is trusted.
To determine whether the certificate subject name matches the Federation Service URL:
1.On a federation server, click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
2.In the console tree, click ComputerName
3.n the center pane double-click Server Certificates.
4.Double-click the server authentication certificate.
5.In the Certificate dialog box,click on the Details tab.
6.In the list box, click Subject in the list, and record this value.
7.Verify that the host name in the Subject value matches the host name portion of a valid Federation Service URL. To do this:
a.On the federation server, record the host name portion of the Subject value in the certificate and enter it into the address bar of a Web browser.
b.In the address bar, type https:// and the host name portion of the Subject value, type /adfs/fs/federationserverservice.asmx at the end of the value, and then hit ENTER.
c.If a Web page with the title FederationServerService is displayed then you have successfully verified that the certificate has the correct Subject name value.
Verify :
To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.
To verify that the AD FS-enabled Web server can access the Federation Service URL specified in the web.config file:
1.On the AD FS-enabled Web server that is hosting the claims-aware agent, locate the web.config file for your claims-aware application, and then open it with Notepad. This file should be located in \inetpub\wwwroot\virtualdirectory, where your claims-aware application files are stored.
2.Check that the value between the fs tags is a valid Federation Service URL. To do this:
a.On the AD FS-enabled Web server, copy the value between the fs tags in the web.config file, paste it into the address bar of a Web browser, and then hit ENTER.
b.If a Web page with the title FederationServerService is displayed, then you have successfully verified that the Web server can communicate with a resource federation server and that the Federation Service URL is valid.
Reference LinksEvent ID 684 from Source Microsoft-Windows-ADFS

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.