ADFS 2.0, Event ID - 246, Error :The Federation Service Encountered An
Query King | Wed, 28 Jun 2017 at 15:49 hours | Replies : 2 | Points : 100
Category : ADFS
Hi Experts,
When I am trying to login with Trusted Domain User Account in ADFS SSO. I am getting below error on ADFS 2.0 Server, Running Windows Server 2008 R2.
Details:
My Domain: ABC.Com
Trusted Domain: XYZ.com
Trust Type: 2 Way Forest trust with Selective Authentication
Service Name: ABC\ADFS_Service
ADFS Server:ADFS-SRV01.ABC.COM
-------------------------------------------- Event Log Summary ---------------------------------
Log Name: AD FS 2.0/Admin
Source: AD FS 2.0
Date: 6/28/2017 10:10:58 AM
Event ID: 246
Task Category: None
Level: Error
Keywords: AD FS
User: ABC\ADFS_Service
Computer: ADFS-SRV01.ABC.COM
Description:
The Federation Service encountered an error during an attempt to connect to a LDAP server at XYZ.com.
Additional Data
Domain Name: XYZ.com
LDAP server hostname: DC-01.XYZ.com
Error from LDAP server: C0000413: LdapErr: DSID-0C09050C, comment: AcceptSecurityContext error, data 78f, v2580
Exception Details:
The supplied credential is invalid.
User Action
Check the network connectivity to the LDAP server. Also, check whether the LDAP server is configured properly.
This Question is already solved Click To See The Answer
Hi Query King,
Generally, we face such issues, when ADFS Server is unable to communicate/query with “Trusted Domain” Domain Controllers.
Run “nltest /dsgetdc:xyz.com” command and check if ADFS server is able to find domain controllers from Trusted Domain. i.e. XYZ.com.
1. It may due to packet drop on Firewall. Please check if required ports are opened. (https://support.microsoft.com/en-us/help/179442/how-to-configure-a-firewall-for-domains-and-trusts)
2. If ports are opened, please make sure that ADFS Service account has “Allow to Authenticate” permission on Trusted Domains Domain Controller as you have configured Selective Authentication.
It should fix the error 246.
Thanks Santosh, “Allow to Authenticate” permission was missing. Now error gone and its working fine.