We have a very very strange situation that ive been trying to resolve for two days now with no success after an unexpected set of reboots in vm's from azure.
We have an on-premis network and an azure network that are setup for site to site vpn. Their is an AD controller and ADFS and ADFS Proxy in the azure network.
After the reboot only computers outside of the on-premis network work. When I browse to my application and it redirects to the federation page I get the prompt for the username and password and if I sign in I am in the product. If I do these
exact same steps from the on-premis network instead of being prompted with the username and password I get an error. I have confirmed that dns is not an issue that both externally and internally the location of the federation provider is being resolved
to the external ip of the proxy address. This is the first big mystery, why does it work for users outside the network but not inside.
This is the error I get every time I try to access federation from the on-premis network
There was an error during retrieving the configuration data for the secondary federation server.
Additional Data
Exception details:
ADMIN0023: Incorrect value for property LastPublishedPolicyCheckTime: 1/1/1900 12:00:00 AM.
When I researched this error the only thing people have reported are that it comes from the proxy and has to do with the proxy and actual adfs server being in different timezones. For me this error is occurring in the adfs server itself. the
other weird thing is that this is the primary server in a farm (that only has one node). There used to be another primary but I migrated the server by creating this one, adding it to the farm, changing roles then decommissioning the other server.
Either way this isn't the secondary server so why does it matter? This error happens every time I try to access federation from within the on-premis network. Does the machine that's running the web browser have any play that goes into this?
The next problem that started to occur has to do with the ADFS configuration manager ui.
When I open the configuration manager it successfully connects to the ADFS configuration database which is WID.
Clicking on Endpoints, Certificates, Claims Descriptions and Attribute Stores all work.
When I click on Claims Provider Trusts I get this error.
I cannot find any information on this error nor why it happens with Claims Provider trusts.
Clicking on Relying Parties is even weirder. I know I have 3 relying parties. When I click on Relying Parties it shows the first of the 3 and then shows the error above. So its as if it was able to retrieve the first one but then errored
out retrieving the others.
I get no events in the ADFS event viewer when these errors occur through the configuration manager.
I turned on verbose tracing in the adfs windows service and ran those above.
The errors that I saw were all similar to this
<E2ETraceEvent xmlns="<System">http://schemas.microsoft.com/2004/06/E2ETraceEvent"><System xmlns="<EventID>131075</EventID><Type>3</Type><SubType">http://schemas.microsoft.com/2004/06/windows/eventlog/system"><EventID>131075</EventID><Type>3</Type><SubType
Name="Error">0</SubType><Level>2</Level><TimeCreated SystemTime="2013-03-16T17:07:50.2243764Z" /><Source Name="System.ServiceModel" /><Correlation ActivityID="{00000000-0000-0000-0000-000000000000}"
/><Execution ProcessName="Microsoft.IdentityServer.ServiceHost" ProcessID="1956" ThreadID="10" /><Channel /><Computer>CLOUDADFS01</Computer></System><ApplicationData><TraceData><DataItem><TraceRecord
xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord" Severity="Error"><TraceIdentifier>http://msdn.microsoft.com/en-US/library/System.ServiceModel.Diagnostics.ThrowingException.aspx</TraceIdentifier><Description>Throwing
an exception.</Description><AppDomain>Microsoft.IdentityServer.ServiceHost.exe</AppDomain><Exception><ExceptionType>System.ServiceModel.CommunicationException, System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType><Message>The
socket connection was aborted. This could be caused by an error processing your message or a receive timeout being exceeded by the remote host, or an underlying network resource issue. Local socket timeout was '00:00:10'.</Message><StackTrace>
at System.ServiceModel.Channels.SocketConnection.Write(Byte[] buffer, Int32 offset, Int32 size, Boolean immediate, TimeSpan timeout)
at System.ServiceModel.Channels.BufferedConnection.WriteNow(Byte[] buffer, Int32 offset, Int32 size, TimeSpan timeout, BufferManager bufferManager)
