Troubleshooting federation server farm problems with AD FS 2.0

  • Article

Updated: May 5, 2010

Applies To: Active Directory Federation Services (AD FS) 2.0

The following table provides troubleshooting guidance for specific error event messages or other issues that you may encounter if you are having problems in a federation server farm deployment.

Before you begin the troubleshooting process, we recommend that you first try to configure Active Directory Federation Services (AD FS) 2.0 for troubleshooting and check for known common issues that might prevent normal functioning for the Federation Service. For detailed instructions for configuring and performing related system checks, see Configuring Computers for Troubleshooting AD FS 2.0 and Things to Check Before Troubleshooting AD FS 2.0.

Event or symptom Possible cause Resolution

Event ID 344
There was an error doing synchronization. Synchronization of data from the primary federation server to a secondary federation server did not occur.

Generally, this event results from any failure that occurs during the synchronization. The following are more specific possible causes of this event:

  • If the error occurred while data was being read on the primary federation server, the primary federation server is unavailable or the service account identity on the secondary federation server computer does not match the service account identity of the primary federation server.

  • If a SQL write operation failed to write to the configuration database on the local federation server, the cause might be that the SQL Server or Windows Internal Database (WID) service was stopped.

Refer to the additional data in the event to determine the actual cause. Also, when this event occurs for any type of synchronization failure, look for a corresponding error (Event ID 346) on the synchronization partner server.

Make sure that the primary federation server is available, and that the service account identity of this computer matches the service account identity of the primary federation server.

Event ID 345
There was a communication error during AD FS configuration database synchronization. Synchronization of data from the primary federation server to a secondary federation server did not occur.

Communication failed between the primary federation server and other secondary federation servers in the same farm.

Troubleshoot network connectivity between servers in the federation server farm. For more information, see Verify network connectivity.

Event ID 346
There was an error during the retrieval of configuration data for the secondary federation server.

The SQL Server or WID service is not available.

Troubleshoot network connectivity between servers in the federation server farm, and verify that the SQL Server or WID service is available. For more information, see Verify network connectivity and Verify that the Federation Service can connect to the AD FS configuration database.

Event ID 351
There was an error getting synchronization properties.

The SQL Server or WID service is not available.

Troubleshoot network connectivity between servers in the federation server farm, and verify that the SQL Server or WID service is available. For more information, see Verify network connectivity and Verify that the Federation Service can connect to the AD FS configuration database.

Event ID 382
AD FS 2.0 detected that the Federation Service has more than %1 %2 trusts configured.

The farm deployment is trying to synchronize using a WID database, and it has more than 100 claim trust provider trusts or more than 100 relying party trusts.

Move to SQL Server for improved database synchronization performance when you need to support more than 100 claim trust provider trusts or more than 100 relying party trusts.

For more information about how to do this, see AD FS 2.0 operations documentation on the TechNet Wiki site (https://go.microsoft.com/fwlink/?LinkId=181189).