The WS-Metadata Exchange (MEX) endpoint that is used for authentication over SOAP and HTTP protocols is not reachable. This monitor runs on the federation server. At set intervals it attempts to get the metadata exchange document from the federation server at https://<host name>/adfs/services/trust/mex.
Ha az összevonási kiszolgálón lévő MEX végpont elérhetővé válik, a figyelő zöld állapotra vált, és az eredeti figyelmeztető riasztás feloldása automatikusan megtörténik.
Ez jelentheti azt, hogy az AD FS Windows-szolgáltatás le van állítva az összevonási kiszolgáló számítógépen. További információkért tekintse meg a Riasztás környezete lapot.
Ellenőrizze, hogy az AD FS Windows-szolgáltatás el van indítva a távoli összevonási kiszolgáló számítógépen, valamint a távoli összevonási kiszolgáló elérhető. További információkért tekintse meg az AD FS hibaelhárítási útmutató „Annak ellenőrzése, hogy az AD FS telepítve van-e és fut-e”, illetve „A hálózati kapcsolat ellenőrzése” című szakaszait.
Target | Microsoft.ActiveDirectoryFederationServices2012R2.TokenIssuance | ||
Parent Monitor | System.Health.ConfigurationState | ||
Category | ConfigurationHealth | ||
Enabled | True | ||
Alert Generate | True | ||
Alert Severity | Warning | ||
Alert Priority | Normal | ||
Alert Auto Resolve | True | ||
Monitor Type | Microsoft.ActiveDirectoryFederationServices2012R2.TwoStateScriptMonitorType | ||
Remotable | True | ||
Accessibility | Public | ||
Alert Message |
| ||
RunAs | Default |
<UnitMonitor ID="Microsoft.ActiveDirectoryFederationServices2012R2.TokenIssuanceFederationServerMEXEndpointMonitor" Accessibility="Public" Enabled="true" Target="Microsoft.ActiveDirectoryFederationServices2012R2.TokenIssuance" ParentMonitorID="Health!System.Health.ConfigurationState" Remotable="true" Priority="Normal" TypeID="Microsoft.ActiveDirectoryFederationServices2012R2.TwoStateScriptMonitorType" ConfirmDelivery="false">
<Category>ConfigurationHealth</Category>
<AlertSettings AlertMessage="Microsoft.ActiveDirectoryFederationServices2012R2.TokenIssuanceFederationServerMEXEndpointMonitor_AlertMessageResourceID">
<AlertOnState>Warning</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>Normal</AlertPriority>
<AlertSeverity>Warning</AlertSeverity>
<AlertParameters>
<AlertParameter1>$Data/Context/Property[@Name='MexURL']$</AlertParameter1>
</AlertParameters>
</AlertSettings>
<OperationalStates>
<OperationalState ID="Success" MonitorTypeStateID="Success" HealthState="Success"/>
<OperationalState ID="Error" MonitorTypeStateID="Error" HealthState="Warning"/>
</OperationalStates>
<Configuration>
<PowerShellPath>%windir%\system32\windowspowershell\v1.0\powershell.exe</PowerShellPath>
<ScriptName>FederationServerMEXEndpointCheck.ps1</ScriptName>
<ScriptBody>
$script:mexOK = $false
$script:exceptionMessage = ""
$script:mexUri = ""
$scomapi = new-object -comObject "MOM.ScriptAPI"
$scomapi.LogScriptEvent("ActiveDirectoryFederationServices", 600, 4, "Federation server MEX endpoint check PowerShell monitoring script")
# Load System.ServiceModel assembly
[System.Reflection.Assembly]::LoadWithPartialName("System.ServiceModel")
Import-Module adfs
if (get-adfssyncproperties).Role -eq "PrimaryComputer"
{
#try
&{
$binding = new-object System.ServiceModel.WSHttpBinding( [System.ServiceModel.SecurityMode]::Transport )
$binding.Name = "MetadataExchangeBinding"
$binding.Namespace = "http://schemas.microsoft.com/ws/2005/02/mex/bindings"
$binding.Security.Mode = [System.ServiceModel.SecurityMode]::Transport
$binding.Security.Transport.ClientCredentialType = [System.ServiceModel.HttpClientCredentialType]::None
$binding.MaxReceivedMessageSize = 64 * 1024 * 1024
$mexClient = new-object System.ServiceModel.Description.MetadataExchangeClient $binding
$uriString = Get-ADFSEndpoint | Where-Object {$_.Protocol -eq "WS-Mex"} | Select-Object FullUrl
$uri = New-Object System.Uri $uriString.FullUrl
$script:mexUri = $uriString.FullUrl.AbsoluteUri
#Do Http Get of Mex
$mexClient.GetMetadata( $uri, [System.ServiceModel.Description.MetadataExchangeClientMode]::HttpGet )
#Do SOAP Get of Mex
$mexClient.GetMetadata( $uri, [System.ServiceModel.Description.MetadataExchangeClientMode]::MetadataExchange )
$script:mexOK = $true
}
trap [System.Exception]
{
$script:mexOK = $false
$script:exceptionMessage = $_.Exception.Message
continue
}
$scompb = $scomapi.CreatePropertyBag()
$scompb.AddValue("MexOK", $script:mexOK )
$scompb.AddValue("MexURL", $script:mexUri )
$scompb.AddValue("ErrorMessage", $script:exceptionMessage )
$scomapi.AddItem($scompb)
$scomapi.ReturnItems()
}
</ScriptBody>
<IntervalSeconds>900</IntervalSeconds>
<TimeoutSeconds>180</TimeoutSeconds>
<ErrorExpression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='MexOK']</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">false</Value>
</ValueExpression>
</SimpleExpression>
</ErrorExpression>
<SuccessExpression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='MexOK']</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">true</Value>
</ValueExpression>
</SimpleExpression>
</SuccessExpression>
</Configuration>
</UnitMonitor>