ADFS not starting on Mondays.

[derekgreen]

Hi. I have raised the issue below with the company that installed and configured ADFS for us prior to going live with Hornbill. It seems there are issues with the service not starting as it should on Monday mornings, thus preventing users from logging calls and analysts accessing service desk. Can be rectified by a manual restart of the service, but I have been asked by the IT manager to log the issue with both Hornbill and the other third party. Long shot, but perhaps someone can advise?

This link wasn’t working when trying to log into Hornbill:

 

https://adfs.corby.gov.uk/adfs/ls/?SAMLRequest=

 

When I logged onto the server running ADFS, I noticed that although the service was set to Automatic and should restart for two failures, it was currently stopped.

Once I started it, everything started working again.

 

I did notice that there’s a very high volume of errors being logged in the event logs on both the ADFS server in the DMZ and our

 

Here’s what’s being logged on the DMZ server:

 

Log Name:      Microsoft-Windows-WebApplicationProxy/Admin

Source:        Microsoft-Windows-WebApplicationProxy

Date:          05/10/2016 13:36:16

Event ID:      12025

Task Category: None

Level:         Error

Keywords:     

User:          NETWORK SERVICE

Computer:      DMZWEB12

Description:

Web Application Proxy encountered an error while retrieving the configuration from configuration storage.

 

Details: Unauthorized (401).

(0x80190191).

Web Application Proxy will continue to use the existing configuration.

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

  <System>

    <Provider Name="Microsoft-Windows-WebApplicationProxy" Guid="{EA19457D-AFB4-4B25-B526-DA576CCE3FE4}" />

    <EventID>12025</EventID>

    <Version>0</Version>

    <Level>2</Level>

    <Task>0</Task>

    <Opcode>0</Opcode>

    <Keywords>0x8000000000000000</Keywords>

    <TimeCreated SystemTime="2016-10-05T12:36:16.984269000Z" />

    <EventRecordID>277390</EventRecordID>

    <Correlation />

    <Execution ProcessID="776" ThreadID="4176" />

    <Channel>Microsoft-Windows-WebApplicationProxy/Admin</Channel>

    <Computer>DMZWEB12</Computer>

    <Security UserID="S-1-5-20" />

  </System>

  <EventData>

    <Data Name="Details">Unauthorized (401).

(0x80190191)</Data>

  </EventData>

</Event>

 

And there’s also this:

 

Log Name:      AD FS/Admin

Source:        AD FS

Date:          05/10/2016 13:35:47

Event ID:      422

Task Category: None

Level:         Error

Keywords:      AD FS

User:          NETWORK SERVICE

Computer:      DMZWEB12

Description:

Unable to retrieve proxy configuration data from the Federation Service.

 

Additional Data

 

Trust Certificate Thumbprint:

CF785071A1682DAF41C6FD80EE24BBE75544FB9D

 

Status Code:

Unauthorized

 

Exception details:

System.Net.WebException: The remote server returned an error: (401) Unauthorized.

   at System.Net.HttpWebRequest.GetResponse()

   at Microsoft.IdentityServer.Management.Proxy.StsConfigurationProvider.GetStsProxyConfiguration()

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

  <System>

    <Provider Name="AD FS" Guid="{2FFB687A-1571-4ACE-8550-47AB5CCAE2BC}" />

    <EventID>422</EventID>

    <Version>0</Version>

    <Level>2</Level>

    <Task>0</Task>

    <Opcode>0</Opcode>

    <Keywords>0x8000000000000001</Keywords>

    <TimeCreated SystemTime="2016-10-05T12:35:47.609217300Z" />

    <EventRecordID>143362</EventRecordID>

    <Correlation />

    <Execution ProcessID="2716" ThreadID="4836" />

    <Channel>AD FS/Admin</Channel>

    <Computer>DMZWEB12</Computer>

    <Security UserID="S-1-5-20" />

  </System>

  <UserData>

    <Event xmlns="http://schemas.microsoft.com/ActiveDirectoryFederationServices/2.0/Events">

      <EventData>

        <Data>CF785071A1682DAF41C6FD80EE24BBE75544FB9D</Data>

        <Data>Unauthorized</Data>

        <Data>System.Net.WebException: The remote server returned an error: (401) Unauthorized.

   at System.Net.HttpWebRequest.GetResponse()

   at Microsoft.IdentityServer.Management.Proxy.StsConfigurationProvider.GetStsProxyConfiguration()</Data>

      </EventData>

    </Event>

  </UserData>

</Event>

 

Whilst on the ADFS server on our LAN, we have these being logged:

 

Log Name:      AD FS/Admin

Source:        AD FS

Date:          05/10/2016 13:18:10

Event ID:      276

Task Category: None

Level:         Error

Keywords:      AD FS

User:          CBC_NT\adfs_svc

Computer:      DLOCA12.corby.gov.uk

Description:

The federation server proxy was not able to authenticate to the Federation Service.

 

User Action

Ensure that the proxy is trusted by the Federation Service. To do this, log on to the proxy computer with the host name that is identified in the certificate subject name and re-establish trust between the proxy and the Federation Service using the Install-WebApplicationProxy cmdlet.

 

Additional Data

 

Certificate details:

 

Subject Name:

CN=ADFS ProxyTrust - DMZWEB12

 

Thumbprint:

CF785071A1682DAF41C6FD80EE24BBE75544FB9D

 

NotBefore Time:

2016-06-28 13:18:55

 

NotAfter Time:

2016-07-18 13:18:55

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

  <System>

    <Provider Name="AD FS" Guid="{2FFB687A-1571-4ACE-8550-47AB5CCAE2BC}" />

    <EventID>276</EventID>

    <Version>0</Version>

    <Level>2</Level>

    <Task>0</Task>

    <Opcode>0</Opcode>

    <Keywords>0x8000000000000001</Keywords>

    <TimeCreated SystemTime="2016-10-05T12:18:10.166387900Z" />

    <EventRecordID>342265</EventRecordID>

    <Correlation ActivityID="{00000000-0000-0000-7E03-0080000000ED}" />

    <Execution ProcessID="3720" ThreadID="5780" />

    <Channel>AD FS/Admin</Channel>

    <Computer>DLOCA12.corby.gov.uk</Computer>

    <Security UserID="S-1-5-21-1046106778-1520577329-1850952788-14914" />

  </System>

  <UserData>

    <Event xmlns="http://schemas.microsoft.com/ActiveDirectoryFederationServices/2.0/Events">

      <EventData>

        <Data>CN=ADFS ProxyTrust - DMZWEB12</Data>

        <Data>CF785071A1682DAF41C6FD80EE24BBE75544FB9D</Data>

        <Data>2016-06-28 13:18:55</Data>

        <Data>2016-07-18 13:18:55</Data>

      </EventData>

    </Event>

  </UserData>

</Event>

 

Both application logs are recording these events every few seconds/minutes.

 

Anything to be concerned about and any ideas please?

 

Hop you can advise! ADFS is crucial to the operation of our Service Desk, and users are becoming frustrated when they can’t log calls on Monday mornings before ICT staff arrive to start the service manually. I will be copying all of the above to the Hornbill service forum to see if anyone there can advise too.

Thanks.

 

 

P please consider the environment - do you really need to print this email?