locked
ADFS 3.0 Token Validation Errors RRS feed

  • Question

  • Hi Guys,

    We have ADFS 3.0 deployment using 2 ADFS and 2 WAP servers primarily being used for office 365 and few other services.

    I have noticed that both our ADFS servers are loaded with Token Validation Error. I am not able to make out much of it and not sure what is causing the problem.

    Log Name:      AD FS/Admin
    Source:        AD FS
    Date:          31/07/2017 19:22:35
    Event ID:      342
    Task Category: None
    Level:         Error
    Keywords:      AD FS
    User:          domain\serviceaccount
    Computer:     server
    Description:
    Token validation failed.  

    Additional Data

    Token Type:
    http://schemas.microsoft.com/ws/2006/05/identitymodel/tokens/UserName
    %Error message:
    username@domain.com

    Exception details:
    System.IdentityModel.Tokens.SecurityTokenValidationException: username@domain.com
       at Microsoft.IdentityServer.Service.Tokens.MSISWindowsUserNameSecurityTokenHandler.ValidateToken(SecurityToken token)
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="AD FS" Guid="{2FFB687A-1571-4ACE-8550-47AB5CCAE2BC}" />
        <EventID>342</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000000001</Keywords>
        <TimeCreated SystemTime="2017-07-31T11:22:35.186601400Z" />
        <EventRecordID>493866</EventRecordID>
        <Correlation />
        <Execution ProcessID="956" ThreadID="3820" />
        <Channel>AD FS/Admin</Channel>
        <Computer>PCVSNGADFS01.seaco.com</Computer>
        <Security UserID="S-1-5-21-1617694435-2347549332-1223413151-16120" />
      </System>
      <UserData>
        <Event xmlns="http://schemas.microsoft.com/ActiveDirectoryFederationServices/2.0/Events">
          <EventData>
            <Data>http://schemas.microsoft.com/ws/2006/05/identitymodel/tokens/UserName</Data>
            <Data>username@domain.com</Data>
            <Data>System.IdentityModel.Tokens.SecurityTokenValidationException: username@domain.com
       at Microsoft.IdentityServer.Service.Tokens.MSISWindowsUserNameSecurityTokenHandler.ValidateToken(SecurityToken token)</Data>
          </EventData>
        </Event>
      </UserData>
    </Event>

    I would appreciate if someone can point me in a direction in order to address token validation events.


    Regards, Navdeep


    • Edited by singh83 Tuesday, August 8, 2017 2:35 AM
    Tuesday, August 8, 2017 2:32 AM