derekgreen Posted January 12, 2017 Share Posted January 12, 2017 Hi. I have raised the issue below with the company that installed and configured ADFS for us prior to going live with Hornbill. It seems there are issues with the service not starting as it should on Monday mornings, thus preventing users from logging calls and analysts accessing service desk. Can be rectified by a manual restart of the service, but I have been asked by the IT manager to log the issue with both Hornbill and the other third party. Long shot, but perhaps someone can advise? This link wasn’t working when trying to log into Hornbill: https://adfs.corby.gov.uk/adfs/ls/?SAMLRequest= When I logged onto the server running ADFS, I noticed that although the service was set to Automatic and should restart for two failures, it was currently stopped. Once I started it, everything started working again. I did notice that there’s a very high volume of errors being logged in the event logs on both the ADFS server in the DMZ and our Here’s what’s being logged on the DMZ server: Log Name: Microsoft-Windows-WebApplicationProxy/Admin Source: Microsoft-Windows-WebApplicationProxy Date: 05/10/2016 13:36:16 Event ID: 12025 Task Category: None Level: Error Keywords: User: NETWORK SERVICE Computer: DMZWEB12 Description: Web Application Proxy encountered an error while retrieving the configuration from configuration storage. Details: Unauthorized (401). (0x80190191). Web Application Proxy will continue to use the existing configuration. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-WebApplicationProxy" Guid="{EA19457D-AFB4-4B25-B526-DA576CCE3FE4}" /> <EventID>12025</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x8000000000000000</Keywords> <TimeCreated SystemTime="2016-10-05T12:36:16.984269000Z" /> <EventRecordID>277390</EventRecordID> <Correlation /> <Execution ProcessID="776" ThreadID="4176" /> <Channel>Microsoft-Windows-WebApplicationProxy/Admin</Channel> <Computer>DMZWEB12</Computer> <Security UserID="S-1-5-20" /> </System> <EventData> <Data Name="Details">Unauthorized (401). (0x80190191)</Data> </EventData> </Event> And there’s also this: Log Name: AD FS/Admin Source: AD FS Date: 05/10/2016 13:35:47 Event ID: 422 Task Category: None Level: Error Keywords: AD FS User: NETWORK SERVICE Computer: DMZWEB12 Description: Unable to retrieve proxy configuration data from the Federation Service. Additional Data Trust Certificate Thumbprint: CF785071A1682DAF41C6FD80EE24BBE75544FB9D Status Code: Unauthorized Exception details: System.Net.WebException: The remote server returned an error: (401) Unauthorized. at System.Net.HttpWebRequest.GetResponse() at Microsoft.IdentityServer.Management.Proxy.StsConfigurationProvider.GetStsProxyConfiguration() Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="AD FS" Guid="{2FFB687A-1571-4ACE-8550-47AB5CCAE2BC}" /> <EventID>422</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x8000000000000001</Keywords> <TimeCreated SystemTime="2016-10-05T12:35:47.609217300Z" /> <EventRecordID>143362</EventRecordID> <Correlation /> <Execution ProcessID="2716" ThreadID="4836" /> <Channel>AD FS/Admin</Channel> <Computer>DMZWEB12</Computer> <Security UserID="S-1-5-20" /> </System> <UserData> <Event xmlns="http://schemas.microsoft.com/ActiveDirectoryFederationServices/2.0/Events"> <EventData> <Data>CF785071A1682DAF41C6FD80EE24BBE75544FB9D</Data> <Data>Unauthorized</Data> <Data>System.Net.WebException: The remote server returned an error: (401) Unauthorized. at System.Net.HttpWebRequest.GetResponse() at Microsoft.IdentityServer.Management.Proxy.StsConfigurationProvider.GetStsProxyConfiguration()</Data> </EventData> </Event> </UserData> </Event> Whilst on the ADFS server on our LAN, we have these being logged: Log Name: AD FS/Admin Source: AD FS Date: 05/10/2016 13:18:10 Event ID: 276 Task Category: None Level: Error Keywords: AD FS User: CBC_NT\adfs_svc Computer: DLOCA12.corby.gov.uk Description: The federation server proxy was not able to authenticate to the Federation Service. User Action Ensure that the proxy is trusted by the Federation Service. To do this, log on to the proxy computer with the host name that is identified in the certificate subject name and re-establish trust between the proxy and the Federation Service using the Install-WebApplicationProxy cmdlet. Additional Data Certificate details: Subject Name: CN=ADFS ProxyTrust - DMZWEB12 Thumbprint: CF785071A1682DAF41C6FD80EE24BBE75544FB9D NotBefore Time: 2016-06-28 13:18:55 NotAfter Time: 2016-07-18 13:18:55 Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="AD FS" Guid="{2FFB687A-1571-4ACE-8550-47AB5CCAE2BC}" /> <EventID>276</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x8000000000000001</Keywords> <TimeCreated SystemTime="2016-10-05T12:18:10.166387900Z" /> <EventRecordID>342265</EventRecordID> <Correlation ActivityID="{00000000-0000-0000-7E03-0080000000ED}" /> <Execution ProcessID="3720" ThreadID="5780" /> <Channel>AD FS/Admin</Channel> <Computer>DLOCA12.corby.gov.uk</Computer> <Security UserID="S-1-5-21-1046106778-1520577329-1850952788-14914" /> </System> <UserData> <Event xmlns="http://schemas.microsoft.com/ActiveDirectoryFederationServices/2.0/Events"> <EventData> <Data>CN=ADFS ProxyTrust - DMZWEB12</Data> <Data>CF785071A1682DAF41C6FD80EE24BBE75544FB9D</Data> <Data>2016-06-28 13:18:55</Data> <Data>2016-07-18 13:18:55</Data> </EventData> </Event> </UserData> </Event> Both application logs are recording these events every few seconds/minutes. Anything to be concerned about and any ideas please? Hop you can advise! ADFS is crucial to the operation of our Service Desk, and users are becoming frustrated when they can’t log calls on Monday mornings before ICT staff arrive to start the service manually. I will be copying all of the above to the Hornbill service forum to see if anyone there can advise too. Thanks. P please consider the environment - do you really need to print this email? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now