이 모니터는 AD FS Windows 서비스와 연관된 서비스 계정에 AD FS 구성 데이터베이스에 구성된 토큰 서명 인증서 또는 토큰 암호 해독 인증서의 개인 키에 대한 권한이 없음을 나타냅니다.
AD FS 서비스 계정에 구성된 인증서의 개인 키에 대한 읽기 권한이 없습니다.
AD FS 서비스 계정에 인증서 개인 키에 대한 읽기 권한이 있는지 확인하십시오. 자세한 내용은 AD FS troubleshooting guide(AD FS 문제 해결 가이드)의 "Confirm that private keys for certificates are accessible by the AD FS service user account"(인증서의 개인 키를 AD FS 서비스 사용자 계정으로 액세스할 수 있는지 확인) 섹션을 참조하세요.
Target | Microsoft.ActiveDirectoryFederationServices.2016.TokenIssuance | ||
Parent Monitor | System.Health.ConfigurationState | ||
Category | ConfigurationHealth | ||
Enabled | True | ||
Alert Generate | True | ||
Alert Severity | Error | ||
Alert Priority | Normal | ||
Alert Auto Resolve | True | ||
Monitor Type | Microsoft.Windows.2SingleEventLog2StateMonitorType | ||
Remotable | True | ||
Accessibility | Public | ||
Alert Message |
| ||
RunAs | Default |
<UnitMonitor ID="Microsoft.ActiveDirectoryFederationServices.2016.TokenIssuanceCertPrivateKeyInaccessibleErrorMonitor" Accessibility="Public" Enabled="true" Target="Microsoft.ActiveDirectoryFederationServices.2016.TokenIssuance" ParentMonitorID="Health!System.Health.ConfigurationState" Remotable="true" Priority="Normal" TypeID="Windows!Microsoft.Windows.2SingleEventLog2StateMonitorType" ConfirmDelivery="true">
<Category>ConfigurationHealth</Category>
<AlertSettings AlertMessage="Microsoft.ActiveDirectoryFederationServices.2016.TokenIssuanceCertPrivateKeyInaccessibleErrorMonitor_AlertMessageResourceID">
<AlertOnState>Error</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>Normal</AlertPriority>
<AlertSeverity>Error</AlertSeverity>
</AlertSettings>
<OperationalStates>
<OperationalState ID="FirstEventRaised" MonitorTypeStateID="FirstEventRaised" HealthState="Error"/>
<OperationalState ID="SecondEventRaised" MonitorTypeStateID="SecondEventRaised" HealthState="Success"/>
</OperationalStates>
<Configuration>
<FirstComputerName>$Target/Host/Host/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</FirstComputerName>
<FirstLogName>$Target/Host/Host/Property[Type="Microsoft.ActiveDirectoryFederationServices.2016.FederationServer"]/ADFSEventLog$</FirstLogName>
<FirstExpression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">387</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<RegExExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>MatchesMOM2005RegularExpression</Operator>
<Pattern>(^AD FS$)</Pattern>
</RegExExpression>
</Expression>
</And>
</FirstExpression>
<SecondComputerName>$Target/Host/Host/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</SecondComputerName>
<SecondLogName>$Target/Host/Host/Property[Type="Microsoft.ActiveDirectoryFederationServices.2016.FederationServer"]/ADFSEventLog$</SecondLogName>
<SecondExpression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">388</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<RegExExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>MatchesMOM2005RegularExpression</Operator>
<Pattern>(^AD FS$)</Pattern>
</RegExExpression>
</Expression>
</And>
</SecondExpression>
</Configuration>
</UnitMonitor>