Authentication failures and event 422 when AD FS STS servers and AD FS proxy servers are in Windows Server 2012 R2

Symptoms

Consider the following scenario:
  • You have Active Directory Federation Services (AD FS) security token service (STS) servers that are running Windows Server 2012 R2 together with AD FS proxy servers that are configured.
  • The AD FS STS servers and AD FS proxy servers are in a network load balancing (NLB) cluster. 
In this scenario, authentication failures intermittently occur for users who use client certificate authentication. Additionally, the following event is logged in the AD FS proxy server admin event log: 

Cause

This issue occurs because the Device Registration Service (DRS) is not deployed, or the DRS device object container (for example, CN=RegisteredDevices, DC=default-naming-context) does not have correct permission to the AD FS service account. 

Resolution

To resolve this issue, install update rollup 2962409. For more information about how to obtain this update rollup package, click the following article number to view the article in the Microsoft Knowledge Base:
2962409 Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 update rollup: June 2014

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates
Vlastnosti

ID článku: 2964735 – Posledná kontrola: 10. 3. 2016 – Revízia: 1

Pripomienky