Event ID 605 — Federation Server Communication

Event ID 605 — Federation Server Communication

Updated: February 27, 2008

Applies To: Windows Server 2008

Federation Server communication is communication between federation servers and federation server proxies. A federation server proxy should be updated from the Federation Service. Federation Server communication fails if the federation server proxy cannot be updated and the information in the trust policy is configured incorrectly.

Event Details

Product: Windows Operating System
ID: 605
Source: Microsoft-Windows-ADFS
Version: 6.0
Symbolic Name: ExceptionFromFedServer
Message: The Federation Service Proxy encountered an exception when it called a Federation Service Web method. Federation Server URL: %1 Web method: %2 Proxy certificate thumbprint: %3 This may cause a user request to fail. User Action The exception details may give an indication of the precise problem. Check network connectivity between the Federation Service Proxy and the Federation Service. Ensure that the Federation Service is running. Ensure that the Federation Service Proxy client authentication certificate has been added to the list of proxy authentication certificates in the Federation Service trust policy. Ensure that the Federation Service Proxy client authentication certificate chains to a root that is trusted by the Federation Service. Ensure that the Federation Service Proxy service account, which is set to Network Service by default, can access the private key of the certificate that was identified by the thumbprint ‘%3’. Conditions that can prevent the Federation Service Proxy service account from having access to the certificate private key include the following:(1) The certificate was installed from a file that did not include the private key, such as a .cer or .p7b file. (2) The certificate’s private key was imported (for example, from a .pfx file) into a user’s certificate store instead of the Local Computer Personal certificate store. (3) The certificate was generated as part of a certificate request that did not specify the “Machine Key” option. (4) The Federation Service Proxy service account has not been granted Read access to the certificate’s private key.Ensure that the Federation Service Internet Information Services (IIS) Secure Sockets Layer (SSL) server certificate chains to a root that is trusted by the Federation Service Proxy. Ensure that the Federation Service Uniform Resource Locator (URL) that is configured in the Federation Service Proxy web.config uses the name that is the subject of the Federation Service IIS SSL server certificate. Additional Data Exception information: %4

Resolve
Review the exception details

The exception details may give an indication of the precise problem.

Check network connectivity between the federation server proxy and the federation server.

Ensure that the Federation Service is running.

Ensure that the federation server proxy client authentication certificate has been added to the list of proxy authentication certificates in the trust policy.

Ensure that the federation server proxy client authentication certificate chains to a root that is trusted by the Federation Service.

Ensure that the Federation Service Internet Information Services (IIS) Secure Sockets Layer (SSL) server certificate chains to a root that is trusted by the federation server proxy.

Ensure that the Federation Service Uniform Resource Locator (URL) that is configured in the federation server proxy web.config file uses the name that is the subject of the Federation Service IIS SSL server certificate.

Verify

Verify that a specific event (ID 674) was generated on the federation server proxy computer. This event is generated when the federation server proxy is able to successfully communicate with the Federation Service.

To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.

  1. Log on to a client computer with Internet access.
  2. Open a browser window, and then type the Uniform Resource Locator (URL) for the Federation Service endpoint, along with the path to the clientlogon.aspx page that is stored on the federation server proxy.
  3. Press ENTER.

    Note   At this point your browser should display the error Server Error in ‘/adfs’ Application. This step is necessary to generate event message 674 to verify that the clientlogon.aspx page is being loaded properly by Internet Information Services (IIS).

  4. Log on to the federation server proxy.
  5. Click Start, point to Administrative Tools, and then click Event Viewer.
  6. In the details pane, double-click Application.
  7. In the Event column, look for event ID 674.

If the federation server proxy is configured properly, you see a new event in the Application log of Event Viewer, with the event ID 674. This event verifies that the federation server proxy was able to communicate successfully with the Federation Service.

Related Management Information

Federation Server Communication

Active Directory Federation Services

Related:

Attempt to fetch logical page %S_PGID in database %d failed. It belongs to allocation unit %I64d not to %I64d.

Details
Product: SQL Server
Event ID: 605
Source: MSSQLServer
Version: 9.0
Component: SQLEngine
Symbolic Name: WRONGPAGE
Message: Attempt to fetch logical page %S_PGID in database %d failed. It belongs to allocation unit %I64d not to %I64d.
   
Explanation

This error generally signifies page or allocation corruption in the specified database. SQL Server detects corruption when reading pages belonging to a table either by following the page linkages or by using the Index Allocation Map (IAM). All pages allocated to a table must belong to one of the allocation units associated with the table. If the allocation unit ID contained in the page header does not match an allocation unit ID associated with the table, this exception is raised. The first allocation unit ID listed in the error message is the ID present in the page header, the second allocation unit value is the ID associated with the table.

Data Corruption Errors

A severity level of 21 indicates potential data corruption. Possible causes are a damaged page chain, a corrupt IAM, or an invalid entry in the sys.objects catalog view for that object. These errors are often caused by hardware or disk device driver failure.

Transient Errors

A severity level of 12 indicates a potential transient error; that is, it occurs in the cache and does not indicate damage to data on disk. Transient 605 errors can be caused by the following conditions:

  • The operating system prematurely notifies SQL Server that an I/O operation has completed; the error message is displayed even though no actual data corruption exists.

  • Running a query with the Optimizer hint NOLOCK or setting the transaction isolation level to READ UNCOMMITTED. When a query that is using NOLOCK or READ UNCOMMITTED tries to read data that is being moved or changed by another user, a 605 error occurs. To verify that it is a transient 605 error, rerun the query later. For more information, see this
    KB articlehttp://support.microsoft.com/kb/235880/en-us
    .

In general, if the error occurs during data access but subsequent DBCC CHECKDB operations complete without error, the 605 error was probably transient.

   
User Action
  1. Identify the tables associated with the allocation units specified in the message by running the following query. Replace with the allocation units specified in the error message.

    USE ;
    GO
    SELECT au.allocation_unit_id, OBJECT_NAME(p.object_id) AS table_name, fg.name AS filegroup_name,
    au.type_desc AS allocation_type, au.data_pages, partition_number
    FROM sys.allocation_units AS au
    JOIN sys.partitions AS p ON au.container_id = p.partition_id
    JOIN sys.filegroups AS fg ON fg.data_space_id = au.data_space_id
    WHERE au.allocation_unit_id = OR au.allocation_unit_id =
    ORDER BY au.allocation_unit_id;
    GO

  2. Execute DBCC CHECKTABLE without a REPAIR clause on the table associated with the second allocation unit ID specified in the error message.

  3. Execute DBCC CHECKDB without a REPAIR clause as soon as possible to determine the full extent of the corruption in the entire database.

  4. Check the error log for other errors that often accompany a 605 error and examine the Windows Event Log for any system or hardware related issues. Fix any hardware-related problems that are contained in the logs.

  5. If the 605 error is not transient, the problem is severe and must be corrected by performing one of the following tasks:

    1. If the problem is not hardware related and a known clean backup is available, restore the database from the backup. You can leverage the page restore backup feature to restore just the damaged pages.

    2. Run DBCC CHECKDB with the REPAIR clause recommended by the DBCC CHECKDB operation performed in step 2 to repair the corruption.

    Caution:

    If you are not sure what effect DBCC CHECKDB with a REPAIR clause has on your data, contact your primary support provider before running this statement.

    1. If running DBCC CHECKDB with one of the REPAIR clauses does not correct the problem, contact your primary support provider. Have the output from DBCC CHECKDB available for review.

Related: