Posts

Showing posts from June, 2014

ADFS 2.0 - Fixing Broken FederationMetadata

Problem: Active Directory Federation Services's FederationMetadata once failed to be published. Just out of the blue. Whether it was updates or anything but A is A. The usual URL like "https://adfs.server.com:443/FederationMetadata/2007-06/FederationMetadata.xml" was not working so any federated partner will fail to get any changes from local ADFS automatically. After brief search, the reason was found: the Access Control List for FederationMetadata/2007-06/ was removed, hence IIS was redirecting the request to the static file, and not to the adfs service endpoint: >> netsh http show urlacl     Reserved URL            : http://+:80/adfs/services/         User: NT SERVICE\adfssrv             Listen: Yes             Delegate: Yes             SDDL: D:(A;;GA;;;S-1-5-80-2246541699-21809830-3603976364-117610243-975697593)     Reserved URL            : https://+:443/adfs/services/         User: NT SERVICE\adfssrv             Listen: Yes             Deleg