Home
  •  

Error when loading authentication provider

Microsoft.ActiveDirectoryFederationServices.2016.FederationServerAuthenticationProviderLoadMonitor (UnitMonitor)

An authentication provider cannot be loaded successfully. Any authentication requests that require this provider will fail.

Knowledge Base article:

Summary

This monitor checks for errors when loading authentication providers during AD FS service startup. A manual reset is needed to clear this monitor back to a healthy state after addressing the root cause and restarting the AD FS service.

Causes

AD FS encounters this state when one or more authentication providers fail to load. This is more common to occur on custom authentication providers used for multi-factor authentication.

Resolutions

If the error occurs on a custom authentication provider, please consult your provider's instructions to confirm the installation of the authentication provider on the machine that is reporting the error, and restart the AD FS service. Please note that the installation of the authentication provider must happen on every node of the AD FS farm and it is a separate step from deploying and configuring AD FS.

Element properties:

TargetMicrosoft.ActiveDirectoryFederationServices.2016.FederationServer
Parent MonitorSystem.Health.ConfigurationState
CategoryConfigurationHealth
EnabledTrue
Alert GenerateTrue
Alert SeverityError
Alert PriorityNormal
Alert Auto ResolveTrue
Monitor TypeMicrosoft.Windows.SingleEventLogTimer2StateMonitorType
RemotableTrue
AccessibilityPublic
Alert Message
Error when loading authentication provider
Event Description: {0}
RunAsDefault

Source Code:

<UnitMonitor ID="Microsoft.ActiveDirectoryFederationServices.2016.FederationServerAuthenticationProviderLoadMonitor" Accessibility="Public" Enabled="true" Target="Microsoft.ActiveDirectoryFederationServices.2016.FederationServer" ParentMonitorID="Health!System.Health.ConfigurationState" Remotable="true" Priority="Normal" TypeID="Windows!Microsoft.Windows.SingleEventLogTimer2StateMonitorType" ConfirmDelivery="true">

  <Category>ConfigurationHealth</Category>

  <AlertSettings AlertMessage="Microsoft.ActiveDirectoryFederationServices.2016.FederationServerAuthenticationProviderLoadMonitor_AlertMessageResourceID">

    <AlertOnState>Error</AlertOnState>

    <AutoResolve>true</AutoResolve>

    <AlertPriority>Normal</AlertPriority>

    <AlertSeverity>Error</AlertSeverity>

    <AlertParameters>

      <AlertParameter1>$Data/Context/EventDescription$</AlertParameter1>

    </AlertParameters>

  </AlertSettings>

  <OperationalStates>

    <OperationalState ID="EventRaised" MonitorTypeStateID="EventRaised" HealthState="Error"/>

    <OperationalState ID="TimerEventRaised" MonitorTypeStateID="TimerEventRaised" HealthState="Success"/>

  </OperationalStates>

  <Configuration>

    <ComputerName>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

    <LogName>AD FS/Admin</LogName>

    <Expression>

      <And>

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

            </ValueExpression>

            <Operator>Equal</Operator>

            <ValueExpression>

              <Value Type="UnsignedInteger">105</Value>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

        <Expression>

          <RegExExpression>

            <ValueExpression>

              <XPathQuery Type="String">PublisherName</XPathQuery>

            </ValueExpression>

            <Operator>MatchesMOM2005RegularExpression</Operator>

            <Pattern>(^AD FS$)</Pattern>

          </RegExExpression>

        </Expression>

      </And>

    </Expression>

    <TimerWaitInSeconds>900</TimerWaitInSeconds>

  </Configuration>

</UnitMonitor>