Tento monitor indikuje, že úÄet služby, který je spojený se službou AD FS systému Windows nemá oprávnÄ›nà k privátnÃmu klÃÄi pro podpisové nebo deÅ¡ifrovacà certifikáty tokenů, které jsou nakonfigurované v konfiguraÄnà databázi služby AD FS.
ÚÄet služby AD FS nemá oprávnÄ›nà ke Ätenà privátnÃch klÃÄů pro nakonfigurované certifikáty.
UjistÄ›te se, že úÄet služby AD FS má oprávnÄ›nà Ätenà pro privátnà klÃÄe certifikátů. DalÅ¡Ã informace jsou uvedeny v Äásti „PÅ™esvÄ›dÄte se, že privátnà klÃÄe pro certifikáty jsou pro uživatelský úÄet služby AD FS pÅ™Ãstupné“ v pÅ™ÃruÄce pro Å™eÅ¡enà problémů se službou AD FS.
Target | Microsoft.ActiveDirectoryFederationServices.2016.TokenIssuance | ||
Parent Monitor | System.Health.ConfigurationState | ||
Category | ConfigurationHealth | ||
Enabled | True | ||
Alert Generate | True | ||
Alert Severity | Error | ||
Alert Priority | Normal | ||
Alert Auto Resolve | True | ||
Monitor Type | Microsoft.Windows.2SingleEventLog2StateMonitorType | ||
Remotable | True | ||
Accessibility | Public | ||
Alert Message |
| ||
RunAs | Default |
<UnitMonitor ID="Microsoft.ActiveDirectoryFederationServices.2016.TokenIssuanceCertPrivateKeyInaccessibleErrorMonitor" Accessibility="Public" Enabled="true" Target="Microsoft.ActiveDirectoryFederationServices.2016.TokenIssuance" ParentMonitorID="Health!System.Health.ConfigurationState" Remotable="true" Priority="Normal" TypeID="Windows!Microsoft.Windows.2SingleEventLog2StateMonitorType" ConfirmDelivery="true">
<Category>ConfigurationHealth</Category>
<AlertSettings AlertMessage="Microsoft.ActiveDirectoryFederationServices.2016.TokenIssuanceCertPrivateKeyInaccessibleErrorMonitor_AlertMessageResourceID">
<AlertOnState>Error</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>Normal</AlertPriority>
<AlertSeverity>Error</AlertSeverity>
</AlertSettings>
<OperationalStates>
<OperationalState ID="FirstEventRaised" MonitorTypeStateID="FirstEventRaised" HealthState="Error"/>
<OperationalState ID="SecondEventRaised" MonitorTypeStateID="SecondEventRaised" HealthState="Success"/>
</OperationalStates>
<Configuration>
<FirstComputerName>$Target/Host/Host/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</FirstComputerName>
<FirstLogName>$Target/Host/Host/Property[Type="Microsoft.ActiveDirectoryFederationServices.2016.FederationServer"]/ADFSEventLog$</FirstLogName>
<FirstExpression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">387</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<RegExExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>MatchesMOM2005RegularExpression</Operator>
<Pattern>(^AD FS$)</Pattern>
</RegExExpression>
</Expression>
</And>
</FirstExpression>
<SecondComputerName>$Target/Host/Host/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</SecondComputerName>
<SecondLogName>$Target/Host/Host/Property[Type="Microsoft.ActiveDirectoryFederationServices.2016.FederationServer"]/ADFSEventLog$</SecondLogName>
<SecondExpression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">388</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<RegExExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>MatchesMOM2005RegularExpression</Operator>
<Pattern>(^AD FS$)</Pattern>
</RegExExpression>
</Expression>
</And>
</SecondExpression>
</Configuration>
</UnitMonitor>