Event ID 611 — Trust Policy and Configuration

Updated: December 3, 2008

Applies To: Windows Server 2008 R2

The Active Directory Federation Services (AD FS) trust policy file defines the set of parameters that a Federation Service requires to identify partners, certificates, account stores, claims, and the various properties of these entities that are associated with the Federation Service.

Event Details

Product: Windows Operating System
ID: 611
Source: Microsoft-Windows-ADFS
Version: 6.1
Symbolic Name: WebConfigurationMissing
Message: A required configuration section of web.config was missing: '%1'
Section: %1

The Federation Service cannot start until this condition is corrected.

User Action
Add the required web.config section.


Review missing fields in the web.config file

This problem can occur when one or more required sections (logonserver and FederationServerConfiguration) in the web.config file are missing. To correct this problem, do one of the following:

To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.

Add the required section back to the web.config file.

To check web.config file for missing sections:

  1. In Notepad or another text editor, open the web.config file that is in %systemdrive%\windows\systemdata\adfs\sts\on the federation server.
  2. Search for logonserver and FederationServerConfiguration tags.
  3. Check that a value is present and that it is correct.

If a backup file exists for the web.config file (web.config.bak), rename the file to web.config, and see if that corrects the problem.

If the previous steps do not work, consider reinstalling Active Directory Federation Services (AD FS) using the existing trust policy.


Verify that you can access the Active Directory Federation Services (AD FS)-enabled application from a client browser and that the resource can be accessed.

Trust Policy and Configuration

Active Directory Federation Services