A very useful tool that can be used to get a better look at what is what is happening on your ADFS servers and for troubleshooting purposes is to enable security auditing for ADFS. This will log ADFS security events to the Security log in event viewer. There are easy steps that you need to take to get this working.
Step 1 – Grant the ADFS service account the “Generate security audits” right on the ADFS server. To do this, open the local security policy on the server gpedit.msc (can also be done thru GPO for multiple servers). Navigate to “Windows Settings\Local Policies\User Rights Assignment” and add the ADFS Service Account to have the “Generate security audits” right.
Step 2 – Run the following command from the command prompt:
auditpol.exe /set /subcategory:”Application Generated” /failure:enable /success:enable
Step 3 – In the ADFS console, right click “ADFS 2.0” and choose “Edit Federation Service Properties” when the “Federation Service Properties” dialogue box appears choose the Events tab and select “Success Audits” and Failure Audits” as shown below.
Now that you have complete the steps you will begin to see events in the Security log of the event viewer for ADFS as shown below.
You are now finished enabling ADFS Security Auditing. I hope this helps!