| Event Id | 615 |
| Source | Microsoft-Windows-ADFS |
| Description | A malformed protocol request was received by the AD FS Web Agent. The context parameter from the request was not returned in the response. This request will be failed. |
| Event Information | According to Microsoft : Cause : This event is logged when a malformed protocol request was received by the AD FS Web Agent. Resolution : Check the cookie domain or path and return URL This error can occur when: The cookie domain configuration is not set correctly in the application configuration. The "Path" component of the Uniform Resouce Locator (URL) that was entered in the Web browser does not start with the cookie path that is specified in the Internet Information Services (IIS) snap-in (for Windows NT token-based applications) or in the web.config file (for claims-aware applications). Note that this is a case-sensitive comparison. To correct this error, do one of the following: Make sure that the server name portion of the URL that is typed in the Web browser matches the server name in the return URL that is specified for the Web application. If you have a Web farm setup, you may have to configure the "cookie domain" to account for the fact that AD FS authentication may have occurred on one computer in the farm, and the cookies may have to be sent to another server in the farm. If a cookie domain is set for this Web application, make sure that the server name portion of the original URL that is typed into the Web browser ends with this cookie domain. Make sure that the cookie path that is configured in the Web application is configured correctly. Verify : Verify that the web.config file is configured with correct URL values and that all configuration parameters contain valid values. To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority. To verify that the web.config file is configured with the correct Return URL value: 1.On a resource federation server, click Start, point to Administrative Tools, and then click Active Directory Federation Services. 2.Double-click Federation Service, double-click Trust Policy, double-click My Organization, click Applications, right-click the application in the list that represents this claims-aware application, and then click Properties. 3.Verify that the https value that is specified in Application URL—for example, https://www.treyresearch.net/ApplicationName/— is identical to the value that is specified between the returnurl tags in the web.config file on the AD FS-enabled Web server. |
| Reference Links | Event ID 615 from Source Microsoft-Windows-ADFS |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.