Event ID - 126

Event Id126
SourceMicrosoft-Windows-ADFS
DescriptionThe AD FS Web Agent Authentication Service was not able to start. A failure was encountered when registering as an event source. Users will not be able to access protected resources until the authentication service can be restarted. Additional Data The data field contains a Win32 error code.
Event Information According to Microsoft :

Cause :

This event is logged when the AD FS Web Agent Authentication Service could not start.

Resolution :

Grant the AD FS Authentication Service the Generate Security Audits privilege

Active Directory Federation Services (AD FS) components that write audits must be configured to run as LocalSystem, NetworkService, or a domain principal account that has been granted the Generate Security Audits privilege (SeAuditPrivilege) explicitly.

Either grant the AD FS Authentication Service principal account the Generate Security Audits privilege in Local Security Policy or configure the authentication service to run as a domain principal that has already been granted the Generate Security Audits privilege.

To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.

To configure the AD FS Web Agent Authentication Service to run as LocalSystem, NetworkService, or a custom domain principal account:
  1. On the AD FS-enabled Web server, click Start , point to Administrative Tools , and then click Services .
  2. Right-click AD FS Web Agent Authentication Service , and then click Properties .
  3. On the Log On tab, do one of the following, depending on the type of account that you want to assign, and then click OK :
  • Click Local System account .
  • Click This account , and then type a domain principal account name and password for an account that has been granted the Generate Security Audits privilege.
Verify :

Verify that the principal account specified in the properties of the AD FS Authentication Service has been granted the Generate Security Audits privilege in Local Security Policy.

To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.

To verify that the Generate Security Audits privilege has been granted to the principal account specified in the AD FS Authentication Service:
  1. On the AD FS-enabled Web server, click Start , point to Administrative Tools , and then click Services .
  2. Right-click AD FS Web Agent Authentication Service , and then click Properties .Record the name of the account that is used as the principal account before you start the Local Security Policy snap-in.
  3. After you identify this account, click Start , point to Administrative Tools , click Local Security Policy , and then double-click Local Policies .
  4. Double-click User Rights Assignment .
  5. In the details pane, right-click Generate Security Audits , and then click Properties .
  6. Verify that the principal account you recorded is present in the list.
Reference LinksEvent ID 126 from Source Microsoft-Windows-ADFS

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.
 Refresh