locked
ADFS Error 543 There was an error during heartbeat communicating to primary federation server. RRS feed

  • Question

  • I just stood up a second adfs server for redundancy purposes and got no error messages during installation or the post instal configuration. Primary server is in Azure and secondary server is on a local VM. I have checked for network connectivity issues and time zone discrepancies but to no avail. 

    Error message showing up every five minutes on secondary adfs server

    There was an error during heartbeat communicating to primary federation server. 

    Primary server: 'ADFSserver' 

    Endpoint: 'http://ADFSserver/adfs/services/policystoretransfer' 

    Additional data 

    Exception details: 
    System.ServiceModel.FaultException: The formatter threw an exception while trying to deserialize the message: There was an error while trying to deserialize parameter http://schemas.microsoft.com/ws/2009/12/identityserver/protocols/policystore:maxBehaviorLevel. The InnerException message was 'Invalid enum value 'Win2019' cannot be deserialized into type 'Microsoft.IdentityServer.FarmBehavior'. Ensure that the necessary enum values are present and are marked with EnumMemberAttribute attribute if the type has DataContractAttribute attribute.'.  Please see InnerException for more details.

    Server stack trace: 
       at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
       at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
       at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
       at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

    Exception rethrown at [0]: 
       at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
       at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
       at Microsoft.IdentityServer.Protocols.PolicyStore.IPolicyStoreReadOnlyTransfer.RegisterHeartbeat(String fqdn, FarmBehavior maxBehaviorLevel, String nodeType)
       at Microsoft.IdentityServer.Service.Heartbeat.HeartbeatManager.RegisterSecondaryHeartbeat(String fqdn, FarmBehavior maxBehaviorLevel, String nodeInformation) 

    User Action 
     Make sure the primary federation server is available or the service account identity of this machine matches the service account identity of the primary federation server.

    Monday, April 15, 2019 9:57 PM

All replies

  • Hello, need to make sure both pri and sec servers are communicating with each other.I am assumiong you have a S2S VPN connectivity between your local datacenter and Azure. If can you ping both servers from each other?

    Are both servers running the same version for Windows?


    Isaac Oben MCITP:EA, MCSE,MCC <a href="https://www.mcpvirtualbusinesscard.com/VBCServer/4a046848-4b33-4a28-b254-e5b01e29693e/interactivecard"> View my MCP Certifications</a>

    Tuesday, April 16, 2019 4:57 AM
  • That's correct we have a S2S VPN and they are are to communicate. I pinged and that works fine I have also use test-netconnection using specific port 80 and 443 and everything is going through the tunnel. One server is running 2016 and the secondary server is running 2019. 
    Tuesday, April 16, 2019 7:16 PM
  • So update I removed the server from the farm and added it back to the ADFS farm. I am still getting the same error. Could this be because one is 2019 and the other is 2016?

    Primary server: 'ADFSserver' 

    Endpoint: 'http://ADFSserver/adfs/services/policystoretransfer' 

    Additional data 

    Exception details: 
    System.ServiceModel.FaultException: The formatter threw an exception while trying to deserialize the message: There was an error while trying to deserialize parameter http://schemas.microsoft.com/ws/2009/12/identityserver/protocols/policystore:maxBehaviorLevel. The InnerException message was 'Invalid enum value 'Win2019' cannot be deserialized into type 'Microsoft.IdentityServer.FarmBehavior'. Ensure that the necessary enum values are present and are marked with EnumMemberAttribute attribute if the type has DataContractAttribute attribute.'.  Please see InnerException for more details.

    Wednesday, April 17, 2019 6:03 PM
  • i have the same problem

    current primary server is running 2016 OS

    just added in 2019 server and have the Event 543

    Thursday, April 18, 2019 12:02 AM
  • Hello,

    What is the current  Farm behavior? You can run this PowerShell command: Get-AdfsProperties | Select CurrentFarmBehavior

    I will suggest to make the Win2019 the primary ADFS Server by running this command on the 2019 server:  Set-AdfsSyncProperties -Role PrimaryComputer

    After that,run this on the secondary 2016 server:

    Set-AdfsSyncProperties -Role SecondaryComputer -PrimaryComputerName {FQDN of 2019 server}

    Then update all WAP servers as well:

    $trustcred = Get-Credential -Message "Enter Domain Administrator credentials"
    Install-WebApplicationProxy -CertificateThumbprint {SSLCert} -fsname fsname -FederationServiceTrustCredential $trustcred

    Hope this helps


    Isaac Oben MCITP:EA, MCSE,MCC <a href="https://www.mcpvirtualbusinesscard.com/VBCServer/4a046848-4b33-4a28-b254-e5b01e29693e/interactivecard"> View my MCP Certifications</a>

    Thursday, April 18, 2019 4:58 AM
  • Hi

    We have the same problem - same messages exactly. We are a bit concerned about moving the primary role to a server that doesn't seem to be happy in the first place. Has anyone with this problem done what Isaac suggested, and if so, did it work?

    Thanks

    Max Caines

    Thursday, February 20, 2020 10:10 AM
  • I am running into the same problem with a newly installed Windows Server 2019 added into an existing Windows Server 2016 ADFS farm. Is there anything details on what are the implications of this issue, and how to fix it. 

    Kimmo Bergius, CTO & Senior Consultant @ Sulava Oy https://twitter.com/KBergius https://fi.linkedin.com/in/kimmobergius

    Tuesday, March 24, 2020 6:06 AM