Home
  •  

Federation Server Proxy Connection Error

Microsoft.ActiveDirectoryFederationServices20.FederationServerProxyToServerCommunicationMonitor (UnitMonitor)

Knowledge Base article:

Summary

The federation server proxy cannot contact the federation server. This monitor runs on the federation server proxy at set intervals to check for updates to federation metadata from the federation server at https://<host name>/FederationMetadata/2007-06/FederationMetadata.xml.

If the federation server proxy can obtain the federation metadata from the federation server, the monitor will transition to a Green state and the original critical alert will be resolved automatically.

Causes

This might mean that the AD FS Windows service has stopped on the federation server computer. Check the Alert Context tab for more information.

Resolutions

Verify that the AD FS Windows service is started on the remote federation server computer and that the remote federation server is reachable. For more information, see "Verify that AD FS is installed and running" and "Verify network connectivity" in the AD FS Troubleshooting Guide

Element properties:

TargetMicrosoft.ActiveDirectoryFederationServices20.FederationServerProxy
Parent MonitorSystem.Health.AvailabilityState
CategoryAvailabilityHealth
EnabledTrue
Alert GenerateTrue
Alert SeverityError
Alert PriorityNormal
Alert Auto ResolveTrue
Monitor TypeMicrosoft.ActiveDirectoryFederationServices20.TwoStateScriptMonitorType
RemotableTrue
AccessibilityPublic
Alert Message
Federation Server Proxy Connection Error
The federation server proxy cannot contact the federation server. Check the Alert Context tab for more details.
RunAsDefault

Source Code:

<UnitMonitor ID="Microsoft.ActiveDirectoryFederationServices20.FederationServerProxyToServerCommunicationMonitor" Accessibility="Public" Enabled="true" Target="Microsoft.ActiveDirectoryFederationServices20.FederationServerProxy" ParentMonitorID="Health!System.Health.AvailabilityState" Remotable="true" Priority="Normal" TypeID="Microsoft.ActiveDirectoryFederationServices20.TwoStateScriptMonitorType" ConfirmDelivery="false">

  <Category>AvailabilityHealth</Category>

  <AlertSettings AlertMessage="Microsoft.ActiveDirectoryFederationServices20.FederationServerProxyToServerCommunicationMonitor_AlertMessageResourceID">

    <AlertOnState>Error</AlertOnState>

    <AutoResolve>true</AutoResolve>

    <AlertPriority>Normal</AlertPriority>

    <AlertSeverity>Error</AlertSeverity>

  </AlertSettings>

  <OperationalStates>

    <OperationalState ID="Success" MonitorTypeStateID="Success" HealthState="Success"/>

    <OperationalState ID="Error" MonitorTypeStateID="Error" HealthState="Error"/>

  </OperationalStates>

  <Configuration>

    <PowerShellPath>%windir%\system32\windowspowershell\v1.0\powershell.exe</PowerShellPath>

    <ScriptName>FederationServerProxyToServerCommunicationCheck.ps1</ScriptName>

    <ScriptBody><Script>            $proxyWMIObject = (Get-WmiObject -Namespace root\ADFS -Class ProxyService)

            

            $scomapi = new-object -comObject "MOM.ScriptAPI"

            $scomapi.LogScriptEvent("ActiveDirectoryFederationServices", 300, 4, "Proxy to server connectivity PowerShell monitoring script")

            $fullHostName = "https://" + $proxyWMIObject.HostName + ":" + $proxyWMIObject.HostHttpsPort + "/FederationMetadata/2007-06/FederationMetadata.xml"

            $forwardProxyAddress = $proxyWMIObject.ForwardHttpProxyAddress

            $script:serverReachable = $true 

            $script:exceptionMessage = ""

            

            [System.Net.WebResponse] $webResponse = $null;

            #try

            &amp;{

                [System.Net.WebRequest] $webRequest = [System.Net.WebRequest]::Create( $fullHostName )

                if( [String]::IsNullOrEmpty( $forwardProxyAddress ) -eq $false )

                {

                    $webRequest.Proxy = new [System.Net.WebProxy] $forwardProxyAddress, $true 

                }

                $webResponse = $webRequest.GetResponse()

            }            

            trap [System.Exception]   

            {

              $script:serverReachable = $false

              $script:exceptionMessage = $_.Exception.Message

              continue

            }

                         

            if ( $null -ne $webResponse )

            {

                $webResponse.Close()

            }

            

            $scompb = $scomapi.CreatePropertyBag()

            $scompb.AddValue("ServerReachable",  $script:serverReachable )

            $scompb.AddValue("ErrorMessage",  $script:exceptionMessage )

            $scomapi.AddItem($scompb) 

            $scomapi.ReturnItems() </Script></ScriptBody>

    <IntervalSeconds>300</IntervalSeconds>

    <TimeoutSeconds>180</TimeoutSeconds>

    <ErrorExpression>

      <SimpleExpression>

        <ValueExpression>

          <XPathQuery Type="String">Property[@Name='ServerReachable']</XPathQuery>

        </ValueExpression>

        <Operator>Equal</Operator>

        <ValueExpression>

          <Value Type="String">false</Value>

        </ValueExpression>

      </SimpleExpression>

    </ErrorExpression>

    <SuccessExpression>

      <SimpleExpression>

        <ValueExpression>

          <XPathQuery Type="String">Property[@Name='ServerReachable']</XPathQuery>

        </ValueExpression>

        <Operator>Equal</Operator>

        <ValueExpression>

          <Value Type="String">true</Value>

        </ValueExpression>

      </SimpleExpression>

    </SuccessExpression>

  </Configuration>

</UnitMonitor>