Hello.
I have ADFS 2.0 server that has been working okay for 2 years. It is the only server in the farm: no secondary servers, no proxies.
ADFS service is working from the NETWORK SERVICE account.
All of sudden, I have started getting errors while trying to read Relying Party or Claims Provider data via ADFS Management Console, stating:
An error occurred during an attempt to access the AD FS configuration database: Error message: ADMIN0017: An exception occurred while connecting to the configuration service. The configuration service URL 'net.tcp://localhost:1500/policy' may be incorrect or the AD FS 2.0 Windows Service is not running.
I have verified the ADFS service is running. I have restarted it several times.
Event Viewer is full of errors, like that:
Log Name: AD FS 2.0/Admin Source: AD FS 2.0 Event ID: 344 User: NETWORK SERVICE Description: There was an error doing synchronization. Synchronization of data from the primary federation server to a secondary federation server did not occur. Additional data Exception details: System.Data.SqlClient.SqlException: Login failed for user 'NT AUTHORITY\NETWORK SERVICE'. Reason: Server is in single user mode. Only one administrator can connect at this time. at System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection owningObject) at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection) at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory) at System.Data.SqlClient.SqlConnection.Open() at Microsoft.IdentityServer.Service.Policy.PolicyServer.Service.Sql.SqlStore.get_Connection() at Microsoft.IdentityServer.Service.Policy.PolicyServer.Service.Sql.SqlStore.Search(Filter filter, Int32 maxObjects, String[] propertyNames) User Action Make sure the primary federation server is available or the service account identity of this machine matches the service account identity of the primary federation server.
And also these
Log Name: AD FS 2.0/Admin Source: AD FS 2.0 Event ID: 346 User: NETWORK SERVICE Description: There was an error during retrieving the configuration data for the secondary federation server. Additional Data Exception details: ADMIN0023: Incorrect value for property LastPublishedPolicyCheckTime: 31/12/1899 1:00:00 PM.
The problem is that I have only ONE server! What kind of secondary server is trying to do the sync and fails?
I have tried connecting to ADFS Configuration WID from SQL Manager, and it seems that NETWORK SERVICE has all the rights (as described in http://technet.microsoft.com/en-us/library/adfs2-troubleshooting-things-to-check%28v=ws.10%29.aspx)
Also I am unable to log in to any application that is protected by ADFS, I am getting the following errors:
Log Name: AD FS 2.0/Admin Source: AD FS 2.0 Event ID: 364 User: NETWORK SERVICE Description: Encountered error during federation passive request. Additional Data Exception details: Microsoft.IdentityServer.Configuration.ReadServiceConfigFailedException: MSIS2001: Configuration service URL is not configured. ---> Microsoft.IdentityServer.PolicyModel.Client.PolicyStoreConnectionException: ADMIN0017: An exception occurred while connecting to the configuration service. The configuration service URL 'net.tcp://localhost:1500/policy' may be incorrect or the AD FS 2.0 Windows Service is not running. ---> System.ServiceModel.EndpointNotFoundException: Could not connect to net.tcp://localhost:1500/policy. The connection attempt lasted for a time span of 00:00:02.0635164. TCP error code 10061: No connection could be made because the target machine actively refused it 127.0.0.1:1500. ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 127.0.0.1:1500 at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress) at System.Net.Sockets.Socket.Connect(EndPoint remoteEP) at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri uri, TimeSpan timeout) --- End of inner exception stack trace ---
Can anyone give me a clue how to troubleshoot this problem?