Event ID 726 — Trust Policy and Configuration
Applies To: Windows Server 2008
The Active Directory Federation Services (AD FS) trust policy file defines the set of parameters that a Federation Service requires to identify partners, certificates, account stores, claims, and the various properties of these entities that are associated with the Federation Service.
|Product:||Windows Operating System|
|Message:||The Federation Service has encountered an error while reading Group Policy settings. This may indicate an attempt by the local administrator to bypass Group Policy. The Federation Service will fail all requests until this condition is corrected.
Ensure that the Access Control List for the registry path HKLM\Software\Policies\Microsoft\Windows\ADFS grants read access to the Federation Service principal.
Grant Read access permissions to the federation application pool
Ensure that the access control list (ACL) for the registry path HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ADFS grants Read access permissions to the identity under which the federation application pool is running.
To perform this procedure, you must be a member of the Administrators group or you must have been delegated the appropriate authority.
To assign permissions in the ADFS registry key:
Caution: Incorrectly editing the registry might severely damage your system. Before making changes to the registry, you should back up any valued data.
- On the federation server, click Start.
- In the Start Search text box, type regedit, and then press ENTER.
- Right-click the following key in the registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ADFS and then click Permissions.
- In the Permissions for ADFS dialog box, under Group or user names, check to make sure that the same account that is associated with the identity under which the federation application pool is running is present and that it is assigned the Read permission.
- Click OK, and close Registry Editor.
Verify that you can access the Active Directory Federation Services (AD FS)-enabled application from a client browser and that the resource can be accessed.