Welcome to Management Pack Wiki! Your documentation pro for SCOM Management Packs
0 comment(s) Post a comment

Failed to Create Federation Metadata Document Monitor

  • ID:  Microsoft.ActiveDirectoryFederationServices.10.0.TrustManagementUnableToCreateFederationMetadataDocumentMonitor
  • Description:  Failed to Create Federation Metadata Document
  • Target:  Trust Management
  • Enabled:  Yes

Operational States

Name State Description
EventRaised Warning  
TimerEventRaised Success  

Alert Details

Monitor State Message Priority Severity Auto Resolution
EventRaised (Warning) Failed to Create Federation Metadata Document Medium Warning Yes

Run As Profiles

Name
Default

Monitor Knowledgebase

Summary

This monitor indicates that the Federation Service failed to create the federation metadata document.

If the same problem does not occur again within 15 minutes, the health state of this monitor will change back to a Green state. The alert that is generated by this monitor must be resolved manually.

Causes

The following are possible causes for this event:

  • The claims description contains a non-Uniform Resource Identifier (URI) value.

  • There are document validation errors in the Federation Metadata document.

For more information about the cause of this event, see the additional details that are specified within the event.

Resolutions

Use the netsh commands for HTTP to check the URL ACL permissions on your Federation Metadata endpoint URL, or for other URLs that might be overriding permissions that are needed for the endpoints that the federation server uses. For more information, see the examples for netsh http show urlacl syntax in Netsh Commands for Hypertext Transfer Protocol (HTTP)

The following example shows typical output for the netsh http show urlacl command when you check the Federation Metadata endpoint permissions where a user-defined service user account ("adfssrv") has been configured and used for the AD FS service identity.

C:\>netsh http show urlacl url=https://+:443/FederationMetadata/2007-06/

Reserved URL : https://+:443/FederationMetadata/2007-06/

User: NT SERVICE\adfssrv

Listen: Yes

Delegate: Yes

SDDL: D:(A;;GA;;;S-1-5-80-2246541699-21809830-3603976364-117610243-975697593)

External References
This monitor does not contain any external references.

See Also for Active Directory Federation Services Management Pack


Downloads for Active Directory Federation Services Management Pack

Post a comment