Event ID 600 — Trust Policy and Configuration
Applies To: Windows Server 2008
The Active Directory Federation Services (AD FS) trust policy file defines the set of parameters that a Federation Service requires to identify partners, certificates, account stores, claims, and the various properties of these entities that are associated with the Federation Service.
|Product:||Windows Operating System|
|Message:||During processing of web.config section '%1', the parameter '%2' was found to have invalid data. The configured data '%3' could not be parsed as type '%4'.
The Federation Service or Federation Service Proxy will not be able to start until this configuration parameter is corrected.
Correct the specified web.config parameter to conform to the given type.
Review invalid fields in the web.config file
This error was generated because there is an invalid field in the web.config file on the federation server proxy or because the user has manually modified the web.config file without using the Active Directory Federation Services snap-in to set the audit level. To fix the problem, use one of the following procedures.
To perform these procedures, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.
Open the web.config file on the federation server proxy, and make sure that a valid value is present in the FSURI field.
To check the FSURI value using the web.config file:
- In Notepad or another text editor, open the web.config file that is in %systemdrive%\windows\systemdata\adfs\sts\on the federation server proxy.
- Search for fsuri.
- Check that a value is present and that it is correct.
Reconfigure the web.config file on the federation server proxy by using the Active Directory Federation Services snap-in.
To check the Federation Service Uniform Resource Identifier (URI) value using the Active Directory Federation Services snap-in:
- Click Start, point to Administrative Tools, and then click Active Directory Federation Services.
- Right-click Federation Service Proxy, and then click Properties.
- On the General tab, check that Federation Service URL is present and that it has the correct value.
Verify that you can access the Active Directory Federation Services (AD FS)-enabled application from a client browser and that the resource can be accessed.