AD FS 서비스 계정ì´ AD FS 구성 ë°ì´Ä°ë² ì´스엠있늆Ơð 서명 ë˜Â늆Ơð ì•â€Ã˜¸ Õ´ëÂ… ì¸ì¦Â서엠대Õœ ê°œì¸ Â¤ì— ì•¡ì„¸ìŠ¤Ã• ìˆ˜ 없기 때문엠AD FS Windows 서비스를 시작՘지 못ֈ습니다.
AD FS Windows 서비스가 성공ì Â으로 시작ë˜면 모니Ä°ê°€ 녹색 ìƒÂÜ로 변՘고중욆경고가 ìžÂë™으로 Õ´ê²°ë©니다.
ì´러Õœ ìƒÂÙ©ì€ ì¸ì¦Â서를 지정Õœ 저장소ì—Âì„œ 찾았지만 ì¸ì¦Âì„œìÂËœ ê°œì¸ Â¤ì— ì•¡ì„¸ìŠ¤Ã•˜ëŠ†ë° 문제가 있늆경우엠발ìƒÂՠ수 있습니다. ì´러Õœ ìƒÂÙ©ì´ ë°œìƒÂÕœ ì¼반ì Âì¸ ì›Âì¸ì€ 다ìŒ과 같습니다.
.cer ë˜Â늆.p7b ÃŒŒì¼ ê°™ì€ ê°œì¸ Â¤ê°€ ìըë˜지 않늆ì›Â본ì—Âì„œ ì¸ì¦Â서를 설치ֈ습니다.
ì¸ì¦Âì„œìÂËœ ê°œì¸ Â¤ë¥¼ ì´ ì´벤ʸ엠지정ëÂÅ“ 저장소와 다른 저장소엠가져ì™â€Ã¬Å µë‹ˆë‹¤(예: .pfx ÃŒŒì¼).
ì¸ì¦Â서가 "ì»´ÃҬÄ° ¤" 옵션ì„ 지정՘지 않늆ì¸ì¦Âì„œ ìšâ€Ã¬Â²ÂìÂËœ ì¼부로 ìƒÂ성ë˜었습니다.
ÃŽ˜ëÂâ€Ã«Â ˆì´션 서비스 IDì— ì¸ì¦Âì„œìÂËœ ê°œì¸ Â¤ì— ëŒ€Ã•œ ì½기 권Õœì´ 부여ë˜지 않았습니다.
ì´ ìƒÂÙ©ì„ Õ´ê²°Ã• ìˆ˜ 있늆방법ì€ 다ìŒ과 같습니다.
ê°œì¸ Â¤ê°€ 없늆ì›Â본ì—Âì„œ ì¸ì¦Â서를 가져온 경우, ê°œì¸ Â¤ê°€ 있늆ì¸ì¦Â서를 ì„ ÃÆ’Â՘거나 ê°œì¸ Â¤ë¥¼ ìը՘늆ì›Â본ì—Âì„œ 다시 ì¸ì¦Â서를 가져오ì‹Â시오(예: .pfx ÃŒŒì¼).
사용잠컨Ã…Â스ʸì—Âì„œ ì¸ì¦Â서를 가져온 경우, ì´전엠지정Õœ 저장소가 ì¸ì¦Â서를 가져온 저장소와 ì¼치Õ˜ëŠâ€Ã¬Â§â‚¬ Ù•ì¸Õ˜ì‹Â시오.
"ì»´ÃҬÄ° ¤" 옵션ì„ 지정՘지 ì•Šì€ ì¸ì¦Âì„œ ìšâ€Ã¬Â²Âì— ì˜մ ì¸ì¦Â서가 ìƒÂ성ë˜고¤가 내보내기 가능으로 ќ시ëÂÅ“ 경우, 사용잠저장소ì—Âì„œ .pfx ÃŒŒì¼로 ê°œì¸ Â¤ì™€ ը께 ì¸ì¦Â서를 내보낸 다ìÂÅ’ 구성 ÃŒŒì¼엠지정Õœ 저장소로 다시 ë°â€Ã«Â¡Å“ 가져오ì‹Â시오.
