Event ID 102 — Windows NT Token-Based Application Malformed Requests

Applies To: Windows Server 2008

Web Agent for Windows NT Token-Based Applications Malformed Requests logs token requests, session cookies, and sign-in requests that are associated with the Windows token-based agent. Malformed Requests also provides information about protocol requests that are made to the AD FS Web Agent and client cookies, and it records any sign-on issues.

Event Details

Product: Windows Operating System
ID: 102
Source: Microsoft-Windows-ADFS
Version: 6.0
Message: The AD FS Web Agent for Windows NT token-based applications was unable to authenticate a client token.

User Action
Look for additional events in the application log and the security log that may contain more details. Consider enabling failure auditing on this Web server if auditing is not already enabled.


Look for additional events in log files for more details

Consider enabling failure auditing for the Windows NT token-based application to obtain more information about the issue.

To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.

To enable failure auditing for a Windows NT token-based application:

  1. On the AD FS-enabled Web server, open Regedit. Click Start, click Run, type regedit, and then click OK.
  2. Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ifssvc.
  3. Right-click Parameters, click New, and then click DWORD Value.
  4. In the new value file name box, type ADFSEvent, and then press Enter.
  5. Double-click the new entry, and then in Value data, type 8, and then click OK to enable failure auditing.


Verify that you can access the Active Directory Federation Services (AD FS)-enabled application from a client browser and that the resource can be accessed with the appropriate authorization.

Windows NT Token-Based Application Malformed Requests

Active Directory Federation Services