AD FS Management Pack undocumented required configuration


When implementing the AD FS management pack in System Center Operations Manager and looking at the guide, the only required configuration you get, is:

  • Install SCOM 2007 R2 or 2007 SP1 agents on AD FS servers
  • Enable Agent Proxy on all AD FS servers.
  • Using the Add Role Services Wizard in Windows Server 2008, verify that the IIS 6 Management Compatibility and IIS 6 Metabase Compatibility role services are installed. (Some AD FS 2.0 scripts depend on Internet Information Services (IIS) Windows Management Instrumentation (WMI) objects being installed.)

We did just that: we installed SCOM 2012 (hey, MS told us the SCOM 2007 R2 management packs work in SCOM 2012!) and enabled agent proxy.

Next, on the AD FS servers, we added the IIS services IIS 6 Management Compatibility and IIS 6 Metabase Compatibility role service.

The discovery scripts kicked in, and our AD FS servers were discovered. Next, we noticed some alerts on AD FS:

AD FS 2.0 application pool Is Not Running On The Federation Server


But the alert is false. The application pool is running!



When looking at the monitor, you see that a powershell script is executed, trying to connect to root/MicrosoftIISv2. Using wbemtest, you will notice that root/MicrosoftIISv2 is not available.

To ensure this script works, add the following IIS services:

  • IIS Management Scripts and Tools
    • To enable managing IIS using WMI
  • IIS 6 WMI compatibility

    • To enable the provider root/MicrosoftIISv2

    No restart required. Just wait a few moments and the alerts will magically disappear!

Advertisements

4 Responses to AD FS Management Pack undocumented required configuration

  1. Devon says:

    Keep up the excellent work , I read few blog posts on this web site and I think that your site is rattling interesting and has circles of good info .

  2. Cristian says:

    Excelent work, resolves our issue!!

  3. Sai Prasad says:

    It worked for us as well :), Thank you

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s