The following is logged in the event log on an ADFS Proxy or ADFS Server:
Log Name: AD FS 2.0/Admin
Source: AD FS 2.0
Date: 15.09.2011 14:28:16
Event ID: 364
Task Category: None
Keywords: AD FS
User: NETWORK SERVICE
Encountered error during federation passive request.
System.ServiceModel.Security.MessageSecurityException: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. ---> System.ServiceModel.FaultException: An error occurred when verifying security for the message.
--- End of inner exception stack trace ---
System.ServiceModel.FaultException: An error occurred when verifying security for the message.
<TimeCreated SystemTime="2011-09-15T12:28:16.218750000Z" />
(...this suggests a time difference between the ADFS Proxy and STS servers of 1 hour or greater.)
Possible causes for Event ID 364:
- The time difference between the ADFS proxy and the ADFS server is too big (should be synchronized as close together as possible - manually or via Win32Time)
- The SSL certificate of either the ADFS proxy or the ADFS server is failing revocation checking on either side (standard PKI troubleshooting applies).
- The SSL certificate of either the ADFS proxy or the ADFS server is unable to chain up to a Trusted Root on either side (verify all CA certificates in the chain are installed in the personal store of the application pool service account).