¤가 내보내기 가능으로 ќ시ë˜지 ì•Šì€ 경우 "ì»´ÃҬÄ° ¤" 옵션ì„ 사용՘여 새 ì¸ì¦Â서를 ìšâ€Ã¬Â²ÂÕ˜ì‹Â시오.
ÃŽ˜ëÂâ€Ã«Â ˆì´션 서비스 IDì— ì¸ì¦Âì„œìÂËœ ê°œì¸ Â¤ì— ëŒ€Ã•œ ì½기 권Õœì´ 부여ë˜지 ì•Šì€ 경우 ì¸ì¦Âì„œ 스냅ì¸ì„ 사용՘여 ì´ ì¡°ê±´ì„ 수정՘세ìšâ€. ìžÂ세Õœ ë‚´ìš©ì€ AD FS troubleshooting guide(AD FS 문제 Õ´ê²° ê°€ì´드)ìÂËœ "Things to Check Before Troubleshooting AD FS"(AD FS 문제 Õ´ê²° ì „ Ù•ì¸Õ ì‚¬Ã•Â) 섹션ì—Âì„œ "Confirm that private keys for certificates are accessible by the AD FS service user account"(ì¸ì¦Âì„œìÂËœ ê°œì¸ Â¤ë¥¼ AD FS 서비스 사용잠계정으로 액세스ՠ수 있ëŠâ€Ã¬Â§â‚¬ Ù•ì¸) 절차를 참조՘세ìšâ€.
Target | Microsoft.ActiveDirectoryFederationServices.2016.FederationServer | ||
Parent Monitor | System.Health.AvailabilityState | ||
Category | AvailabilityHealth | ||
Enabled | True | ||
Alert Generate | True | ||
Alert Severity | Error | ||
Alert Priority | Normal | ||
Alert Auto Resolve | True | ||
Monitor Type | Microsoft.Windows.2SingleEventLog2StateMonitorType | ||
Remotable | True | ||
Accessibility | Public | ||
Alert Message |
| ||
RunAs | Default |
<UnitMonitor ID="Microsoft.ActiveDirectoryFederationServices.2016.FederationServerBadConfigurationIdentityCertificateHasNoPrivateKeyMonitor" Accessibility="Public" Enabled="true" Target="Microsoft.ActiveDirectoryFederationServices.2016.FederationServer" ParentMonitorID="Health!System.Health.AvailabilityState" Remotable="true" Priority="Normal" TypeID="Windows!Microsoft.Windows.2SingleEventLog2StateMonitorType" ConfirmDelivery="true">
<Category>AvailabilityHealth</Category>
<AlertSettings AlertMessage="Microsoft.ActiveDirectoryFederationServices.2016.FederationServerBadConfigurationIdentityCertificateHasNoPrivateKeyMonitor_AlertMessageResourceID">
<AlertOnState>Error</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>Normal</AlertPriority>
<AlertSeverity>Error</AlertSeverity>
</AlertSettings>
<OperationalStates>
<OperationalState ID="FirstEventRaised" MonitorTypeStateID="FirstEventRaised" HealthState="Error"/>
<OperationalState ID="SecondEventRaised" MonitorTypeStateID="SecondEventRaised" HealthState="Success"/>
</OperationalStates>
<Configuration>
<FirstComputerName>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</FirstComputerName>
<FirstLogName>$Target/Property[Type="Microsoft.ActiveDirectoryFederationServices.2016.FederationServer"]/ADFSEventLog$</FirstLogName>
<FirstExpression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">133</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<RegExExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>MatchesMOM2005RegularExpression</Operator>
<Pattern>(^AD FS$)</Pattern>
</RegExExpression>
</Expression>
</And>
</FirstExpression>
<SecondComputerName>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</SecondComputerName>
<SecondLogName>$Target/Property[Type="Microsoft.ActiveDirectoryFederationServices.2016.FederationServer"]/ADFSEventLog$</SecondLogName>
<SecondExpression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">100</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<RegExExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>MatchesMOM2005RegularExpression</Operator>
<Pattern>(^AD FS$)</Pattern>
</RegExExpression>
</Expression>
</And>
</SecondExpression>
</Configuration>
</UnitMonitor>