none
Windows Server 2012 R2 - ADFS 3.0 - Stops responding with 503 error, have to reboot server RRS feed

  • General discussion

  • I have ADFS 3.0 running on a Windows 2012 R2 domain controller.

    We have been using it with WAP to publish all our web applications, SharePoint sites, Lync, Exchange etc.  This has been working fine for months.

    We have now just started to allow Workplace Join/Device Registration and we've enabled Device Authentication so our users don't need to login each time they visit some of our sites.

    The ADFS service now stops responding about once a day and users get a 503 error when trying to get to the login page. Restarting the ADFS service sometimes works, but only for a short period.  Restarting the server seems to be the only reliable way to get things back to normal. 

    The ADFS event log contain lots of Event ID 364 just before it stops responding:

    Exception details: 
    System.ObjectDisposedException: Cannot access a disposed object.
    Object name: 'System.Net.HttpListenerRequest'.
       at System.Net.HttpListenerRequest.GetKnownHeader(HttpRequestHeader header)
       at System.Net.HttpListenerRequest.get_ContentEncoding()
       at Microsoft.IdentityServer.Web.UI.PageBase..ctor(WrappedHttpListenerContext httpListenerContext, IList`1 customCulture)
       at Microsoft.IdentityServer.Web.UI.AuthenticationPageBase..ctor(WrappedHttpListenerContext context, ReadOnlyCollection`1 options, IAuthenticationHandler selectedOption, Boolean otherOptions, Boolean renderAllOptionsExplicitly, Boolean isSecondStageAuthentication, String username, Int32[] customLocales)
       at Microsoft.IdentityServer.Web.UI.ErrorPage..ctor(WrappedHttpListenerContext context, Exception exception, Boolean isSecondStageAuthentication, String username, ReadOnlyCollection`1 options, IAuthenticationHandler selectedOption, Boolean otherOptions, RelyingParty relyingParty)
       at Microsoft.IdentityServer.Web.UI.ErrorPage.WriteErrorPage(WrappedHttpListenerContext context, Exception exception, Boolean isSecondStageAuthentication, String username, ReadOnlyCollection`1 options, IAuthenticationHandler selectedOption, Boolean otherOptions, RelyingParty relyingParty)
    
    Original exception:
    
    Microsoft.IdentityServer.RequestFailedException: MSIS7012: An error occurred while processing the request. Contact your administrator for details. ---> System.Net.HttpListenerException: An operation was attempted on a nonexistent network connection
       at System.Net.HttpResponseStream.Write(Byte[] buffer, Int32 offset, Int32 size)
       at Microsoft.IdentityServer.WebHost.WrappedHttpListenerResponse.Close()
       at Microsoft.IdentityServer.Web.Protocols.MSISHttp.MSISHttpSignInMessageSerializer.WriteMessage(WrappedHttpListenerResponse response, WSFederationMessage message, Boolean is307Redirect)
       at Microsoft.IdentityServer.Web.Protocols.MSISHttp.MSISHttpProtocolHandler.SendSignInResponse(MSISHttpSignInRequestContext context, MSISSignInResponse response, Boolean isFederationResponse)
       --- End of inner exception stack trace ---
       at Microsoft.IdentityServer.Web.Protocols.MSISHttp.MSISHttpProtocolHandler.SendSignInResponse(MSISHttpSignInRequestContext context, MSISSignInResponse response, Boolean isFederationResponse)
       at Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler)
       at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
    
    System.Net.HttpListenerException (0x80004005): An operation was attempted on a nonexistent network connection
       at System.Net.HttpResponseStream.Write(Byte[] buffer, Int32 offset, Int32 size)
       at Microsoft.IdentityServer.WebHost.WrappedHttpListenerResponse.Close()
       at Microsoft.IdentityServer.Web.Protocols.MSISHttp.MSISHttpSignInMessageSerializer.WriteMessage(WrappedHttpListenerResponse response, WSFederationMessage message, Boolean is307Redirect)
       at Microsoft.IdentityServer.Web.Protocols.MSISHttp.MSISHttpProtocolHandler.SendSignInResponse(MSISHttpSignInRequestContext context, MSISSignInResponse response, Boolean isFederationResponse)
    
    Exception details: 
    Microsoft.IdentityServer.RequestFailedException: MSIS7012: An error occurred while processing the request. Contact your administrator for details. ---> System.Net.HttpListenerException: An operation was attempted on a nonexistent network connection
       at System.Net.HttpResponseStream.Write(Byte[] buffer, Int32 offset, Int32 size)
       at Microsoft.IdentityServer.WebHost.WrappedHttpListenerResponse.Close()
       at Microsoft.IdentityServer.Web.Protocols.MSISHttp.MSISHttpSignInMessageSerializer.WriteMessage(WrappedHttpListenerResponse response, WSFederationMessage message, Boolean is307Redirect)
       at Microsoft.IdentityServer.Web.Protocols.MSISHttp.MSISHttpProtocolHandler.SendSignInResponse(MSISHttpSignInRequestContext context, MSISSignInResponse response, Boolean isFederationResponse)
       --- End of inner exception stack trace ---
       at Microsoft.IdentityServer.Web.Protocols.MSISHttp.MSISHttpProtocolHandler.SendSignInResponse(MSISHttpSignInRequestContext context, MSISSignInResponse response, Boolean isFederationResponse)
       at Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler)
       at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
    
    System.Net.HttpListenerException (0x80004005): An operation was attempted on a nonexistent network connection
       at System.Net.HttpResponseStream.Write(Byte[] buffer, Int32 offset, Int32 size)
       at Microsoft.IdentityServer.WebHost.WrappedHttpListenerResponse.Close()
       at Microsoft.IdentityServer.Web.Protocols.MSISHttp.MSISHttpSignInMessageSerializer.WriteMessage(WrappedHttpListenerResponse response, WSFederationMessage message, Boolean is307Redirect)
       at Microsoft.IdentityServer.Web.Protocols.MSISHttp.MSISHttpProtocolHandler.SendSignInResponse(MSISHttpSignInRequestContext context, MSISSignInResponse response, Boolean isFederationResponse)

    Does anyone have any ideas?


    Friday, March 21, 2014 9:06 PM

All replies

  • If you have the means to raise a case with Microsoft, please do so. The information provided by itself wont help identify the root cause.

    M@

    Saturday, March 22, 2014 9:01 PM
  • Thanks - I was hoping to avoid having to open another support case for Windows Server 2012 R2.  I already have a few open for other bugs.

    Case opened: 114032311287637.  I will update this thread when I have further information.



    • Edited by DJL Sunday, March 23, 2014 8:07 PM
    Sunday, March 23, 2014 11:17 AM
  • This problem turned out to be an issue with our server running Web Application Proxy (WAP) / ADFS Proxy, rather than ADFS itself.

    There is a known performance issue with the WAP role and Microsoft has an unreleased patch for the issue which has fixed our problem - KB2948086.

    Tuesday, May 6, 2014 6:39 PM