Home
  •  

Ponto de Extremidade do MEX Inacessível

Microsoft.ActiveDirectoryFederationServices2012R2.TokenIssuanceFederationServerMEXEndpointMonitor (UnitMonitor)

Knowledge Base article:

Resumo

The WS-Metadata Exchange (MEX) endpoint that is used for authentication over SOAP and HTTP protocols is not reachable. This monitor runs on the federation server. At set intervals it attempts to get the metadata exchange document from the federation server at https://<host name>/adfs/services/trust/mex.

Se o ponto de extremidade MEX no servidor de federação torna-se acessível, o monitor será transferido para um estado verde, e o aviso de alerta original será resolvido automaticamente.

Causas

Isso pode significar que o serviço AD FS do Windows foi interrompido no computador do servidor de federação. Verifique a guia Contexto do Alerta para obter mais informações.

Resoluções

Verifique se o serviço AD FS do Windows foi iniciado no computador do servidor de federação remoto e se o servidor de federação remoto está acessível. Para obter mais informações, consulte os tópicos "Verificar se o AD FS está instalado e funcionando" e "Verificar a conectividade de rede" no Guia de Solução de Problemas do AD FS.

Element properties:

TargetMicrosoft.ActiveDirectoryFederationServices2012R2.TokenIssuance
Parent MonitorSystem.Health.ConfigurationState
CategoryConfigurationHealth
EnabledTrue
Alert GenerateTrue
Alert SeverityWarning
Alert PriorityNormal
Alert Auto ResolveTrue
Monitor TypeMicrosoft.ActiveDirectoryFederationServices2012R2.TwoStateScriptMonitorType
RemotableTrue
AccessibilityPublic
Alert Message
Ponto de Extremidade do MEX Inacessível
O ponto de extremidade do WS-Metadata Exchange (MEX) '{0}' que é usado para autenticação dos protocolos SOAP e HTTP está inacessível.
RunAsDefault

Source Code:

<UnitMonitor ID="Microsoft.ActiveDirectoryFederationServices2012R2.TokenIssuanceFederationServerMEXEndpointMonitor" Accessibility="Public" Enabled="true" Target="Microsoft.ActiveDirectoryFederationServices2012R2.TokenIssuance" ParentMonitorID="Health!System.Health.ConfigurationState" Remotable="true" Priority="Normal" TypeID="Microsoft.ActiveDirectoryFederationServices2012R2.TwoStateScriptMonitorType" ConfirmDelivery="false">

  <Category>ConfigurationHealth</Category>

  <AlertSettings AlertMessage="Microsoft.ActiveDirectoryFederationServices2012R2.TokenIssuanceFederationServerMEXEndpointMonitor_AlertMessageResourceID">

    <AlertOnState>Warning</AlertOnState>

    <AutoResolve>true</AutoResolve>

    <AlertPriority>Normal</AlertPriority>

    <AlertSeverity>Warning</AlertSeverity>

    <AlertParameters>

      <AlertParameter1>$Data/Context/Property[@Name='MexURL']$</AlertParameter1>

    </AlertParameters>

  </AlertSettings>

  <OperationalStates>

    <OperationalState ID="Success" MonitorTypeStateID="Success" HealthState="Success"/>

    <OperationalState ID="Error" MonitorTypeStateID="Error" HealthState="Warning"/>

  </OperationalStates>

  <Configuration>

    <PowerShellPath>%windir%\system32\windowspowershell\v1.0\powershell.exe</PowerShellPath>

    <ScriptName>FederationServerMEXEndpointCheck.ps1</ScriptName>

    <ScriptBody><Script>

                        $script:mexOK = $false

                        $script:exceptionMessage = ""

                        $script:mexUri = ""



                        $scomapi = new-object -comObject "MOM.ScriptAPI"

                        $scomapi.LogScriptEvent("ActiveDirectoryFederationServices", 600, 4, "Federation server MEX endpoint check PowerShell monitoring script")



                        # Load System.ServiceModel assembly

                        [System.Reflection.Assembly]::LoadWithPartialName("System.ServiceModel")



                        Import-Module adfs



                        if (get-adfssyncproperties).Role -eq "PrimaryComputer"

                        {

                        #try

                        &amp;{

                        $binding = new-object System.ServiceModel.WSHttpBinding( [System.ServiceModel.SecurityMode]::Transport )

                        $binding.Name = "MetadataExchangeBinding"

                        $binding.Namespace = "http://schemas.microsoft.com/ws/2005/02/mex/bindings"



                        $binding.Security.Mode = [System.ServiceModel.SecurityMode]::Transport

                        $binding.Security.Transport.ClientCredentialType = [System.ServiceModel.HttpClientCredentialType]::None

                        $binding.MaxReceivedMessageSize = 64 * 1024 * 1024



                        $mexClient =  new-object System.ServiceModel.Description.MetadataExchangeClient $binding

                        $uriString = Get-ADFSEndpoint | Where-Object {$_.Protocol -eq "WS-Mex"} | Select-Object FullUrl

                        $uri = New-Object System.Uri $uriString.FullUrl



                        $script:mexUri = $uriString.FullUrl.AbsoluteUri



                        #Do Http Get of Mex

                        $mexClient.GetMetadata( $uri, [System.ServiceModel.Description.MetadataExchangeClientMode]::HttpGet )



                        #Do SOAP Get of Mex

                        $mexClient.GetMetadata( $uri, [System.ServiceModel.Description.MetadataExchangeClientMode]::MetadataExchange )



                        $script:mexOK = $true

                        }

                        trap [System.Exception]

                        {

                        $script:mexOK = $false

                        $script:exceptionMessage = $_.Exception.Message

                        continue

                        }



                        $scompb = $scomapi.CreatePropertyBag()

                        $scompb.AddValue("MexOK",  $script:mexOK )

                        $scompb.AddValue("MexURL",  $script:mexUri )

                        $scompb.AddValue("ErrorMessage",  $script:exceptionMessage )

                        $scomapi.AddItem($scompb)

                        $scomapi.ReturnItems()

                        }

                    </Script></ScriptBody>

    <IntervalSeconds>900</IntervalSeconds>

    <TimeoutSeconds>180</TimeoutSeconds>

    <ErrorExpression>

      <SimpleExpression>

        <ValueExpression>

          <XPathQuery Type="String">Property[@Name='MexOK']</XPathQuery>

        </ValueExpression>

        <Operator>Equal</Operator>

        <ValueExpression>

          <Value Type="String">false</Value>

        </ValueExpression>

      </SimpleExpression>

    </ErrorExpression>

    <SuccessExpression>

      <SimpleExpression>

        <ValueExpression>

          <XPathQuery Type="String">Property[@Name='MexOK']</XPathQuery>

        </ValueExpression>

        <Operator>Equal</Operator>

        <ValueExpression>

          <Value Type="String">true</Value>

        </ValueExpression>

      </SimpleExpression>

    </SuccessExpression>

  </Configuration>

</UnitMonitor>