Welcome to Management Pack Wiki! Your documentation pro for SCOM Management Packs
0 comment(s) Post a comment

AD FS Windows Service Failed To Start Because Of Invalid Certificate Monitor

  • ID:  Microsoft.ActiveDirectoryFederationServices.10.0.FederationServerBadConfigurationIdentityCertificateNotValidStartupFailureMonitor
  • Description:  AD FS Windows Service Failed To Start Because Of Invalid Certificate
  • Target:  Federation Server
  • Enabled:  Yes

Operational States

Name State Description
FirstEventRaised Error  
SecondEventRaised Success  

Alert Details

Monitor State Message Priority Severity Auto Resolution
FirstEventRaised (Error) AD FS Windows Service Failed To Start Because Of Invalid Certificate Medium Critical Yes

Run As Profiles

Name
Default

Monitor Knowledgebase

Summary

The AD FS Windows service failed to start because one of the certificates in the Federation Service is not valid or has expired.

If the AD FS Windows service is started successfully, the monitor will change to a Green state and the original critical alert will be resolved automatically.

Causes

The AD FS token issuance service failed to start because one of the primary certificates has expired.

Primary certificates are used for either token-signing, token-decrypting, or service communications.

Resolutions

Check to see whether Event ID 349 has also been logged. If it has, the AD FS administration subservice has been started successfully. This enables you to use Windows PowerShell cmdlets for AD FS, such as Set-ADFSProperties, to reconfigure the Federation Service.

External References
This monitor does not contain any external references.

See Also for Active Directory Federation Services Management Pack


Downloads for Active Directory Federation Services Management Pack

Post a comment