Source: Service Control Manager
Event ID: 7000
The AD FS 2.0 Windows Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
This is typically experienced on a slow-performing machine.
Disable generatePublisherEvidence for .NET 3.5
This element was introduced in the .NET Framework version 3.5
and applies only to that version. It has no effect in later versions of the .NET Framework.
The common language runtime (CLR) tries to verify the Authenticode signature at load time to create
Publisher evidence for the assembly. However, by default, most applications do not need
Publisher evidence. Standard CAS policy does not rely on the
PublisherMembershipCondition. You should avoid the unnecessary startup cost associated with verifying the publisher signature unless your application executes on a computer with custom CAS policy, or is intending
to satisfy demands for
PublisherIdentityPermission in a partial-trust environment.
(Demands for identity permissions always succeed in a full-trust environment.)
Increase the default timeout value observed by SCM:
These three options are also not the best way to resolve the issue.
Option 1: The generatePublisherEvidence will be disable globally, which includes others .NET application
Option 2: Extend the service time out may also affect the others service behaviour
Option 3: Disallow access to the crl.microsoft.com may also affect other .NET application same as option 1
As this issue only related to "AD FS 2.0 Windows Service", we can disable the generatePublisherEvidence in the application specific config file located in the "C:\Program Files\Active Directory Federation Services 2.0\Microsoft.IdentityServer.Servicehost.exe.config" directly. Then it will only affect within the ADFS application.
For more information, please refer social.technet.microsoft.com/.../11939.ad-fs-2-0-windows-service-does-not-start-does-not-start-automatically-or-starts-slowly.aspx