Event ID 623 — Trust Policy and Configuration
Applies To: Windows Server 2008
The Active Directory Federation Services (AD FS) trust policy file defines the set of parameters that a Federation Service requires to identify partners, certificates, account stores, claims, and the various properties of these entities that are associated with the Federation Service.
|Product:||Windows Operating System|
|Message:||The Federation Service encountered an error while loading the trust policy. The trust policy field '%1' was set to an unacceptable value. The field must not be negative.
If this error occurs during startup of the Federation Service, the Federation Service will be not be able to start, and all requests to the Federation Service will fail until the configuration is corrected. If this error occurs while the Federation Service is running, the Federation Service will continue to use the last trust policy that was loaded successfully.
Correct the '%1' field by configuring it with a nonnegative value.
Modify any negative integer values in the trustpolicy.xml file
Modify any negative integer values (for example -1 or -2), if any, in the trust policy (trustpolicy.xml) file to be nonnegative (for example 1 or 2). Common values to check for in the trustpolicy.xml file include Trust policy version, Token lifetime (minutes), Realm cookie lifetime (days), and Token cache capacity.
To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.
To check for negative integer values in the trustpolicy.xml file:
- On a federation server, click Start, point to Administrative Tools, and then click Active Directory Federation Services.
- In the console tree, right-click Federation Service, click Properties, and record the trust policy location value that is specified in Trust policy file, and then click OK.
- If the trust policy file is located on a server other than the federation server, log on to that server as an administrator (in case you need to make changes), and then open Windows Explorer.
- Locate the folder where the trust policy file is stored, and then open the trustpolicy.xml file using Notepad.
- Make sure that the values that are provided for each of the following tags do not contain a negative integer value:
Verify that you can access the Active Directory Federation Services (AD FS)-enabled application from a client browser and that the resource can be accessed.