Å ifrovacÃ certifikÃ¡t poskytovatele deklaracÃ identity nenÃ platnÃ½

Microsoft.ActiveDirectoryFederationServices.2016.TokenAcceptanceAuthorityEncryptionCertificateCrlCheckFailureMonitor (UnitMonitor)

Knowledge Base article:

Souhrn

Tento monitor indikuje, Å¾e poÅ¾adavek odhlÃ¡Å¡enÃ SAML se nezdaÅ™il, protoÅ¾e Å¡ifrovacÃ certifikÃ¡t dÅ¯vÄ›ryhodnÃ©ho certifikÃ¡tu poskytovatele deklaracÃ identity nenÃ platnÃ½.

Pokud ke stejnÃ©mu problÃ©mu nedojde bÄ›hem 15 minut znovu, stav tohoto monitoru se vrÃ¡tÃ zpÃ¡tky na zelenÃ½. Pravidlo vÃ½strahy vygeneruje pÅ™ÃsluÅ¡nou vÃ½strahu, kterou je tÅ™eba vyÅ™eÅ¡it ruÄnÄ›.

PÅ™ÃÄiny

NÃÅ¾e jsou vedeny moÅ¾nÃ© pÅ™ÃÄiny tÃ©to udÃ¡losti:

CertifikÃ¡t byl odvolÃ¡n.
Å˜etÄ›z certifikÃ¡tÅ¯ nebylo moÅ¾nÃ© ovÄ›Å™it dle specifikace nastavenÃ odvolÃ¡nÃ Å¡ifrovacÃho certifikÃ¡tu pro tento dÅ¯vÄ›ryhodnÃ½ certifikÃ¡t poskytovatele deklaracÃ identity.
CertifikÃ¡t nenÃ v dobÄ› platnosti.

PoznÃ¡mka

PomocÃ rutin prostÅ™edÃ Windows PowerShell pro sluÅ¾bu AD FS mÅ¯Å¾ete nakonfigurovat nastavenÃ odvolÃ¡nÃ pro Å¡ifrovacÃ certifikÃ¡t dÅ¯vÄ›ryhodnÃ©ho certifikÃ¡tu poskytovatele deklaracÃ identity. Pro konkrÃ©tnÃ nastavenÃ pouÅ¾ijte parametr EncryptionCertificateRevocationCheck rutiny Set-ADFSClaimsProviderTrust.

Å˜eÅ¡enÃ

UjistÄ›te se, Å¾e Å¡ifrovacÃ certifikÃ¡t dÅ¯vÄ›ryhodnÃ©ho certifikÃ¡tu poskytovatele deklaracÃ identity je platnÃ½ a nebyl odvolÃ¡n.
UjistÄ›te se, Å¾e sluÅ¾ba AD FS mÅ¯Å¾e pÅ™istupovat k seznamu odvolanÃ½ch certifikÃ¡tÅ¯, pokud nastavenÃ odvolÃ¡nÃ nespecifikuje nastavenÃ "Å¾Ã¡dnÃ©" nebo "pouze mezipamÄ›Å¥".
OvÄ›Å™te nastavenÃ serveru proxy protokolu HTTP. DalÅ¡Ã informace o tom, jak ovÄ›Å™it nastavenÃ serveru proxy protokolu HTTP, najdete v ÄÃ¡sti Co zkontrolovat pÅ™ed Å™eÅ¡enÃm problÃ©mÅ¯ se sluÅ¾bou AD FS.

Element properties:

Source Code:

Target	Microsoft.ActiveDirectoryFederationServices.2016.TokenAcceptance
Parent Monitor	System.Health.ConfigurationState
Category	ConfigurationHealth
Enabled	True
Alert Generate	False
Alert Auto Resolve	True
Monitor Type	Microsoft.Windows.SingleEventLogTimer2StateMonitorType
Remotable	True
Accessibility	Public
RunAs	Default

<UnitMonitor ID="Microsoft.ActiveDirectoryFederationServices.2016.TokenAcceptanceAuthorityEncryptionCertificateCrlCheckFailureMonitor" Accessibility="Public" Enabled="true" Target="Microsoft.ActiveDirectoryFederationServices.2016.TokenAcceptance" ParentMonitorID="Health!System.Health.ConfigurationState" Remotable="true" Priority="Normal" TypeID="Windows!Microsoft.Windows.SingleEventLogTimer2StateMonitorType" ConfirmDelivery="true"> <Category>ConfigurationHealth</Category> <OperationalStates> <OperationalState ID="EventRaised" MonitorTypeStateID="EventRaised" HealthState="Warning"/> <OperationalState ID="TimerEventRaised" MonitorTypeStateID="TimerEventRaised" HealthState="Success"/> </OperationalStates> <Configuration> <ComputerName>$Target/Host/Host/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName> <LogName>$Target/Host/Host/Property[Type="Microsoft.ActiveDirectoryFederationServices.2016.FederationServer"]/ADFSEventLog$</LogName> <Expression> <And> <Expression> <SimpleExpression> <ValueExpression> <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery> </ValueExpression> <Operator>Equal</Operator> <ValueExpression> <Value Type="UnsignedInteger">374</Value> </ValueExpression> </SimpleExpression> </Expression> <Expression> <RegExExpression> <ValueExpression> <XPathQuery Type="String">PublisherName</XPathQuery> </ValueExpression> <Operator>MatchesMOM2005RegularExpression</Operator> <Pattern>(^AD FS$)</Pattern> </RegExExpression> </Expression> </And> </Expression> <TimerWaitInSeconds>900</TimerWaitInSeconds> </Configuration> </UnitMonitor>

Å ifrovacÃ­ certifikÃ¡t poskytovatele deklaracÃ­ identity nenÃ­ platnÃ½