This monitor indicates that an unexpected error occurred when the Federation Service tried to listen for requests to read its published federation metadata.
If the same problem does not occur again within 15 minutes, the health state of this monitor will change back to a Green state. The alert that is generated by this monitor must be resolved manually.
Causes
The AD FS Windows service might not have permissions to access the Federation Metadata endpoint URL, or it might be blocked by more restrictive access control list (ACL) permissions that override its URL permissions.
Resolutions
Use the netsh commands for HTTP to check the URL ACL permissions on your Federation Metadata endpoint URL, or for other URLs that might be overriding permissions that are needed for the endpoints that the federation server uses. For more information, see the examples for netsh http show urlacl syntax in Netsh Commands for Hypertext Transfer Protocol (HTTP)
The following example shows typical output for the netsh http show urlacl command when you check the Federation Metadata endpoint permissions where a user-defined service user account ("adfssrv") has been configured and used for the AD FS service identity.
C:\>netsh http show urlacl url=https://+:443/FederationMetadata/2007-06/
Home
ENU