Home
  •  

Federation Passive Web Site Application Is Missing On The Federation Server Proxy

Microsoft.ActiveDirectoryFederationServices20.FederationServerProxyWebsitesIISVDirMonitor (UnitMonitor)

Knowledge Base article:

Summary

The AD FS federation passive Web site application is missing in IIS on the federation server proxy.

Causes

The AD FS federation passive Web site application was deleted.

Resolutions

Add an IIS application for the AD FS federation passive Web site:

1. Create a new folder named adfs under %system root%\inetpub\.

2. Create a new folder named ls under %system root%\inetpub\adfs\.

3. Copy all the files under %windir%\ADFS\WSFederationPassive.Web\ to %system root%\inetpub\adfs\ls\.

4. Create a new application pool named ADFSAppPool under Application Pools in the IIS Manager snap-in. Make sure that this application pool is started after you create it.

5. Under Default Web Site on IIS, add a new Application with the alias named adfs with physical path pointing to %system root%\inetpub\adfs and the application pool selected as ADFSAppPool.

6. Under adfs application , add a new Application with the alias named ls with physical path pointing to %system root%\inetpub\adfs\ls and application pool selected as ADFSAppPool.

Element properties:

TargetMicrosoft.ActiveDirectoryFederationServices20.FederationServerProxyWebsites
Parent MonitorSystem.Health.AvailabilityState
CategoryAvailabilityHealth
EnabledTrue
Alert GenerateTrue
Alert SeverityError
Alert PriorityNormal
Alert Auto ResolveTrue
Monitor TypeMicrosoft.ActiveDirectoryFederationServices20.TwoStateScriptMonitorType
RemotableTrue
AccessibilityPublic
Alert Message
Federation Passive Web Site Application Is Missing On The Federation Server Proxy
The AD FS federation passive Web site application is missing on IIS on the federation server proxy.
RunAsDefault

Source Code:

<UnitMonitor ID="Microsoft.ActiveDirectoryFederationServices20.FederationServerProxyWebsitesIISVDirMonitor" Accessibility="Public" Enabled="true" Target="Microsoft.ActiveDirectoryFederationServices20.FederationServerProxyWebsites" ParentMonitorID="Health!System.Health.AvailabilityState" Remotable="true" Priority="Normal" TypeID="Microsoft.ActiveDirectoryFederationServices20.TwoStateScriptMonitorType" ConfirmDelivery="false">

  <Category>AvailabilityHealth</Category>

  <AlertSettings AlertMessage="Microsoft.ActiveDirectoryFederationServices20.FederationServerProxyWebsitesIISVDirMonitor_AlertMessageResourceID">

    <AlertOnState>Error</AlertOnState>

    <AutoResolve>true</AutoResolve>

    <AlertPriority>Normal</AlertPriority>

    <AlertSeverity>Error</AlertSeverity>

  </AlertSettings>

  <OperationalStates>

    <OperationalState ID="Success" MonitorTypeStateID="Success" HealthState="Success"/>

    <OperationalState ID="Error" MonitorTypeStateID="Error" HealthState="Error"/>

  </OperationalStates>

  <Configuration>

    <PowerShellPath>%windir%\system32\windowspowershell\v1.0\powershell.exe</PowerShellPath>

    <ScriptName>FederationServerProxyWebsitesIISVDirCheck.ps1</ScriptName>

    <ScriptBody><Script>

function GetNodeFromConfig($vDir, [string] $xpath, $nsmgr)

{

    $config = ($vDir.path + "\web.config")

    $cpNode = $null



    if ([System.IO.File]::Exists($config))

    {

        [System.Xml.XmlDocument] $xd = new-object System.Xml.XmlDocument

        $xd.load( $config )        

        $cpNode = $xd.SelectSingleNode($xpath,$nsmgr)

    }

    return $cpNode

} 



function GetFedPassiveVDir()

{

    $fpVDir = $null

    $vDir = $vDirs | where {$_.name.EndsWith( "/adfs/ls" )}

    if (-not(($vDir -eq $null)))

    {

        $fpVDir = $vDir 

    }

    else

    {

        foreach ($vDir in $vDirs)

        {

           $temp = GetNodeFromConfig $vDir "configuration/microsoft.identityServer.web" $null

           if (-not(($temp -eq $null)))

           {

               $fpVDir = $vDir

               break;

           }  

        }   

    }        

    return $fpVDir

}



            $scomapi = new-object -comObject "MOM.ScriptAPI"

            $scomapi.LogScriptEvent("ActiveDirectoryFederationServices", 900, 4, "IIS VDir check PowerShell monitoring script")

            

            $script:vDirOK = $true

            $script:vDirName = ""

            #try

            &amp;{

                 

                 $vDirs = Get-WmiObject -namespace root/MicrosoftIISV2 -class IISWebVirtualDirSetting

                 $vDir = GetFedPassiveVDir



                 if ( $vDir -eq $null)

                 {

                     $script:vDirOK = $false

                     $script:vDirName = "/adfs/ls"

                 }

            }

            trap [System.Exception]   

            {              

              $scomapi.LogScriptEvent("ActiveDirectoryFederationServices", 901, 2, "IIS VDir check PowerShell monitoring script failed. " + $_.Exception.Message )

              continue

            }                

            

            $scompb = $scomapi.CreatePropertyBag()

            $scompb.AddValue("VDirOK",  $script:vDirOK )

            $scompb.AddValue("VDir",  $script:vDirName )

            $scomapi.AddItem($scompb) 

            $scomapi.ReturnItems()       



 </Script></ScriptBody>

    <IntervalSeconds>300</IntervalSeconds>

    <TimeoutSeconds>180</TimeoutSeconds>

    <ErrorExpression>

      <SimpleExpression>

        <ValueExpression>

          <XPathQuery Type="String">Property[@Name='VDirOK']</XPathQuery>

        </ValueExpression>

        <Operator>Equal</Operator>

        <ValueExpression>

          <Value Type="String">false</Value>

        </ValueExpression>

      </SimpleExpression>

    </ErrorExpression>

    <SuccessExpression>

      <SimpleExpression>

        <ValueExpression>

          <XPathQuery Type="String">Property[@Name='VDirOK']</XPathQuery>

        </ValueExpression>

        <Operator>Equal</Operator>

        <ValueExpression>

          <Value Type="String">true</Value>

        </ValueExpression>

      </SimpleExpression>

    </SuccessExpression>

  </Configuration>

</UnitMonitor>