Kaushik Rangparia
asked on
Netscaler showing ADFS server state DOWN
Hi Experts,
We are facing an issue with our netscaler environment as the state for 2 ADFS servers (internal) is showing as Down. Because the ADFS servers are showing as down the requests are not redirecting causing issues with users accessing emails and SharePoint.
I have resolved this temporarily by redirecting traffic to our standby ADFS server , however, we need to get the production server up and running on netscaler. Both the servers are online and I can ping and RDP to these servers. Its a 2008 R2 server with ADFS 2.0 and I can access the management console for ADFS and no issues really there.
I have attached a couple of images to show what we are seeing in netscaler and hopefully this helps. It seems that it is trying to connect to the internal ADFS server on port 443 but unable to.
Hoping someone has come across these issues before and would be able to assist me.
Thanks for your help.
Regards,
Kaushik
ADFS_Down.png
ADFS_Down_2.png
We are facing an issue with our netscaler environment as the state for 2 ADFS servers (internal) is showing as Down. Because the ADFS servers are showing as down the requests are not redirecting causing issues with users accessing emails and SharePoint.
I have resolved this temporarily by redirecting traffic to our standby ADFS server , however, we need to get the production server up and running on netscaler. Both the servers are online and I can ping and RDP to these servers. Its a 2008 R2 server with ADFS 2.0 and I can access the management console for ADFS and no issues really there.
I have attached a couple of images to show what we are seeing in netscaler and hopefully this helps. It seems that it is trying to connect to the internal ADFS server on port 443 but unable to.
Hoping someone has come across these issues before and would be able to assist me.
Thanks for your help.
Regards,
Kaushik
ADFS_Down.png
ADFS_Down_2.png
You should be fine using an SSL vServer but just change the monitor to a basic tcp monitor instead of https
1. confirm snip is capable to connect via port 443 to backend server (if it doesn't talk nothing will work)
you can do capture diagnostic, or use ntrace command to see if any traffic coming back
shell -> nstcpdump.sh host <IP of backend ADFS> and port 443
2. configure ADFS monitor
create a custom http-ecv (secure as it is https with checkbox)
Send String: GET /federationmetadata/2007-0 6/federati onmetadata .xml
Receive String: <hostname>/adfs/services/t rust (you can do any string as that appear from the page)
Custom Header: HOST: <Hostname>\r\n
so it will send a lookup to your adfs url on https://<hostname>/federationmetad ata/2007-0 6/federati onmetadata .xml
and if returns with string " <hostname>/adfs/services/t rust", the monitor is considered that is up.
you can do capture diagnostic, or use ntrace command to see if any traffic coming back
shell -> nstcpdump.sh host <IP of backend ADFS> and port 443
2. configure ADFS monitor
create a custom http-ecv (secure as it is https with checkbox)
Send String: GET /federationmetadata/2007-0
Receive String: <hostname>/adfs/services/t
Custom Header: HOST: <Hostname>\r\n
so it will send a lookup to your adfs url on https://<hostname>/federationmetad
and if returns with string " <hostname>/adfs/services/t
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Instead of using HTTP with Port 443, can you try using TCP with port 443?
Thanks
Rich