locked
ADFS 4.0 fails to connect to ADFS Database after installing Patch 2017-05 on Windows Server 2016 RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    i have trouble getting my ADFS Server running Windows 2016 patched to 2017-05 (KB4019472). Everytime i update the Machine, the ADFS Server starts one time but responds with Internal error 500, after trying to restart the ADFS Service, it fails to come up again. Only way to get ADFS running again is to roll back the whole VM and the Configuration Database (MSSQL 2014).

    I can found the following errors in my event logs:

    The Federation Service configuration could not be loaded correctly from the AD FS configuration database. 
Additional Data 
Error:  
ADMIN0012: OperationFault

    and

    The certificate management service encountered an error during database access. 

Additional Data: 
Diagnosis: ADMIN0012: OperationFault 

User Action 
Confirm that the SQL store is online.

    It looks like the System is no longer able to connect to the database after installing 2017-05 Patch.

    Anyone encounter this problem or have a hint to fix this?

    Update: It looks like the database gets corrupt on every adfs service start with installed 2017-05 Patch. If i restore the database, i can start adfs one time (but only serves error 500). If i stop the service and try to start it again fails again with no database connection error.




    Wednesday, May 31, 2017 8:52 AM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    I found the solution here: http://blog.ollischer.com/howto-install-and-configure-microsoft-active-directory-federation-services-3-0-adfs-3-0

    I use a German SQL Server 2014 on a different Server as backend for ADFS. After checking the Service User Account in the Database i found that default language was set to "german" (since setup of this ADFS Server), so i switched it to english and restartet the ADFS service... voilà ADFS is backup again.

    So language was the right direction, just at a different location.

    Thursday, June 8, 2017 3:19 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    It might sound like a long shot but... Are you using any language pack or have you set the local language of the OS to something different than en-us?

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Thursday, June 1, 2017 2:13 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    No, install is en_us and no language packs installed. Only Region Settings and Keyboard is set to de-de.

    For me it looks like the database get corrupted on first ADFS start after installing KB4019472.

    I can repeat this issue

    1. Restore Database

    2. Start ADFS (works) but throws error 500

    3. Stop ADFS

    4. Start ADFS again (fails, The Federation Service configuration could not be loaded correctly from the AD FS configuration database)

    5. back to 1.

    Rollback the Machine and Database works. But i don't want to live without this security update :(

    Thursday, June 1, 2017 8:40 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Can't repro on my labs. Can you enable the debug log for ADFS in the event viewer and see if you have more data there?

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Friday, June 2, 2017 4:54 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    i enabled debug log and will provide the logs soon, i have to announce a downtime of our ADFS to my users and install that update again.

    Thanks you

    Wednesday, June 7, 2017 7:34 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    I found the solution here: http://blog.ollischer.com/howto-install-and-configure-microsoft-active-directory-federation-services-3-0-adfs-3-0

    I use a German SQL Server 2014 on a different Server as backend for ADFS. After checking the Service User Account in the Database i found that default language was set to "german" (since setup of this ADFS Server), so i switched it to english and restartet the ADFS service... voilà ADFS is backup again.

    So language was the right direction, just at a different location.

    Thursday, June 8, 2017 3:19 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Great! Thanks for letting us know!

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Thursday, June 8, 2017 4:03 PM