This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 72%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
Hello @all ,
we gettings the Error Message that KDFv2 are not enabled Event-ID: 185:
Das KDFv2-Feature ist in der AD FS-Farm nicht aktiviert. Bitte stellen Sie sicher, dass alle Farmknoten mit den neuesten Windows-Updates gepatcht sind und die KDFv2-Funktion aktiviert ist, um die Sicherheit der Farm zu erhöhen. Weiter Informationen darüber finden Sie unter https://go.microsoft.com/fwlink/?linkid=2153807.
We using ADFS for Passwort Selfservice and i don't know how to solve the Problem?
Can someone help me?
many thanks in advanced.
TheBob
FYI - Here is the message in English
It stands for Key Derivation Function version 2. It is used to sign JWT token in OAuth2 scenarios.
If you don't use OAuth2 on your ADFS farm, you don't really care about it. And could disable it with Set-ADFSProperties -Kdfv2Support:Disabled. I think the documentation will follow soon (I hope :)).
[MS-OAPXBC]: OAuth 2.0 Protocol Extensions for Broker Clients seems to explain what that’s about: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-winerrata/ec170978-562d-4087-96e4-a80b10dd9fee.
Hello piaudonn,
many thank's for replay!
I have set "Set-ADFSProperties -Kdfv2Support:Disabled" and have now that Message:
Das KDFv2-Feature ist in der AD FS-Farm deaktiviert. Bitte stellen Sie sicher, dass alle Farmknoten mit den neuesten Windows-Updates gepatcht sind und die KDFv2-Funktion aktiviert ist, um die Sicherheit der Farm zu erhöhen. Weiter Informationen darüber finden Sie unter https://go.microsoft.com/fwlink/?linkid=2153807.
The KDFv2 feature is disabled in the AD FS farm. Please ensure that all farm nodes are patched with the latest Windows updates and the KDFv2 feature is enabled to enhance the security of the farm. For more information about this, please visit https://go.microsoft.com/fwlink/?linkid=2153807.
After that one I checked the the ADFS Endpoint and see that oauth2 was enable. I have no disabled that and still get the warnig that this one KDFv2 ist deaktivated.
What do you thinking, yust ignore the message?
I don't need oauth so to ingore it would be possible.
Many thank's for helping
TheBob
Well, since you are not using OAuth, you could enable it. Then if later on you start using OAuth you don't have to recall you have to enable it to use the newest security features. Either way, as of its today's use, it won't affect your apps nor users.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 60%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
For anyone that finds this thread - you should enable KDFv2
https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/what-is-kdfv2
If your servers are 2019 or later and fully patched run this on the primary server: Set-AdfsProperties -KdfV2Support enforce
If your servers are 2016 or earlier or not fully patched then run this on the primary server: Set-AdfsProperties -KdfV2Support enable
You need to restart ADFS services on all machines afterwards.
Thanks for following up on that!
Good Morning piaudonn,
thank's again for helping!
Now i have no more adfs error or warning Messages.
Thank you very much and have a good day!