The WS-Metadata Exchange (MEX) endpoint that is used for authentication over SOAP and HTTP protocols is not reachable. This monitor runs on the federation server. At set intervals it attempts to get the metadata exchange document from the federation server at https://<host name>/adfs/services/trust/mex.
Om MEX-slutpunkten på federationsservern blir tillgänglig ändras övervakaren till grön status och den ursprungliga kritiska varningen löses automatiskt.
Detta kan innebär att AD FS Windows-tjänsten stoppades på federationsserverns dator. Se fliken Varningskontext för ytterligare information.
Verifiera att AD FS Windows-tjänsten startades på federationsserverns dator och att det går att nå federationens fjärrserver. Mer information finns i avsnitten Verifiera att AD FS är installerade och körs samt i Verifiera nätverksanslutning i AD FS felsökningsguide.
Target | Microsoft.ActiveDirectoryFederationServices2012R2.TokenIssuance | ||
Parent Monitor | System.Health.ConfigurationState | ||
Category | ConfigurationHealth | ||
Enabled | True | ||
Alert Generate | True | ||
Alert Severity | Warning | ||
Alert Priority | Normal | ||
Alert Auto Resolve | True | ||
Monitor Type | Microsoft.ActiveDirectoryFederationServices2012R2.TwoStateScriptMonitorType | ||
Remotable | True | ||
Accessibility | Public | ||
Alert Message |
| ||
RunAs | Default |
<UnitMonitor ID="Microsoft.ActiveDirectoryFederationServices2012R2.TokenIssuanceFederationServerMEXEndpointMonitor" Accessibility="Public" Enabled="true" Target="Microsoft.ActiveDirectoryFederationServices2012R2.TokenIssuance" ParentMonitorID="Health!System.Health.ConfigurationState" Remotable="true" Priority="Normal" TypeID="Microsoft.ActiveDirectoryFederationServices2012R2.TwoStateScriptMonitorType" ConfirmDelivery="false">
<Category>ConfigurationHealth</Category>
<AlertSettings AlertMessage="Microsoft.ActiveDirectoryFederationServices2012R2.TokenIssuanceFederationServerMEXEndpointMonitor_AlertMessageResourceID">
<AlertOnState>Warning</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>Normal</AlertPriority>
<AlertSeverity>Warning</AlertSeverity>
<AlertParameters>
<AlertParameter1>$Data/Context/Property[@Name='MexURL']$</AlertParameter1>
</AlertParameters>
</AlertSettings>
<OperationalStates>
<OperationalState ID="Success" MonitorTypeStateID="Success" HealthState="Success"/>
<OperationalState ID="Error" MonitorTypeStateID="Error" HealthState="Warning"/>
</OperationalStates>
<Configuration>
<PowerShellPath>%windir%\system32\windowspowershell\v1.0\powershell.exe</PowerShellPath>
<ScriptName>FederationServerMEXEndpointCheck.ps1</ScriptName>
<ScriptBody>
$script:mexOK = $false
$script:exceptionMessage = ""
$script:mexUri = ""
$scomapi = new-object -comObject "MOM.ScriptAPI"
$scomapi.LogScriptEvent("ActiveDirectoryFederationServices", 600, 4, "Federation server MEX endpoint check PowerShell monitoring script")
# Load System.ServiceModel assembly
[System.Reflection.Assembly]::LoadWithPartialName("System.ServiceModel")
Import-Module adfs
if (get-adfssyncproperties).Role -eq "PrimaryComputer"
{
#try
&{
$binding = new-object System.ServiceModel.WSHttpBinding( [System.ServiceModel.SecurityMode]::Transport )
$binding.Name = "MetadataExchangeBinding"
$binding.Namespace = "http://schemas.microsoft.com/ws/2005/02/mex/bindings"
$binding.Security.Mode = [System.ServiceModel.SecurityMode]::Transport
$binding.Security.Transport.ClientCredentialType = [System.ServiceModel.HttpClientCredentialType]::None
$binding.MaxReceivedMessageSize = 64 * 1024 * 1024
$mexClient = new-object System.ServiceModel.Description.MetadataExchangeClient $binding
$uriString = Get-ADFSEndpoint | Where-Object {$_.Protocol -eq "WS-Mex"} | Select-Object FullUrl
$uri = New-Object System.Uri $uriString.FullUrl
$script:mexUri = $uriString.FullUrl.AbsoluteUri
#Do Http Get of Mex
$mexClient.GetMetadata( $uri, [System.ServiceModel.Description.MetadataExchangeClientMode]::HttpGet )
#Do SOAP Get of Mex
$mexClient.GetMetadata( $uri, [System.ServiceModel.Description.MetadataExchangeClientMode]::MetadataExchange )
$script:mexOK = $true
}
trap [System.Exception]
{
$script:mexOK = $false
$script:exceptionMessage = $_.Exception.Message
continue
}
$scompb = $scomapi.CreatePropertyBag()
$scompb.AddValue("MexOK", $script:mexOK )
$scompb.AddValue("MexURL", $script:mexUri )
$scompb.AddValue("ErrorMessage", $script:exceptionMessage )
$scomapi.AddItem($scompb)
$scomapi.ReturnItems()
}
</ScriptBody>
<IntervalSeconds>900</IntervalSeconds>
<TimeoutSeconds>180</TimeoutSeconds>
<ErrorExpression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='MexOK']</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">false</Value>
</ValueExpression>
</SimpleExpression>
</ErrorExpression>
<SuccessExpression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='MexOK']</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">true</Value>
</ValueExpression>
</SimpleExpression>
</SuccessExpression>
</Configuration>
</UnitMonitor>