at System.ServiceModel.Channels.BufferedConnection.Write(Byte[] buffer, Int32 offset, Int32 size, Boolean immediate, TimeSpan timeout)
at System.ServiceModel.Channels.ConnectionStream.Write(Byte[] buffer, Int32 offset, Int32 count)
at System.Net.Security.NegotiateStream.StartWriting(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.NegotiateStream.ProcessWrite(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.NegotiateStream.Write(Byte[] buffer, Int32 offset, Int32 count)
at System.ServiceModel.Channels.StreamConnection.Write(Byte[] buffer, Int32 offset, Int32 size, Boolean immediate, TimeSpan timeout)
at System.ServiceModel.Channels.FramingDuplexSessionChannel.CloseOutputSession(TimeSpan timeout)
at System.ServiceModel.Channels.FramingDuplexSessionChannel.OnClose(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Close(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.OnClose(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Close(TimeSpan timeout)
at System.ServiceModel.Dispatcher.MessageRpc.CloseChannel()
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessageCleanup(MessageRpc&amp; rpc)
at System.ServiceModel.Dispatcher.MessageRpc.ProcessError(Exception e)
at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)
at System.ServiceModel.Dispatcher.ChannelHandler.DispatchAndReleasePump(RequestContext request, Boolean cleanThread, OperationContext currentOperationContext)
at System.ServiceModel.Dispatcher.ChannelHandler.HandleRequest(RequestContext request, OperationContext currentOperationContext)
at System.ServiceModel.Dispatcher.ChannelHandler.AsyncMessagePump(IAsyncResult result)
at System.ServiceModel.Diagnostics.Utility.AsyncThunk.UnhandledExceptionFrame(IAsyncResult result)
at System.ServiceModel.AsyncResult.Complete(Boolean completedSynchronously)
at System.ServiceModel.Channels.FramingDuplexSessionChannel.TryReceiveAsyncResult.OnReceive(IAsyncResult result)
at System.ServiceModel.Diagnostics.Utility.AsyncThunk.UnhandledExceptionFrame(IAsyncResult result)
at System.ServiceModel.AsyncResult.Complete(Boolean completedSynchronously)
at System.ServiceModel.Channels.SynchronizedMessageSource.SynchronizedAsyncResult`1.CompleteWithUnlock(Boolean synchronous, Exception exception)
at System.ServiceModel.Channels.SynchronizedMessageSource.ReceiveAsyncResult.OnReceiveComplete(Object state)
at System.ServiceModel.Channels.SessionConnectionReader.OnAsyncReadComplete(Object state)
at System.ServiceModel.Channels.StreamConnection.OnRead(IAsyncResult result)
at System.ServiceModel.Diagnostics.Utility.AsyncThunk.UnhandledExceptionFrame(IAsyncResult result)
at System.Net.LazyAsyncResult.Complete(IntPtr userToken)
at System.Net.LazyAsyncResult.ProtectedInvokeCallback(Object result, IntPtr userToken)
at System.Net.Security.NegotiateStream.ProcessFrameBody(Int32 readBytes, Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.NegotiateStream.ReadCallback(AsyncProtocolRequest asyncRequest)
at System.Net.FixedSizeReader.CheckCompletionBeforeNextRead(Int32 bytes)
at System.Net.FixedSizeReader.ReadCallback(IAsyncResult transportResult)
at System.ServiceModel.AsyncResult.Complete(Boolean completedSynchronously)
at System.ServiceModel.Channels.ConnectionStream.ReadAsyncResult.OnAsyncReadComplete(Object state)
at System.ServiceModel.Channels.SocketConnection.FinishRead()
at System.ServiceModel.Channels.SocketConnection.AsyncReadCallback(Boolean haveResult, Int32 error, Int32 bytesRead)
at System.ServiceModel.Diagnostics.Utility.IOCompletionThunk.UnhandledExceptionFrame(UInt32 error, UInt32 bytesRead, NativeOverlapped* nativeOverlapped)
at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* pOVERLAP)
</StackTrace><ExceptionString>System.ServiceModel.CommunicationException: The socket connection was aborted. This could be caused by an error processing your message or a receive timeout being exceeded by the remote host, or an underlying network
resource issue. Local socket timeout was '00:00:10'. ---&gt; System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
at System.Net.Sockets.Socket.Send(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
at System.ServiceModel.Channels.SocketConnection.Write(Byte[] buffer, Int32 offset, Int32 size, Boolean immediate, TimeSpan timeout)
--- End of inner exception stack trace ---</ExceptionString><InnerException><ExceptionType>System.Net.Sockets.SocketException, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType><Message>An
existing connection was forcibly closed by the remote host</Message><StackTrace> at System.Net.Sockets.Socket.Send(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
