AD FS 2.0 + AD FS配置数据库中的SQL操作,连接字符串数据源失败 [英] AD FS 2.0 + A SQL operation in the AD FS configuration database with connection string Data Source failed
问题描述
我们正在完成AD FS 2.0配置。 AD FS基础结构包括(2)服务器场中的联合服务器代理,(2)服务器场中的联合服务器以及集群SQL Server 2008后端。
We are in the process of completing our AD FS 2.0 configuration. The AD FS Infrastructure includes (2) federation server proxies in a farm, (2) federation servers in a farm, and a cluster SQL Server 2008 backend.
有了这样说,当我们在SECOND联合服务器上重新启动AD FS 2.0 Windows服务,我们会看到以下事件日志。 正如您所看到的,该服务确实启动了,所以我很好奇是否可以忽略此错误,或者是否有任何修改
可以解决此错误。
With that said, when we restart the AD FS 2.0 Windows Service on the SECOND federation server, we see the following event logs. As you can see, the service does start, so I am curious if this error can be ignored or if there are any modifications that can be done to resolve this error.
AD FS配置数据库中的SQL操作,其中包含连接字符串Data Source = DBCLUSTERNAME; Initial Catalog = AdfsConfiguration; Integrated Security = True failed。
其他数据
例外详情:
超时已过期。 操作完成前经过的超时时间或服务器未响应
事件ID:352
---------------------------------------------- ------------------
$
错误重复
-------------- --------------------------------------------------
----------------------------------------------------------------
Error Repeats
----------------------------------------------------------------
--------------------------------------- -------------------------
$
错误重复
------- -------------------------------------------------- -------
----------------------------------------------------------------
Error Repeats
----------------------------------------------------------------
-------------------------------- --------------------------------
$
信息 条目
------------------------------------------------ ----------------
联盟服务的管理服务已成功启动。您现在可以使用AD Pow 2.0的Windows Powershell命令来修改联合身份验证服务配置。添加了以下服务主机:
策略管理ServiceHost
net.tcp:// localhost:1500 / policy
net.tcp:// localhost:1500 / policy
net.tcp:// localhost:1500 / policy
http://sts.domain.com:80/adfs/services/policystoretransfer
net.tcp:// localhost:1501 / adfs / services / policystoretransfer
----------------------------------------------------------------
Informational Entry
----------------------------------------------------------------
The administration service for the Federation Service started successfully. You can now use the Windows Powershell commands for AD FS 2.0 to modify the Federation Service configuration. The following service hosts have been added:
Policy Administration ServiceHost
net.tcp://localhost:1500/policy
net.tcp://localhost:1500/policy
net.tcp://localhost:1500/policy
http://sts.domain.com:80/adfs/services/policystoretransfer
net.tcp://localhost:1501/adfs/services/policystoretransfer
-------------------- --------------------------------------------
信息 条目
------------------------------------ ----------------------------
联盟服务已成功启动。添加了以下服务主机:
联合服务器代理ServiceHost
https://sts.domain.com:443/adfs/services/proxytrustpolicystoretransfer
----------------------------------------------------------------
Informational Entry
----------------------------------------------------------------
The Federation Service started successfully. The following service hosts have been added:
Federation Server Proxy ServiceHost
https://sts.domain.com:443/adfs/services/proxytrustpolicystoretransfer
AD FS 1.x信任信息服务
https://sts.domain.com/adfs/fs/federationserverservice.asmx
AD FS 1.x Trust Information Service
https://sts.domain.com/adfs/fs/federationserverservice.asmx
SAML Token Issuance ServiceHost
net.tcp:// localhost:1501 / samlprotocol
https://sts.domain.com/adfs/services/trust/samlprotocol/proxytrust
SAML Token Issuance ServiceHost
net.tcp://localhost:1501/samlprotocol
https://sts.domain.com/adfs/services/trust/samlprotocol/proxytrust
Issuance ServiceHost
http:// localhost:80 / adfs / services / trust / mexsoap
https://sts.domain.com:443/adfs/ services / trust / proxymexhttpget /
Issuance ServiceHost
