Home
  •  

Certificate Validation Failure

Microsoft.ActiveDirectoryFederationServices20.FederationServerAdditionalCertificateValidationFailureMonitor (UnitMonitor)

Knowledge Base article:

Summary

An error occurred during an attempt to build the certificate chain for the certificate that is configured in the AD FS configuration database. If the same problem does not occur again within 15 minutes, the health state of this monitor will change back to a Green state. A corresponding alert is generated by the alert rule, and it must be resolved manually.

Causes

This event occurs whenever the Federation Service updates its service state or tries to refresh its cached certificate configuration data. If the configuration has changed so that one of the configured certificates is invalid when a refresh occurs, this event is logged.

The following are possible causes for this event:

Resolutions

Ensure that the certificate is valid and has not been revoked or expired.

Element properties:

TargetMicrosoft.ActiveDirectoryFederationServices20.FederationServer
Parent MonitorSystem.Health.ConfigurationState
CategoryConfigurationHealth
EnabledTrue
Alert GenerateFalse
Alert Auto ResolveTrue
Monitor TypeMicrosoft.Windows.SingleEventLogTimer2StateMonitorType
RemotableTrue
AccessibilityPublic
RunAsDefault

Source Code:

<UnitMonitor ID="Microsoft.ActiveDirectoryFederationServices20.FederationServerAdditionalCertificateValidationFailureMonitor" Accessibility="Public" Enabled="true" Target="Microsoft.ActiveDirectoryFederationServices20.FederationServer" ParentMonitorID="Health!System.Health.ConfigurationState" Remotable="true" Priority="Normal" TypeID="Windows!Microsoft.Windows.SingleEventLogTimer2StateMonitorType" ConfirmDelivery="true">

  <Category>ConfigurationHealth</Category>

  <OperationalStates>

    <OperationalState ID="EventRaised" MonitorTypeStateID="EventRaised" HealthState="Warning"/>

    <OperationalState ID="TimerEventRaised" MonitorTypeStateID="TimerEventRaised" HealthState="Success"/>

  </OperationalStates>

  <Configuration>

    <ComputerName>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

    <LogName>$Target/Property[Type="Microsoft.ActiveDirectoryFederationServices20.FederationServer"]/ADFSEventLog$</LogName>

    <Expression>

      <And>

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

            </ValueExpression>

            <Operator>Equal</Operator>

            <ValueExpression>

              <Value Type="UnsignedInteger">381</Value>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

        <Expression>

          <RegExExpression>

            <ValueExpression>

              <XPathQuery Type="String">PublisherName</XPathQuery>

            </ValueExpression>

            <Operator>MatchesMOM2005RegularExpression</Operator>

            <Pattern>(^AD FS$)|(^AD FS 2.0$)</Pattern>

          </RegExExpression>

        </Expression>

      </And>

    </Expression>

    <TimerWaitInSeconds>900</TimerWaitInSeconds>

  </Configuration>

</UnitMonitor>