Event ID 129 — Windows NT Token-Based Application Configuration
Applies To: Windows Server 2008 R2
Web Agent for Windows NT token-based application configuration contains information about the AD FS Web Agent Authentication Service, creation of Windows NT tokens, and Windows token-based agent authentication requests.
|Product:||Windows Operating System|
|Message:||The AD FS Web Agent Authentication Service received a remote procedure call (RPC) from a user who is not in the IIS_IUSRS group.
This request will be denied.
If this error results in failed AD FS authentications, ensure that the failing Internet Information Services (IIS) application pool's identity is a member of the IIS_IUSRS group.
Configure the IIS application pool's identity to be a member of the IIS_IUSRS group
If this error results in failed Active Directory Federation Services (AD FS) authentications, ensure that the failing Internet Information Services (IIS) application pool's identity is a member of the IIS_IUSRS group. This group is located in Computer Management\System Tools\Local Users and Groups\Groups.
Verify that you can access the Active Directory Federation Services (AD FS)-enabled application from a client browser and that the resource can be accessed with the appropriate authorization.
If you cannot access the application successfully, verify that the Windows token-based agent is configured with correct URL values and that all configuration parameters contain valid values.
To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.
To verify that the Windows token-based agent is configured with correct values:
- Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
- In the console tree, click YourComputerName(local computer).
- In the console tree, double-click Sites, and then click YourWebSiteName.
- In the center pane, double-click Authentication, highlight AD FS Windows Token-Based Agent, and then in the Actions pane click Edit.
- In the AD FS Windows Token-Based Agent dialog box, confirm that the Enable AD FS Web Agent check box is selected.
- Make sure that the following values are valid, and then click OK.
- Cookie path
- Cookie domain
- Return URL