Home
  •  

联合服务器代理上缺少联合身份验证被动网站应用程序

Microsoft.ActiveDirectoryFederationServices20.FederationServerProxyWebsitesIISVDirMonitor (UnitMonitor)

Knowledge Base article:

摘要

联合服务器代理上的 IIS 中缺少 AD FS 2.0 联合身份验证被动网站应用程序。

原因

AD FS 2.0 联合身份验证被动网站应用程序被删除。

解决方法

为 AD FS 2.0 联合身份验证被动网站添加 IIS 应用程序:

1. 在 %system root%\inetpub\ 下创建一个名为 adfs 的新文件夹。

2. 在 %system root%\inetpub\adfs\ 下创建一个名为 ls 的新文件夹。

3. 将 %system root%\Program Files\Active Directory Federation Services 2.0\WSFederationPassive.Web\ 下的所有文件复制到 %system root%\inetpub\adfs\ls\ 中。

4. 在 IIS 管理器管理单元中的“应用程序池”下创建一个名为 ADFSAppPool 的新应用程序池。 确保在创建后启动该应用程序池。

5. 在 IIS 上的“默认网站”下,添加一个别名为 adfs 的新应用程序,其物理路径指向 %system root%\inetpub\adfs,并且选择 ADFSAppPool 作为应用程序池。

6. 在 adfs 应用程序下,添加一个别名为 ls 的新应用程序,其物理路径指向 %system root%\inetpub\adfs\ls,并且选择 ADFSAppPool 作为应用程序池。

Element properties:

TargetMicrosoft.ActiveDirectoryFederationServices20.FederationServerProxyWebsites
Parent MonitorSystem.Health.AvailabilityState
CategoryAvailabilityHealth
EnabledTrue
Alert GenerateTrue
Alert SeverityError
Alert PriorityNormal
Alert Auto ResolveTrue
Monitor TypeMicrosoft.ActiveDirectoryFederationServices20.TwoStateScriptMonitorType
RemotableTrue
AccessibilityPublic
Alert Message
联合服务器代理上缺少联合身份验证被动网站应用程序
联合服务器代理的 IIS 上缺少 AD FS 2.0 联合身份验证被动网站应用程序。
RunAsDefault

Source Code:

<UnitMonitor ID="Microsoft.ActiveDirectoryFederationServices20.FederationServerProxyWebsitesIISVDirMonitor" Accessibility="Public" Enabled="true" Target="Microsoft.ActiveDirectoryFederationServices20.FederationServerProxyWebsites" ParentMonitorID="Health!System.Health.AvailabilityState" Remotable="true" Priority="Normal" TypeID="Microsoft.ActiveDirectoryFederationServices20.TwoStateScriptMonitorType" ConfirmDelivery="false">

  <Category>AvailabilityHealth</Category>

  <AlertSettings AlertMessage="Microsoft.ActiveDirectoryFederationServices20.FederationServerProxyWebsitesIISVDirMonitor_AlertMessageResourceID">

    <AlertOnState>Error</AlertOnState>

    <AutoResolve>true</AutoResolve>

    <AlertPriority>Normal</AlertPriority>

    <AlertSeverity>Error</AlertSeverity>

  </AlertSettings>

  <OperationalStates>

    <OperationalState ID="Success" MonitorTypeStateID="Success" HealthState="Success"/>

    <OperationalState ID="Error" MonitorTypeStateID="Error" HealthState="Error"/>

  </OperationalStates>

  <Configuration>

    <PowerShellPath>%windir%\system32\windowspowershell\v1.0\powershell.exe</PowerShellPath>

    <ScriptName>FederationServerProxyWebsitesIISVDirCheck.ps1</ScriptName>

    <ScriptBody><Script>

function GetNodeFromConfig($vDir, [string] $xpath, $nsmgr)

{

    $config = ($vDir.path + "\web.config")

    $cpNode = $null



    if ([System.IO.File]::Exists($config))

    {

        [System.Xml.XmlDocument] $xd = new-object System.Xml.XmlDocument

        $xd.load( $config )        

        $cpNode = $xd.SelectSingleNode($xpath,$nsmgr)

    }

    return $cpNode

} 



function GetFedPassiveVDir()

{

    $fpVDir = $null

    $vDir = $vDirs | where {$_.name.EndsWith( "/adfs/ls" )}

    if (-not(($vDir -eq $null)))

    {

        $fpVDir = $vDir 

    }

    else

    {

        foreach ($vDir in $vDirs)

        {

           $temp = GetNodeFromConfig $vDir "configuration/microsoft.identityServer.web" $null

           if (-not(($temp -eq $null)))

           {

               $fpVDir = $vDir

               break;

           }  

        }   

    }        

    return $fpVDir

}



            $scomapi = new-object -comObject "MOM.ScriptAPI"

            $scomapi.LogScriptEvent("ActiveDirectoryFederationServices", 900, 4, "IIS VDir check PowerShell monitoring script")

            

            $script:vDirOK = $true

            $script:vDirName = ""

            #try

            &amp;{

                 

                 $vDirs = Get-WmiObject -namespace root/MicrosoftIISV2 -class IISWebVirtualDirSetting

                 $vDir = GetFedPassiveVDir



                 if ( $vDir -eq $null)

                 {

                     $script:vDirOK = $false

                     $script:vDirName = "/adfs/ls"

                 }

            }

            trap [System.Exception]   

            {              

              $scomapi.LogScriptEvent("ActiveDirectoryFederationServices", 901, 2, "IIS VDir check PowerShell monitoring script failed. " + $_.Exception.Message )

              continue

            }                

            

            $scompb = $scomapi.CreatePropertyBag()

            $scompb.AddValue("VDirOK",  $script:vDirOK )

            $scompb.AddValue("VDir",  $script:vDirName )

            $scomapi.AddItem($scompb) 

            $scomapi.ReturnItems()       



 </Script></ScriptBody>

    <IntervalSeconds>300</IntervalSeconds>

    <TimeoutSeconds>180</TimeoutSeconds>

    <ErrorExpression>

      <SimpleExpression>

        <ValueExpression>

          <XPathQuery Type="String">Property[@Name='VDirOK']</XPathQuery>

        </ValueExpression>

        <Operator>Equal</Operator>

        <ValueExpression>

          <Value Type="String">false</Value>

        </ValueExpression>

      </SimpleExpression>

    </ErrorExpression>

    <SuccessExpression>

      <SimpleExpression>

        <ValueExpression>

          <XPathQuery Type="String">Property[@Name='VDirOK']</XPathQuery>

        </ValueExpression>

        <Operator>Equal</Operator>

        <ValueExpression>

          <Value Type="String">true</Value>

        </ValueExpression>

      </SimpleExpression>

    </SuccessExpression>

  </Configuration>

</UnitMonitor>