http://localhost:80/adfs/services/trust/mexsoap
https://sts.domain.com:443/adfs/services/trust/proxymexhttpget/
Issuance ServiceHost
https://sts.domain.com/adfs/services/trust/proxymex
https://sts.domain.com:443 / adfs / services / trust / proxymexhttpget /
Issuance ServiceHost
https://sts.domain.com/adfs/services/trust/proxymex
https://sts.domain.com:443/adfs/services/trust/proxymexhttpget/
Issuance ServiceHost
https://sts.domain.com/adfs/services/trust/2005/windowstransport
https:/ /sts.domain.com/adfs/services/trust/2005/certificatemixed
$
https://sts.domain.com/adfs/services/trust/2005/certificatetransport
https: //sts.domain.com/adfs/services/trust/2005/usernamemixed
https://sts.domain.com/adfs/services/trust/2005/kerberosmixed >
https://sts.domain。 com / adfs / services / trust / 2005 / issuedtokenmixedasymmetricbasic256
https://sts.domain.com/adfs/services/trust/2005/issuedtokenmixedsymmetricbasic256
< a href ="https: //sts.domain.com/adfs/services/trust/13/kerberosmixed\"> https://sts.domain.com/adfs/services/trust/13/kerberosmixed
https://sts.domain.com/adfs/services/trust/13/certificatemixed
$
https://sts.domain.com/adfs/services/trust/13/usernamemixed
https:// sts.domain.com/adfs/services/trust/13/issuedtokenmixedasymmetricbasic256
https://sts.domain.com/adfs/services/trust/13/issuedtokenmixedsymmetricbasic256
net.tcp:// localhost:1501 / adfs / se rvices / trusttcp / windows
https: //sts.domain.com/adfs/services/trust/proxytrust
https://sts.domain.com/adfs/services/trust/proxytrust13
< a href ="https://sts.domain.com/adfs/services/trust/proxytrustprovisionusername"> https://sts.domain.com/adfs/services/trust/ proxytrustprovisionusername
https://sts.domain.com/adfs/services/trust/proxytrustprovisionissuedtoken
Issuance ServiceHost
https://sts.domain.com/adfs/services/trust/2005/windowstransport
https://sts.domain.com/adfs/services/trust/2005/certificatemixed
https://sts.domain.com/adfs/services/trust/2005/certificatetransport
https://sts.domain.com/adfs/services/trust/2005/usernamemixed
https://sts.domain.com/adfs/services/trust/2005/kerberosmixed
https://sts.domain.com/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256
https://sts.domain.com/adfs/services/trust/2005/issuedtokenmixedsymmetricbasic256
https://sts.domain.com/adfs/services/trust/13/kerberosmixed
https://sts.domain.com/adfs/services/trust/13/certificatemixed
https://sts.domain.com/adfs/services/trust/13/usernamemixed
https://sts.domain.com/adfs/services/trust/13/issuedtokenmixedasymmetricbasic256
https://sts.domain.com/adfs/services/trust/13/issuedtokenmixedsymmetricbasic256
net.tcp://localhost:1501/adfs/services/trusttcp/windows
https://sts.domain.com/adfs/services/trust/proxytrust
https://sts.domain.com/adfs/services/trust/proxytrust13
https://sts.domain.com/adfs/services/trust/proxytrustprovisionusername
https://sts.domain.com/adfs/services/trust/proxytrustprovisionissuedtoken
SAML Artifact Resolution ServiceHost
https://sts.domain.com/adfs/services/trust / artifactresolution 一>
SAML Artifact Resolution ServiceHost
https://sts.domain.com/adfs/services/trust/artifactresolution
SAML元数据
https://sts.domain.com/FederationMetadata/2007-06/
SAML Metadata
https://sts.domain.com/FederationMetadata/2007-06/
AD FS 2.0调试
AD FS 2.0 Debug
以下是在上面生成错误时AD FS 2.0 Debug中显示的错误/警告。
Below are the errors/warning that display in the AD FS 2.0 Debug when the error is generated above.
------------------------------------------------- ---------------
活动编号:37
--------------- -------------------------------------------------
----------------------------------------------------------------
Event ID: 37
----------------------------------------------------------------
尝试在策略存储区中搜索时出错:
SqlErrors:
SqlErrors:
来源:.Net SqlClient数据提供者
Source: .Net SqlClient Data Provider
数量:-2
状态:0
类:11
服务器:DBCLUSTERNAME
Server: DBCLUSTERNAME
消息:超时已过期。操作完成之前经过的超时时间或服务器没有响应。
Message: Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding.
