| Event Id | 108 |
| Source | Microsoft-Windows-ADFS |
| Description | The AD FS Web Agent for Windows NT token-based applications encountered a serious error. The account name for this user could not be retrieved from the Windows NT token. |
| Event Information | According to Microsoft : Cause : This event is logged when the AD FS Web Agent for Windows NT token-based applications encountered a serious error. Resolution : Check the authentication method settings for the application in the Federation Service The AD FS Web Agent for Windows NT token-based applications failed to retrieve the user name for the user account in the format domain\username. Confirm that the application settings in the Federation Service are set to the user name and password authentication method. To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority. To confirm that the application in the Federation Service is configured for the user name and password authentication method: 1.Click Start, point to Administrative Tools, and then click Active Directory Federation Services 2.Double-click Federation Service, double-click Trust Policy, double-click My Organization, double-click Applications, right-click the application whose authentication methods you want to check, and then click Properties. 3.On the Authentication Methods tab, confirm that at least one of the following options is selected: To allow only the user name and password method, ensure that the Any check box is not selected and that the User name and password check box is selected. 4.When you are finished checking the authentication method settings, click OK. Verify : Verify that you can access the Active Directory Federation Services (AD FS)-enabled application from a client browser and that the resource can be accessed with the appropriate authorization. If you cannot access the application successfully, verify that the Windows token-based agent is configured with correct URL values and that all configuration parameters contain valid values. To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority. To verify that the Windows token-based agent is configured with correct values: 1.Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager. 2.In the console tree, click YourComputerName(local computer). 3.In the console tree, double-click Sites, and then click YourWebSiteName. 4.In the center pane, double-click Authentication, highlight AD FS Windows Token-Based Agent, and then in the Actions pane click Edit. 5.In the AD FS Windows Token-Based Agent dialog box, confirm that the Enable AD FS Web Agent check box is selected. 6.Make sure that the following values are valid, and then click OK. Cookie path Cookie domain Return URL |
| Reference Links | Event ID 108 from Source Microsoft-Windows-ADFS |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.