Event ID - 698

Event Id698
SourceMicrosoft-Windows-ADFS
DescriptionThe ClientCredentialInfo static method CreateCertificateCredential was called in a context where no client certificate was available.

User Action :
Ensure that only anonymous access is enabled for the ls/auth/sslclient directory and that ""Require client certificates"" is selected in the Secure Communications dialog box.

Ensure that CreateCertificateCredential is called only from the authentication Web form in the ls/auth/sslclient directory.
Event Information According to Microsoft :

Cause :

This event is logged when the ClientCredentialInfo static method CreateCertificateCredential was called in a context where no client certificate was available

Resolution :

Enable only anonymous access

Using the Internet Information Services (IIS) Manager snap-in, ensure that only Anonymous Authentication is enabled for the ls/auth/sslclient directory and that the Client certificates setting is set to Require .

To perform these procedures, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.

To enable only Anonymous Authentication and ensure that Client certificates is set to Require :
  1. On the federation server, open the Internet Information Services (IIS) Manager snap-in.
  2. Click ComputerName\Sites\Default Web site\adfs\ls\auth\sslclient , and, in the center pane, double-click Authentication .
  3. Ensure that all statuses in the center pane are set to Disabled except for Anonymous Authentication , which should be set to Enabled .
  4. Click ComputerName\Sites\Default Web site\adfs\ls\auth\sslclient , and, in the center pane, double-click SSL Settings .
  5. Ensure that Client certificates is set to Require .
To ensure that CreateCertificateCredential is called only from the authentication Web form in the ls/auth/sslclient directory:
  1. Using Notepad on the federation server, open the file clientlogon.aspx under %systemdrive%\Windows\SystemData\ADFS\sts\ls\auth\sslclient.
  2. Ensure that the following line of code is present in the file: HttpClientCertificate cert = HttpContext.Current.Request.ClientCertificate.
Verify :

Verify that you can access the Active Directory Federation Services (AD FS)-enabled application from a client browser and that the resource can be accessed with the appropriate authorization.
Reference LinksEvent ID 698 from Source Microsoft-Windows-ADFS

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.
 Refresh