| Event Id | 687 |
| Source | Microsoft-Windows-ADFS |
| Description | A malformed protocol request was received by the AD FS Web Agent. The response contained no Security Assertion Markup Language (SAML) token. This request will fail. This situation can occur because of data corruption, data tampering, malfunctioning software, or interoperability failure. |
| Event Information | According to Microsoft : Cause : This event is logged when a malformed protocol request was received by the AD FS Web Agent. Resolution : Use compatible federation software with AD FS If you are using non-Microsoft federation software in your environment, check that the federation software is compatible with Active Directory Federation Services (AD FS). For software to be compatible with AD FS, it must comply with the WS-Federation Passive Requestor Profile. Verify : Verify that the web.config file is configured with correct URL values and that all configuration parameters contain valid values. To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority. To verify that the web.config file is configured with the correct Return URL value: 1.On a resource federation server, click Start, point to Administrative Tools, and then click Active Directory Federation Services. 2.Double-click Federation Service, double-click Trust Policy, double-click My Organization, click Applications, right-click the application in the list that represents this claims-aware application, and then click Properties. 3.Verify that the https value that is specified in Application URL—for example, https://www.treyresearch.net/ApplicationName/— is identical to the value that is specified between the returnurl tags in the web.config file on the AD FS-enabled Web server. |
| Reference Links | Event ID 687 from Source Microsoft-Windows-ADFS |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.