This monitor indicates that the Federation Service failed to connect to the SAML artifact store. If the same problem does not happen again within 15 minutes, the health state of this monitor will change back to a Green state. The alert that is generated by this monitor must be resolved manually.
The following are possible causes for this event to occur:
During the token issuance, an issued token inside of an artifact message could not be stored in the artifact database.
During the artifact resolution, the artifact could not be retrieved from the artifact database.
Also, this event might contain additional details that can be useful for SQL-specific troubleshooting: for example, if permissions or access for the current AD FS service identity are not established.
Ensure that the artifact database is configured correctly. Use the Set-ADFSProperties cmdlet with the ArtifactDbConnection parameter (included in the Windows PowerShell cmdlets for AD FS) to modify the connection string, if necessary. Troubleshoot the connectivity to the artifact database.
For SQL-specific troubleshooting of permissions, see the procedure for verifying that the AD FS service user account has permissions to access the configuration store in "Things to Check Before Troubleshooting AD FS" section in the AD FS troubleshooting guide. You can reuse the same procedure that is provided there to verify permissions to the artifact store (AdfsArtifactStore) instead of the configuration store (AdfsConfiguration).
Target | Microsoft.ActiveDirectoryFederationServices2012R2.ArtifactService | ||
Parent Monitor | System.Health.ConfigurationState | ||
Category | ConfigurationHealth | ||
Enabled | True | ||
Alert Generate | True | ||
Alert Severity | Warning | ||
Alert Priority | Normal | ||
Alert Auto Resolve | True | ||
Monitor Type | Microsoft.Windows.SingleEventLogTimer2StateMonitorType | ||
Remotable | True | ||
Accessibility | Public | ||
Alert Message |
| ||
RunAs | Default |
<UnitMonitor ID="Microsoft.ActiveDirectoryFederationServices2012R2.ArtifactServiceArtifactStorageConnectionOpenErrorMonitor" Accessibility="Public" Enabled="true" Target="Microsoft.ActiveDirectoryFederationServices2012R2.ArtifactService" ParentMonitorID="Health!System.Health.ConfigurationState" Remotable="true" Priority="Normal" TypeID="Windows!Microsoft.Windows.SingleEventLogTimer2StateMonitorType" ConfirmDelivery="true">
<Category>ConfigurationHealth</Category>
<AlertSettings AlertMessage="Microsoft.ActiveDirectoryFederationServices2012R2.ArtifactServiceArtifactStorageConnectionOpenErrorMonitor_AlertMessageResourceID">
<AlertOnState>Warning</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>Normal</AlertPriority>
<AlertSeverity>Warning</AlertSeverity>
</AlertSettings>
<OperationalStates>
<OperationalState ID="EventRaised" MonitorTypeStateID="EventRaised" HealthState="Warning"/>
<OperationalState ID="TimerEventRaised" MonitorTypeStateID="TimerEventRaised" HealthState="Success"/>
</OperationalStates>
<Configuration>
<ComputerName>$Target/Host/Host/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>$Target/Host/Host/Property[Type="Microsoft.ActiveDirectoryFederationServices2012R2.FederationServer"]/ADFSEventLog$</LogName>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">286</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<RegExExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>MatchesMOM2005RegularExpression</Operator>
<Pattern>(^AD FS$)</Pattern>
</RegExExpression>
</Expression>
</And>
</Expression>
<TimerWaitInSeconds>900</TimerWaitInSeconds>
</Configuration>
</UnitMonitor>