I cannot get ADFS 2.0 to work correctly. I am attempting to use one of the built-in login screens to verify functionality and it fails miserably. However, the XML (federationmetadata/2007-06/federationmetadata.xml) works just fine in a browser with no errors.
I installed a wildcard certificate from GoDaddy for *.[domain].com on the ADFS server. I have gone round and round with:
- Using different service accounts including NETWORKSERVICE
- Migrating the database to full SQL Server from Windows Internal Database
- Re-install ADFS 2.0 (four times)
- Ensuring that the correct bindings are in-place in IIS
- Re-issusing the SSL certificate prior to ADFS re-install
- Various permission checks, WMI checks, event log checks.
- Tried every suggested SPN entry
Basically whenever I try to load a simple request to https://adfs.[domain].com/adfs/ls/IdpInitiatedSignOn.aspx I get the following four errors in the AD FS 2.0\Admin event log
Encountered error during federation passive request.
Additional Data
Exception details:
System.NullReferenceException
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)
at System.Management.ManagementObject.Initialize(Boolean getObject)
at System.Management.ManagementBaseObject.get_Properties()
at System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)
at System.Management.ManagementBaseObject.get_Item(String propertyName)
at Microsoft.IdentityServer.Web.PassiveWmiUtility.SettingsObject.get_Item(String propertyName)
at Microsoft.IdentityServer.Web.PassiveWmiUtility.IsProxy()
at Microsoft.IdentityServer.Web.PassivePolicyManager..ctor()
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.GetPassiveEndpointAbsolutePath()
I actually get that one three times then the following once:
Encountered error during federation passive request.
Additional Data
Exception details:
System.NullReferenceException
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)
at System.Management.ManagementObject.Initialize(Boolean getObject)
at System.Management.ManagementBaseObject.get_Properties()
at System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)
at System.Management.ManagementBaseObject.get_Item(String propertyName)
at Microsoft.IdentityServer.Web.PassiveWmiUtility.SettingsObject.get_Item(String propertyName)
at Microsoft.IdentityServer.Web.PassiveWmiUtility.IsProxy()
at Microsoft.IdentityServer.Web.PassivePolicyManager..ctor()
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.GetIssuerFriendlyName()
The all have the same Event ID of 364 which the MS ADFS 2.0 troubleshooting guide seems to want to send me down the path of the AppPoolIdentity. However, no matter what I do with the identity settings I always get the same messages. In fact, it seems that no matter what I do those errors do not change. I’m confident that it isn’t an SSL issue because I see this in the same log:
AD FS 2.0 detected that all the service certificates have appropriate access given to the AD FS service account.
The environment is Windows 2008 (Not R2) SP2. This server is not a domain controller but does have SharePoint and MSSQL 2008 STD installed. I have tried enabling AD FS 2.0 Tracing\Debug but nothing useful in the way of error messages appears in there. It’s as if the error occurs before anything meaningful takes place.
I do see in the Application Event log entries from the Windows Internal Database that NT AUTHORITY\NETWORK SERVICE is able to log in without error. And I also see in the WMI event tracing logs that WMI queries are coming in, however, I cannot verify they are working.
I have found similiar problems across the internet regarding these errors but have see no resolution that has fixed them for me.