ADFS 2.0, Event ID - 246, Error :The Federation Service Encountered An

Query King | Wed, 28 Jun 2017 at 15:49 hours | Replies : 2 | Points : 100

Category : ADFS

Hi Experts,

When I am trying to login with Trusted Domain User Account in ADFS SSO. I am getting below error on ADFS 2.0 Server, Running Windows Server 2008 R2.

Details:

My Domain: ABC.Com

Trusted Domain: XYZ.com

Trust Type: 2 Way Forest trust with Selective Authentication

Service Name: ABC\ADFS_Service

ADFS Server:ADFS-SRV01.ABC.COM

-------------------------------------------- Event Log Summary ---------------------------------

Log Name:      AD FS 2.0/Admin
Source:        AD FS 2.0
Date:          6/28/2017 10:10:58 AM
Event ID:      246
Task Category: None
Level:         Error
Keywords:      AD FS
User:          ABC\ADFS_Service
Computer:      ADFS-SRV01.ABC.COM
Description:
The Federation Service encountered an error during an attempt to connect to a LDAP server at XYZ.com.

Additional Data
Domain Name: XYZ.com
LDAP server hostname: DC-01.XYZ.com
Error from LDAP server: C0000413: LdapErr: DSID-0C09050C, comment: AcceptSecurityContext error, data 78f, v2580
Exception Details:
The supplied credential is invalid.

User Action
Check the network connectivity to the LDAP server. Also, check whether the LDAP server is configured properly.

This Question is already solved Click To See The Answer

Solved

Santosh Gupta
Novice (N+)

Hi Query King,

Generally, we face such issues, when ADFS Server is unable to communicate/query with “Trusted Domain” Domain Controllers.

Run “nltest /dsgetdc:xyz.com” command and check if ADFS server is able to find domain controllers from Trusted Domain. i.e. XYZ.com.

1. It may due to packet drop on Firewall. Please check if required ports are opened. (https://support.microsoft.com/en-us/help/179442/how-to-configure-a-firewall-for-domains-and-trusts)

2. If ports are opened, please make sure that ADFS Service account has “Allow to Authenticate” permission on Trusted Domains Domain Controller as you have configured Selective Authentication.

It should fix the error 246.

Sun, 02 Jul 2017 11:10 hrs | (Excellent)

Query King
Novice (N)

Thanks Santosh, “Allow to Authenticate” permission was missing. Now error gone and its working fine.

Sun, 02 Jul 2017 19:59 hrs |

Top 10 Users

Santosh Gupta Novice (N+)	6825
Baghira Novice (N)	3125
Anuj Chauhan Novice (N)	2050
bhupender singh Novice (N)	1825
Rohit Dixit Novice (N)	1750
Rishabh Jain Novice (N)	500
kattappa Novice (N)	500
Administrator Novice (N)	400
Khalid Kamal Novice (N)	400
Amzad Khan Novice (N)	200

Latest Articles

Backup And Backup Types Consistent Top Navigation For All Site Collections In SharePoint 2010/2013 Difference Between Local, Global And Universal Groups Error Occurred While Collecting Data For Administrative Templates Win2K8 How To Clear Saved Credentials From Windows And Web Browsers How To Export ADFS 2.0 Metadata XML File Introduction To Windows Azure Cloud Performance Issues And Solutions For List And Libraries In SharePoint SAP FICO SharePoint Site Users & Hits Count Report For The Past 30 Days