过程:
LineNumber:0
LineNumber: 0
--------------------------------------------- -------------------
活动编号:53
----------- -------------------------------------------------- ---
----------------------------------------------------------------
Event ID: 53
----------------------------------------------------------------
异常:ADMIN0012:带有堆栈跟踪的OperationFault:位于Microsoft.IdentityServer.Service.Policy.PolicyServer.Service.Sql。 Microsoft.IdentityServer.Service.Policy.PolicyServer.Service.SqlPolicyStoreService中的SqlStore.Search(Filter filter,Int32 maxObjects,String [] propertyNames)
Got exception:ADMIN0012: OperationFault with stacktrace: at Microsoft.IdentityServer.Service.Policy.PolicyServer.Service.Sql.SqlStore.Search(Filter filter, Int32 maxObjects, String[] propertyNames)
。<> c__DisplayClass4。< SearchCore> ; b__3()
at Microsoft.IdentityServer.Service.Policy.PolicyServer.Service.SqlPolicyStoreService.<>c__DisplayClass4.<SearchCore>b__3()
Microsoft.IdentityServerServer上的Microsoft.IdentityServer.Service.Policy.PolicyServer.Service.SqlPolicyStoreService.AttemptDeadlockSusceptibleOperation(DeadlockSusceptibleOperation操作)
at Microsoft.IdentityServer.Service.Policy.PolicyServer.Service.SqlPolicyStoreService.AttemptDeadlockSusceptibleOperation(DeadlockSusceptibleOperation operation)
.Service.Policy.PolicyServer.Service.SqlPolicyStoreService.SearchCore(IPolicyStoreServ ice存储,过滤器过滤器,Int32 maxObjects,String [] propertyNames)
at Microsoft.IdentityServer.Service.Policy.PolicyServer.Service.SqlPolicyStoreService.SearchCore(IPolicyStoreService store, Filter filter, Int32 maxObjects, String[] propertyNames)
at Microsoft.IdentityServer.Service.Policy.PolicyServer.Service.SqlPolicyStoreService.SearchDirect(Filter filter,Int32 maxObjects,String [ ] propertyNames)
at Microsoft.IdentityServer.Service.Policy.PolicyServer.Service.SqlPolicyStoreService.SearchDirect(Filter filter, Int32 maxObjects, String[] propertyNames)
at Microsoft.IdentityServer.Service.Configuration.SqlServiceConfigurationReader.LoadData()
at Microsoft.IdentityServer.Service.Configuration.SqlServiceConfigurationReader.LoadData()
at Microsoft.IdentityServer.Service.Configuration.AdministrationServiceState。获取配置时,在Microsoft.IdentityServer.Service.SecurityTokenService.STSService.FetchAdministrationServiceConfiguration()中获取FetchAdministrationServiceStateData()
at Microsoft.IdentityServer.Service.Configuration.AdministrationServiceState.FetchAdministrationServiceStateData()
。将在2000毫秒重试。
at Microsoft.IdentityServer.Service.SecurityTokenService.STSService.FetchAdministrationServiceConfiguration() while fetching configuration. Will retry in 2000 ms.
推荐答案
我们也有这个问题,但这个问题消失了在我们完全重新安装ADFS 2.0之后。我们第二次采取不同的做法是:
We had this problem too, but this issue went away after we completely reinstalled ADFS 2.0. One thing that we did differently the second time around is:
最初尝试:
1)运行FsConfig.exe GenerateSQLScripts命令,将SQL脚本复制到我们的SQL群集,然后使用sysadmin帐户执行它们$
2)使用/ CleanConfig选项运行FsConfig.exe CreateSQLFarm命令。
Originally Tried:
1) Running the FsConfig.exe GenerateSQLScripts command, copying the SQL scripts to our SQL cluster, and then executing them with a sysadmin account
2) Running the FsConfig.exe CreateSQLFarm command with the /CleanConfig option.
这次,我尝试过:
$
1)使ADFS服务帐户成为SQL群集上的系统管理员
2)运行不带/ CleanConfig选项的FsConfig.exe CreateSQLFarm命令
3)删除SQL群集上的ADFS服务帐户的sysadmin角色。
This time, I tried:
1) Making the ADFS service account a sysadmin on the SQL cluster
2) Running the FsConfig.exe CreateSQLFarm command without the /CleanConfig option
3) Removing the ADFS service account’s sysadmin role on the SQL cluster.
不确定此过程中的更改是否有所作为,但也许它可以帮助那些人。
Not sure that this change in procedure makes a difference, but maybe it'll help someone out there.
谢谢,
Frank
Thanks,
Frank
这篇关于AD FS 2.0 + AD FS配置数据库中的SQL操作,连接字符串数据源失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!