Home
  •  

Ponto Final MEX Está Inacessível

Microsoft.ActiveDirectoryFederationServices2012R2.TokenIssuanceFederationServerMEXEndpointMonitor (UnitMonitor)

Knowledge Base article:

Resumo

The WS-Metadata Exchange (MEX) endpoint that is used for authentication over SOAP and HTTP protocols is not reachable. This monitor runs on the federation server. At set intervals it attempts to get the metadata exchange document from the federation server at https://<host name>/adfs/services/trust/mex.

Se o ponto final MEX do servidor de federação ficar disponível, o monitor passará para um estado Verde e o alerta de aviso original será automaticamente resolvido.

Causas

Isto poderá significar que o Serviço AD FS do Windows foi interrompido no computador com o servidor de federação. Consulte mais informações no separador Contexto do Alerta.

Resoluções

Verifique se o serviço AD FS do Windows foi iniciado no computador com o servidor de federação remoto e se o servidor de federação remoto se encontra disponível. Para mais informações, consulte os tópicos "Verificar se o AD FS se encontra instalado e em execução" e "Verificar a conectividade de rede" no Manual de Resolução de Problemas do AD FS.

Element properties:

TargetMicrosoft.ActiveDirectoryFederationServices2012R2.TokenIssuance
Parent MonitorSystem.Health.ConfigurationState
CategoryConfigurationHealth
EnabledTrue
Alert GenerateTrue
Alert SeverityWarning
Alert PriorityNormal
Alert Auto ResolveTrue
Monitor TypeMicrosoft.ActiveDirectoryFederationServices2012R2.TwoStateScriptMonitorType
RemotableTrue
AccessibilityPublic
Alert Message
Ponto Final MEX Está Inacessível
O ponto final WS-Metadata Exchange (MEX) '{0}' utilizado para autenticação sobre os protocolos SOAP e HTTP encontra-se inacessível.
RunAsDefault

Source Code:

<UnitMonitor ID="Microsoft.ActiveDirectoryFederationServices2012R2.TokenIssuanceFederationServerMEXEndpointMonitor" Accessibility="Public" Enabled="true" Target="Microsoft.ActiveDirectoryFederationServices2012R2.TokenIssuance" ParentMonitorID="Health!System.Health.ConfigurationState" Remotable="true" Priority="Normal" TypeID="Microsoft.ActiveDirectoryFederationServices2012R2.TwoStateScriptMonitorType" ConfirmDelivery="false">

  <Category>ConfigurationHealth</Category>

  <AlertSettings AlertMessage="Microsoft.ActiveDirectoryFederationServices2012R2.TokenIssuanceFederationServerMEXEndpointMonitor_AlertMessageResourceID">

    <AlertOnState>Warning</AlertOnState>

    <AutoResolve>true</AutoResolve>

    <AlertPriority>Normal</AlertPriority>

    <AlertSeverity>Warning</AlertSeverity>

    <AlertParameters>

      <AlertParameter1>$Data/Context/Property[@Name='MexURL']$</AlertParameter1>

    </AlertParameters>

  </AlertSettings>

  <OperationalStates>

    <OperationalState ID="Success" MonitorTypeStateID="Success" HealthState="Success"/>

    <OperationalState ID="Error" MonitorTypeStateID="Error" HealthState="Warning"/>

  </OperationalStates>

  <Configuration>

    <PowerShellPath>%windir%\system32\windowspowershell\v1.0\powershell.exe</PowerShellPath>

    <ScriptName>FederationServerMEXEndpointCheck.ps1</ScriptName>

    <ScriptBody><Script>

                        $script:mexOK = $false

                        $script:exceptionMessage = ""

                        $script:mexUri = ""



                        $scomapi = new-object -comObject "MOM.ScriptAPI"

                        $scomapi.LogScriptEvent("ActiveDirectoryFederationServices", 600, 4, "Federation server MEX endpoint check PowerShell monitoring script")



                        # Load System.ServiceModel assembly

                        [System.Reflection.Assembly]::LoadWithPartialName("System.ServiceModel")



                        Import-Module adfs



                        if (get-adfssyncproperties).Role -eq "PrimaryComputer"

                        {

                        #try

                        &amp;{

                        $binding = new-object System.ServiceModel.WSHttpBinding( [System.ServiceModel.SecurityMode]::Transport )

                        $binding.Name = "MetadataExchangeBinding"

                        $binding.Namespace = "http://schemas.microsoft.com/ws/2005/02/mex/bindings"



                        $binding.Security.Mode = [System.ServiceModel.SecurityMode]::Transport

                        $binding.Security.Transport.ClientCredentialType = [System.ServiceModel.HttpClientCredentialType]::None

                        $binding.MaxReceivedMessageSize = 64 * 1024 * 1024



                        $mexClient =  new-object System.ServiceModel.Description.MetadataExchangeClient $binding

                        $uriString = Get-ADFSEndpoint | Where-Object {$_.Protocol -eq "WS-Mex"} | Select-Object FullUrl

                        $uri = New-Object System.Uri $uriString.FullUrl



                        $script:mexUri = $uriString.FullUrl.AbsoluteUri



                        #Do Http Get of Mex

                        $mexClient.GetMetadata( $uri, [System.ServiceModel.Description.MetadataExchangeClientMode]::HttpGet )



                        #Do SOAP Get of Mex

                        $mexClient.GetMetadata( $uri, [System.ServiceModel.Description.MetadataExchangeClientMode]::MetadataExchange )



                        $script:mexOK = $true

                        }

                        trap [System.Exception]

                        {

                        $script:mexOK = $false

                        $script:exceptionMessage = $_.Exception.Message

                        continue

                        }



                        $scompb = $scomapi.CreatePropertyBag()

                        $scompb.AddValue("MexOK",  $script:mexOK )

                        $scompb.AddValue("MexURL",  $script:mexUri )

                        $scompb.AddValue("ErrorMessage",  $script:exceptionMessage )

                        $scomapi.AddItem($scompb)

                        $scomapi.ReturnItems()

                        }

                    </Script></ScriptBody>

    <IntervalSeconds>900</IntervalSeconds>

    <TimeoutSeconds>180</TimeoutSeconds>

    <ErrorExpression>

      <SimpleExpression>

        <ValueExpression>

          <XPathQuery Type="String">Property[@Name='MexOK']</XPathQuery>

        </ValueExpression>

        <Operator>Equal</Operator>

        <ValueExpression>

          <Value Type="String">false</Value>

        </ValueExpression>

      </SimpleExpression>

    </ErrorExpression>

    <SuccessExpression>

      <SimpleExpression>

        <ValueExpression>

          <XPathQuery Type="String">Property[@Name='MexOK']</XPathQuery>

        </ValueExpression>

        <Operator>Equal</Operator>

        <ValueExpression>

          <Value Type="String">true</Value>

        </ValueExpression>

      </SimpleExpression>

    </SuccessExpression>

  </Configuration>

</UnitMonitor>