at System.ServiceModel.Channels.SocketConnection.Write(Byte[] buffer, Int32 offset, Int32 size, Boolean immediate, TimeSpan timeout)</StackTrace><ExceptionString>System.Net.Sockets.SocketException: An existing connection was forcibly
closed by the remote host
at System.Net.Sockets.Socket.Send(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
at System.ServiceModel.Channels.SocketConnection.Write(Byte[] buffer, Int32 offset, Int32 size, Boolean immediate, TimeSpan timeout)</ExceptionString><NativeErrorCode>2746</NativeErrorCode></InnerException></Exception></TraceRecord></DataItem></TraceData></ApplicationData></E2ETraceEvent>
I also found the error above that occurs when someone on the on-premis network attempts to connect
<E2ETraceEvent xmlns="<System">http://schemas.microsoft.com/2004/06/E2ETraceEvent"><System xmlns="<EventID>131076</EventID><Type>3</Type><SubType">http://schemas.microsoft.com/2004/06/windows/eventlog/system"><EventID>131076</EventID><Type>3</Type><SubType
Name="Error">0</SubType><Level>2</Level><TimeCreated SystemTime="2013-03-16T17:07:50.2077742Z" /><Source Name="System.ServiceModel" /><Correlation ActivityID="{00000000-0000-0000-0000-000000000000}"
/><Execution ProcessName="Microsoft.IdentityServer.ServiceHost" ProcessID="1956" ThreadID="10" /><Channel /><Computer>CLOUDADFS01</Computer></System><ApplicationData><TraceData><DataItem><TraceRecord
xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord" Severity="Error"><TraceIdentifier>http://msdn.microsoft.com/en-US/library/System.ServiceModel.Diagnostics.TraceHandledException.aspx</TraceIdentifier><Description>Handling
an exception.</Description><AppDomain>Microsoft.IdentityServer.ServiceHost.exe</AppDomain><Exception><ExceptionType>System.IO.InvalidDataException, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType><Message>ADMIN0023:
Incorrect value for property LastPublishedPolicyCheckTime: 1/1/1900 12:00:00 AM.</Message><StackTrace> at Microsoft.IdentityServer.PolicyModel.PropertyTypes.DateTimeProperty.Validate(Object context)
at Microsoft.IdentityServer.PolicyModel.PropertyTypes.PropertySet.ValidateProperties(Object context)
at Microsoft.IdentityServer.Service.Policy.PolicyServer.Service.Authority.ValidateProperties()
at Microsoft.IdentityServer.PolicyModel.PropertyTypes.PropertySet.GetData()
at Microsoft.IdentityServer.Service.Policy.PolicyServer.Service.SearchResult.GetData()
at Microsoft.IdentityServer.Service.Policy.PolicyServer.Service.SqlPolicyStoreService.Search(FilterData filterData, Int32 maxObjects, String[] propertyNames)
at SyncInvokeSearch(Object , Object[] , Object[] )
at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]&amp; outputs)
at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc&amp; rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc&amp; rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage4(MessageRpc&amp; rpc)
at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)</StackTrace><ExceptionString>System.IO.InvalidDataException: ADMIN0023: Incorrect value for property LastPublishedPolicyCheckTime: 1/1/1900 12:00:00
AM.
at Microsoft.IdentityServer.PolicyModel.PropertyTypes.DateTimeProperty.Validate(Object context)
at Microsoft.IdentityServer.PolicyModel.PropertyTypes.PropertySet.ValidateProperties(Object context)
at Microsoft.IdentityServer.Service.Policy.PolicyServer.Service.Authority.ValidateProperties()
at Microsoft.IdentityServer.PolicyModel.PropertyTypes.PropertySet.GetData()
at Microsoft.IdentityServer.Service.Policy.PolicyServer.Service.SearchResult.GetData()
at Microsoft.IdentityServer.Service.Policy.PolicyServer.Service.SqlPolicyStoreService.Search(FilterData filterData, Int32 maxObjects, String[] propertyNames)
at SyncInvokeSearch(Object , Object[] , Object[] )
at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]&amp; outputs)
at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc&amp; rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc&amp; rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage4(MessageRpc&amp; rpc)
at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)</ExceptionString></Exception></TraceRecord></DataItem></TraceData></ApplicationData></E2ETraceEvent>
Is there anyone that has any idea what is going on and how to fix? Everything works great for users who are external, internal users don't work and these issues are occurring when trying to manage the adfs server. I have confirmed that I can
connect to the WID database.