Event Id | 703 |
Source | Microsoft-Windows-ADFS |
Description | The Federation Service has detected a discrepancy between its signing and verification methods. If this condition is caused by a change in trust policy, the Federation Service will continue to use the old trust policy until the condition is resolved. If this condition occurs at startup, the Federation Service will not be able to service requests until the condition is resolved. Signing certificate thumbprint: %1 The certificate chain for the signing certificate cannot be verified. Native Error Code: %2 User Action The native error code comes from CertGetCertificateChain or CertVerifyCertificateChainPolicy. Check the documentation to determine the error code, and take action accordingly. For example, if the error code is CERT_E_EXPIRED, the signing certificate has expired and must be replaced or renewed. |
Event Information | According to Microsoft : Cause : This event is logged when the Federation Service has detected a discrepancy between its signing and verification methods. Resolution : Replace or renew the invalid token-signing certificate The native error code comes from CertGetCertificateChain or CertVerifyCertificateChainPolicy . This error occurs because the token-signing certificate is not valid. That is, it is not trusted, it is expired or revoked, or the certificate revocation list (CRL) of the certificate is not reachable. Check Event Viewer to determine the error code. Use Winerror.exe to get more information about the error, and take action accordingly. You can obtain the Winerror.exe tool by downloading the Windows Driver Kit (WDK). Verify : Verify that you can access the Active Directory Federation Services (AD FS)-enabled application from a client browser and that the resource can be accessed. |
Reference Links | Event ID 703 from Source Microsoft-Windows-ADFS |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.