The WS-Metadata Exchange (MEX) endpoint that is used for authentication over SOAP and HTTP protocols is not reachable. This monitor runs on the federation server. At set intervals it attempts to get the metadata exchange document from the federation server at https://<host name>/adfs/services/trust/mex.
Se o ponto de extremidade MEX no servidor de federação torna-se acessível, o monitor será transferido para um estado verde, e o aviso de alerta original será resolvido automaticamente.
Isso pode significar que o serviço AD FS do Windows foi interrompido no computador do servidor de federação. Verifique a guia Contexto do Alerta para obter mais informações.
Verifique se o serviço AD FS do Windows foi iniciado no computador do servidor de federação remoto e se o servidor de federação remoto está acessível. Para obter mais informações, consulte os tópicos "Verificar se o AD FS está instalado e funcionando" e "Verificar a conectividade de rede" no Guia de Solução de Problemas do AD FS.
Target | Microsoft.ActiveDirectoryFederationServices2012R2.TokenIssuance | ||
Parent Monitor | System.Health.ConfigurationState | ||
Category | ConfigurationHealth | ||
Enabled | True | ||
Alert Generate | True | ||
Alert Severity | Warning | ||
Alert Priority | Normal | ||
Alert Auto Resolve | True | ||
Monitor Type | Microsoft.ActiveDirectoryFederationServices2012R2.TwoStateScriptMonitorType | ||
Remotable | True | ||
Accessibility | Public | ||
Alert Message |
| ||
RunAs | Default |
<UnitMonitor ID="Microsoft.ActiveDirectoryFederationServices2012R2.TokenIssuanceFederationServerMEXEndpointMonitor" Accessibility="Public" Enabled="true" Target="Microsoft.ActiveDirectoryFederationServices2012R2.TokenIssuance" ParentMonitorID="Health!System.Health.ConfigurationState" Remotable="true" Priority="Normal" TypeID="Microsoft.ActiveDirectoryFederationServices2012R2.TwoStateScriptMonitorType" ConfirmDelivery="false">
<Category>ConfigurationHealth</Category>
<AlertSettings AlertMessage="Microsoft.ActiveDirectoryFederationServices2012R2.TokenIssuanceFederationServerMEXEndpointMonitor_AlertMessageResourceID">
<AlertOnState>Warning</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>Normal</AlertPriority>
<AlertSeverity>Warning</AlertSeverity>
<AlertParameters>
<AlertParameter1>$Data/Context/Property[@Name='MexURL']$</AlertParameter1>
</AlertParameters>
</AlertSettings>
<OperationalStates>
<OperationalState ID="Success" MonitorTypeStateID="Success" HealthState="Success"/>
<OperationalState ID="Error" MonitorTypeStateID="Error" HealthState="Warning"/>
</OperationalStates>
<Configuration>
<PowerShellPath>%windir%\system32\windowspowershell\v1.0\powershell.exe</PowerShellPath>
<ScriptName>FederationServerMEXEndpointCheck.ps1</ScriptName>
<ScriptBody>
$script:mexOK = $false
$script:exceptionMessage = ""
$script:mexUri = ""
$scomapi = new-object -comObject "MOM.ScriptAPI"
$scomapi.LogScriptEvent("ActiveDirectoryFederationServices", 600, 4, "Federation server MEX endpoint check PowerShell monitoring script")
# Load System.ServiceModel assembly
[System.Reflection.Assembly]::LoadWithPartialName("System.ServiceModel")
Import-Module adfs
if (get-adfssyncproperties).Role -eq "PrimaryComputer"
{
#try
&{
$binding = new-object System.ServiceModel.WSHttpBinding( [System.ServiceModel.SecurityMode]::Transport )
$binding.Name = "MetadataExchangeBinding"
$binding.Namespace = "http://schemas.microsoft.com/ws/2005/02/mex/bindings"
$binding.Security.Mode = [System.ServiceModel.SecurityMode]::Transport
$binding.Security.Transport.ClientCredentialType = [System.ServiceModel.HttpClientCredentialType]::None
$binding.MaxReceivedMessageSize = 64 * 1024 * 1024
$mexClient = new-object System.ServiceModel.Description.MetadataExchangeClient $binding
$uriString = Get-ADFSEndpoint | Where-Object {$_.Protocol -eq "WS-Mex"} | Select-Object FullUrl
$uri = New-Object System.Uri $uriString.FullUrl
$script:mexUri = $uriString.FullUrl.AbsoluteUri
#Do Http Get of Mex
$mexClient.GetMetadata( $uri, [System.ServiceModel.Description.MetadataExchangeClientMode]::HttpGet )
#Do SOAP Get of Mex
$mexClient.GetMetadata( $uri, [System.ServiceModel.Description.MetadataExchangeClientMode]::MetadataExchange )
$script:mexOK = $true
}
trap [System.Exception]
{
$script:mexOK = $false
$script:exceptionMessage = $_.Exception.Message
continue
}
$scompb = $scomapi.CreatePropertyBag()
$scompb.AddValue("MexOK", $script:mexOK )
$scompb.AddValue("MexURL", $script:mexUri )
$scompb.AddValue("ErrorMessage", $script:exceptionMessage )
$scomapi.AddItem($scompb)
$scomapi.ReturnItems()
}
</ScriptBody>
<IntervalSeconds>900</IntervalSeconds>
<TimeoutSeconds>180</TimeoutSeconds>
<ErrorExpression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='MexOK']</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">false</Value>
</ValueExpression>
</SimpleExpression>
</ErrorExpression>
<SuccessExpression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='MexOK']</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">true</Value>
</ValueExpression>
</SimpleExpression>
</SuccessExpression>
</Configuration>
</UnitMonitor>