Event ID - 697

Event Id697
SourceMicrosoft-Windows-ADFS
DescriptionThe LSAuthenticationObject method LogonClient was called with the anonymous WindowsIdentity. This condition occurs when LogonClient(WindowsIdentity) is called in a context where anonymous access has been enabled in Internet Information Services (IIS). User Action Ensure that only integrated authentication is enabled for the ls/auth/integrated directory. Ensure that LogonClient(WindowsIdentity) is called only from the authentication Web form in the ls/auth/integrated directory.
Event Information According to Microsoft :

Cause :

This event is logged when The LSAuthenticationObject method LogonClient was called with the anonymous WindowsIdentity.

Resolution :

Enable only integrated authentication

Ensure that only Windows Authentication is enabled for the Internet Information Services (IIS) virtual directory ls/auth/integrated directory. To do this, check the following:

To perform these procedures, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.
  1. On the federation server, open the Internet Information Services (IIS) Manager snap-in.
  2. Click ComputerName\Sites\Default Web site\adfs\ls\auth\integrated, and, in the center pane, double-click Authentication.
  3. Ensure that all statuses in the center pane are set to Disabled except for Windows Authentication, which should be set to Enabled .
Ensure that LogonClient (WindowsIdentity) is called only from the authentication Web form in the ls/auth/integrated directory. Windows Integrated authentication is not supported on the Federation Service Proxy. To ensure that LogonClient (WindowsIdentity) is called only from the authentication Web form in the ls/auth/integrated directory:
  1. Using Notepad on the federation server, open the file clientlogon.aspx, which is located under %systemdrive%\Windows\SystemData\ADFS\sts\ls\auth\integrated.
  2. Ensure that the following line of code is present in the file:WindowsIdentity wi = (WindowsIdentity)HttpContext.Current.User.Identity
Verify :

Verify that you can access the Active Directory Federation Services (AD FS)-enabled application from a client browser and that the resource can be accessed with the appropriate authorization.
Reference LinksEvent ID 697 from Source Microsoft-Windows-ADFS

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.
 Refresh