服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 从ADFS 2.1升级到4.0后发生ADFS错误
Intereting Posts
我如何代理传递一个URL在Nginx的位置匹配是一个URL和代理传递有另一个URL 分配静态MAC地址给虚拟机Hyperv LDAP用户的NFS文件被映射到nogroup(用户ID映射正确) 通过AD审核registry事件 EC2中的域名:服务器端? 比较单个网站的多个域的使用情况(Apache) Exchange 2010在哪里导入 Windows“N”加上Feature Pack是否与Windows非N相等? 如何让Windows XP IIS处理2个以上的并发请求? 帮助使用sendmailconfiguration通过我的Gmail帐户发送邮件? 什么是Active Directory域服务,它是如何工作的? SSH密钥+ RHEL5 无需代理转发即可跳转主机 我的Ubuntu服务器有时会阻止MySQL连接,直到我重新启动networking服务,为什么? Apache发送400而不是404

从ADFS 2.1升级到4.0后发生ADFS错误

我不知道有没有人看过这个问题或有什么想法?

我们最近将ADFS从W2008r2上的ADFS 2.1迁移到了W2016上的ADFS 4.0上。

基本的function似乎很好,但我看到与所有依赖方信任更新联合元数据的问题; 尝试右键单击并select“从联合元数据更新…”(或去属性,监控,testingURL)给出以下错误:

"An error occurred during an attempt to read the federation metadata. Verify that the specified URL or host name is a valid metadata endpoint".

相关的错误信息是

Method not found: 'Microsoft.identitymodel.protocols.WSFederation.Metadata.MetadataBase Microsoft.Identity.Model.Protocols.WSFederation.Metadata.MetadataSerializer.ReadMetadata(System.IO.Stream)'.

没有代理服务器需要,没有定义代理服务器。 我可以在ADFS服务器的IE浏览器中浏览到联邦元数据URL,并获得预期的XML页面。 我已检查证书是否正确定义,ADFS服务帐户是否具有读取权限等

在服务启动或尝试testing/更新元数据时,事件日志中没有错误消息。 试图添加一个新的依赖方信任给出了相同的错误。

我运行了ADFS诊断程序,test-adfsserverhealth给出了一个我认为是关键的错误,但是我不知道下一步该怎么做。 

 Name : PingFederationMetadata Result : Fail Detail : System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host at System.Net.Sockets.Socket.Receive(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags) at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size) --- End of inner exception stack trace --- at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size) at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result) at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size) at System.Net.ConnectStream.WriteHeaders(Boolean async) --- End of inner exception stack trace --- at System.Net.WebClient.DownloadDataInternal(Uri address, WebRequest& request) at System.Net.WebClient.DownloadData(Uri address) at CallSite.Target(Closure , CallSite , Object , Object ) Output : {PingFedmetadataException} ExceptionMessage :

看起来像是在运行问题在https://blogs.technet.microsoft.com/pie/2016/10/23/adfs-2016-cannot-addupdate-relying-party-from-the-gui-from-metadata-文件/