Our Web SSO ADFS solution stopped authenticating users. The CredentialsVerificationException caught a 1703. It was not one of the "standard" ones like 87=missing user name. The SA tracked back to AD errors and the following:
File Replication Service, by default, uses a randomly selected port to use for Remote Procedure Calls. Either AD or FRS started using a blocked port which caused domain authentication to fail. Solution: permanently disable the firewall.