The WS-Metadata Exchange (MEX) endpoint that is used for authentication over SOAP and HTTP protocols is not reachable. This monitor runs on the federation server. At set intervals it attempts to get the metadata exchange document from the federation server at https://<host name>/adfs/services/trust/mex.
Wenn der MEX-Endpunkt auf dem Verbundserver verfügbar ist, wechselt der Monitor in einen "grünen" Bereich, und die ursprüngliche kritische Warnung wird automatisch aufgelöst.
Dies kann bedeuten, dass der AD FS-Windows-Dienst auf dem Verbundservercomputer beendet wird. Überprüfen Sie die Registerkarte "Warnungskontext" auf weitere Informationen.
Überprüfen Sie, ob der AD FS-Windows-Dienst auf dem Remote-Verbundservercomputer gestartet wurde und der Server verfügbar ist. Weitere Informationen finden Sie unter "Überprüfen, ob AD FS installiert ist und ausgeführt wird" und "Überprüfen der Netzwerkkonnektivität" im Handbuch zur Problembehandlung in AD FS (möglicherweise in englischer Sprache).
Target | Microsoft.ActiveDirectoryFederationServices2012R2.TokenIssuance | ||
Parent Monitor | System.Health.ConfigurationState | ||
Category | ConfigurationHealth | ||
Enabled | True | ||
Alert Generate | True | ||
Alert Severity | Warning | ||
Alert Priority | Normal | ||
Alert Auto Resolve | True | ||
Monitor Type | Microsoft.ActiveDirectoryFederationServices2012R2.TwoStateScriptMonitorType | ||
Remotable | True | ||
Accessibility | Public | ||
Alert Message |
| ||
RunAs | Default |
<UnitMonitor ID="Microsoft.ActiveDirectoryFederationServices2012R2.TokenIssuanceFederationServerMEXEndpointMonitor" Accessibility="Public" Enabled="true" Target="Microsoft.ActiveDirectoryFederationServices2012R2.TokenIssuance" ParentMonitorID="Health!System.Health.ConfigurationState" Remotable="true" Priority="Normal" TypeID="Microsoft.ActiveDirectoryFederationServices2012R2.TwoStateScriptMonitorType" ConfirmDelivery="false">
<Category>ConfigurationHealth</Category>
<AlertSettings AlertMessage="Microsoft.ActiveDirectoryFederationServices2012R2.TokenIssuanceFederationServerMEXEndpointMonitor_AlertMessageResourceID">
<AlertOnState>Warning</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>Normal</AlertPriority>
<AlertSeverity>Warning</AlertSeverity>
<AlertParameters>
<AlertParameter1>$Data/Context/Property[@Name='MexURL']$</AlertParameter1>
</AlertParameters>
</AlertSettings>
<OperationalStates>
<OperationalState ID="Success" MonitorTypeStateID="Success" HealthState="Success"/>
<OperationalState ID="Error" MonitorTypeStateID="Error" HealthState="Warning"/>
</OperationalStates>
<Configuration>
<PowerShellPath>%windir%\system32\windowspowershell\v1.0\powershell.exe</PowerShellPath>
<ScriptName>FederationServerMEXEndpointCheck.ps1</ScriptName>
<ScriptBody>
$script:mexOK = $false
$script:exceptionMessage = ""
$script:mexUri = ""
$scomapi = new-object -comObject "MOM.ScriptAPI"
$scomapi.LogScriptEvent("ActiveDirectoryFederationServices", 600, 4, "Federation server MEX endpoint check PowerShell monitoring script")
# Load System.ServiceModel assembly
[System.Reflection.Assembly]::LoadWithPartialName("System.ServiceModel")
Import-Module adfs
if (get-adfssyncproperties).Role -eq "PrimaryComputer"
{
#try
&{
$binding = new-object System.ServiceModel.WSHttpBinding( [System.ServiceModel.SecurityMode]::Transport )
$binding.Name = "MetadataExchangeBinding"
$binding.Namespace = "http://schemas.microsoft.com/ws/2005/02/mex/bindings"
$binding.Security.Mode = [System.ServiceModel.SecurityMode]::Transport
$binding.Security.Transport.ClientCredentialType = [System.ServiceModel.HttpClientCredentialType]::None
$binding.MaxReceivedMessageSize = 64 * 1024 * 1024
$mexClient = new-object System.ServiceModel.Description.MetadataExchangeClient $binding
$uriString = Get-ADFSEndpoint | Where-Object {$_.Protocol -eq "WS-Mex"} | Select-Object FullUrl
$uri = New-Object System.Uri $uriString.FullUrl
$script:mexUri = $uriString.FullUrl.AbsoluteUri
#Do Http Get of Mex
$mexClient.GetMetadata( $uri, [System.ServiceModel.Description.MetadataExchangeClientMode]::HttpGet )
#Do SOAP Get of Mex
$mexClient.GetMetadata( $uri, [System.ServiceModel.Description.MetadataExchangeClientMode]::MetadataExchange )
$script:mexOK = $true
}
trap [System.Exception]
{
$script:mexOK = $false
$script:exceptionMessage = $_.Exception.Message
continue
}
$scompb = $scomapi.CreatePropertyBag()
$scompb.AddValue("MexOK", $script:mexOK )
$scompb.AddValue("MexURL", $script:mexUri )
$scompb.AddValue("ErrorMessage", $script:exceptionMessage )
$scomapi.AddItem($scompb)
$scomapi.ReturnItems()
}
</ScriptBody>
<IntervalSeconds>900</IntervalSeconds>
<TimeoutSeconds>180</TimeoutSeconds>
<ErrorExpression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='MexOK']</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">false</Value>
</ValueExpression>
</SimpleExpression>
</ErrorExpression>
<SuccessExpression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='MexOK']</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">true</Value>
</ValueExpression>
</SimpleExpression>
</SuccessExpression>
</Configuration>
</UnitMonitor>