| Event Id | 701 |
| Source | Microsoft-Windows-ADFS |
| Description | The LSAuthenticationObject method LogonClient was called with certificate credentials, but only Active Directory Lightweight Directory Services (AD LDS) account stores are configured at the Federation Service. AD LDS account stores do not support certificate credentials. User Action If this Federation Service is intended to service certificate authentication logons, configure the Active Directory Domain Services account store. If this Federation Service is not intended to service certificate authentication logons, consider replacing ls/auth/sslclient/clientlogon.aspx with a static page that indicates that certificate authentication is not supported. |
| Event Information | According to Microsoft : Resolution : Configure the Active Directory Domain Services account store If this Federation Service is intended to service integrated authentication logons or certificate authentication logons to Active Directory Domain Services (AD DS), use the following procedure to configure the AD DS account store. If this Federation Service is not intended to service integrated authentication logons or certificate authentication logons to AD DS, consider replacing %systemdrive%\Windows\ADFS\sts\ls\auth\integrated\clientlogon.aspx with a static page indicating that integrated authentication or certificate authentication is not supported. To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority. To add an AD DS account store to the Federation Service:
Verify that you can access the Active Directory Federation Services (AD FS)-enabled application from a client browser and that the resource can be accessed with the appropriate authorization. |
| Reference Links | Event ID 701 from Source Microsoft-Windows-ADFS |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.