This project has moved and is read-only. For the latest updates, please go here.


Fix configuration errors using PowerShell cmdlets and restart the Federation Service


Hi we are getting below error on ADFS services start and user login please help us.

An error occurred loading an authentication provider. Fix configuration errors using PowerShell cmdlets and restart the Federation Service.
Identifier: MultiFactorAuthenticationProvider
Context: Proxy device TLS pipeline

Additional Data
Exception details:
The authentication method Neos.IdentityServer.MultiFactor.AuthenticationProvider, Neos.IdentityServer.MultiFactor, Version=, Culture=neutral, PublicKeyToken=3a36c681d9dd304c could not be loaded. Exception has been thrown by the target of an invocation.


The Federation Service encountered an error while processing the WS-Trust request.
Request type:

Additional Data
Exception details:
System.ArgumentOutOfRangeException: Not a valid Win32 FileTime.
Parameter name: fileTime
at System.DateTime.FromFileTimeUtc(Int64 fileTime)
at Microsoft.IdentityServer.Tokens.LsaLogonUserHelper.GetPasswordExpiryDetails(SafeLsaReturnBufferHandle profileHandle, DateTime& nextPasswordChange, DateTime& lastPasswordChange)
at Microsoft.IdentityServer.Tokens.LsaLogonUserHelper.GetLsaLogonUserInfo(SafeHGlobalHandle pLogonInfo, Int32 logonInfoSize, DateTime& nextPasswordChange, DateTime& lastPasswordChange, String authenticationType, String issuerName)
at Microsoft.IdentityServer.Tokens.LsaLogonUserHelper.GetLsaLogonUser(String domain, String username, String password, DateTime& nextPasswordChange, DateTime& lastPasswordChange, String issuerName)
at Microsoft.IdentityServer.Service.LocalAccountStores.ActiveDirectory.ActiveDirectoryCpTrustStore.ValidateUser(IAuthenticationContext context)
at Microsoft.IdentityServer.Service.Tokens.MsisLocalCpUserNameSecurityTokenHandler.ValidateTokenInternal(UsernameAuthenticationContext usernameAuthenticationContext, SecurityToken token)
at Microsoft.IdentityServer.Service.Tokens.MsisLocalCpUserNameSecurityTokenHandler.ValidateToken(SecurityToken token)
at Microsoft.IdentityServer.Web.WSTrust.SecurityTokenServiceManager.GetEffectivePrincipal(SecurityTokenElement securityTokenElement, SecurityTokenHandlerCollection securityTokenHandlerCollection)
at Microsoft.IdentityServer.Web.WSTrust.SecurityTokenServiceManager.Issue(RequestSecurityToken request, IList1& identityClaimSet, List1 additionalClaims)
Closed Mar 26 at 8:06 PM by redhook


redhook wrote Mar 26 at 8:06 PM


We don't provide any support for custom builds.
We can see in your trace that the assembly signature is not our.
$typeName = "Neos.IdentityServer.MultiFactor.AuthenticationProvider, Neos.IdentityServer.MultiFactor, Version=, Culture=neutral, PublicKeyToken=175aa5ee756d2aa2"
Register-AdfsAuthenticationProvider -TypeName $typeName -Name "MultiFactorAuthenticationProvider" -Verbose -ConfigurationFilePath ".\configdata.xml" 
net stop adfssrv
net start adfssrv

For Custom builds your MUST recompile all projects and sign them with your own Key.
As said in dcoumentation (also on first page of this site) :
  • Due to security, solution must be signed in Visual Studio with a certificate .pfx
  • You must also deploy your assemblies un the GAC.
  • You must also ensure that the right .Net Framework is deployed on tour servers (builds for 4.5.2 and 4.6.2)
  • You must modify your PowerShell command (PublicToken) according your signature cert.
  • Only deploy these components on ADFS Servers but not on ADFS Proxies.
Best Regards