Hinweis
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, sich anzumelden oder das Verzeichnis zu wechseln.
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, das Verzeichnis zu wechseln.
Applies To: Windows Server 2008
.jpg)
Web Agent for Windows NT token-based application configuration contains information about the AD FS Web Agent Authentication Service, creation of Windows NT tokens, and Windows token-based agent authentication requests.
Event Details
| Product: | Windows Operating System |
| ID: | 129 |
| Source: | Microsoft-Windows-ADFS |
| Version: | 6.0 |
| Symbolic Name: | SSO_RPC_CALLER_NOT_IN_IIS_WPG |
| Message: | The AD FS Web Agent Authentication Service received a remote procedure call (RPC) from a user who is not in the IIS_IUSRS group. This request will be denied. User Action If this error results in failed AD FS authentications, ensure that the failing Internet Information Services (IIS) application pool's identity is a member of the IIS_IUSRS group. |
Resolve
Configure the IIS application pool's identity to be a member of the IIS_IUSRS group
If this error results in failed Active Directory Federation Services (AD FS) authentications, ensure that the failing Internet Information Services (IIS) application pool's identity is a member of the IIS_IUSRS group. This group is located in Computer Management\System Tools\Local Users and Groups\Groups.
Verify
Verify that you can access the Active Directory Federation Services (AD FS)-enabled application from a client browser and that the resource can be accessed with the appropriate authorization.
If you cannot access the application successfully, verify that the Windows token-based agent is configured with correct URL values and that all configuration parameters contain valid values.
To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.
To verify that the Windows token-based agent is configured with correct values:
- Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
- In the console tree, click YourComputerName**(local computer)**.
- In the console tree, double-click Sites, and then click YourWebSiteName.
- In the center pane, double-click Authentication, highlight AD FS Windows Token-Based Agent, and then in the Actions pane click Edit.
- In the AD FS Windows Token-Based Agent dialog box, confirm that the Enable AD FS Web Agent check box is selected.
- Make sure that the following values are valid, and then click OK.
- Cookie path
- Cookie domain
- Return URL