Verify that the federation server is operational

  • Article

Applies To: Azure, Office 365, Power BI, Windows Intune

You can use the following procedures to verify that a federation server (weather it was configured as the first federation server in a federation server farm or added to a federation server farm) is operational; that is, that any client on the same network can reach a new federation server.

  • AD FS 2.0 on Windows Server 2008 or Windows Server 2008 R2

  • AD FS on Windows Server 2012

AD FS 2.0 on Windows Server 2008 or Windows Server 2008 R2

Procedure 1: To verify that the federation server is operational)

  1. Log on to a client computer that is located in the same forest as the federation server.

  2. Open a browser window. In the address bar, type the federation server’s DNS host name, and then append /FederationMetadata/2007-06/FederationMetadata.xml to it for the new federation server; for example:

    https://fs1.fabrikam.com/FederationMetadata/2007-06/FederationMetadata.xml

  3. Press ENTER, and then complete the next procedure on the federation server computer. If you see the message There is a problem with this website’s security certificate, click Continue to this website.

    The expected output is a display of XML with the service description document. If this page appears, IIS on the federation server is operational and serving pages successfully.

Procedure 2: To verify that the federation server is operational

  1. Log on to the new federation server as an Administrator.

  2. Click Start, point to Administrative Tools, and then click Event Viewer.

  3. In the details pane, double-click Applications and Services Logs, double-click AD FS 2.0 Eventing, and then click Admin.

  4. In the Event ID column, look for event ID 100. If the federation server is configured properly, you see a new event—in the Application log of Event Viewer—with the event ID 100. This event verifies that the federation server was able to successfully communicate with the Federation Service.

AD FS on Windows Server 2012

Procedure 1: To verify that a federation server is operational

  1. To verify that Internet Information Services (IIS) is configured correctly on the federation server, log on to a client computer that is located in the same forest as the federation server.

  2. Open a browser window, in the address bar type the federation server’s DNS host name, and then append /adfs/fs/federationserverservice.asmx to it for the new federation server, for example:

    https://fs1.fabrikam.com/adfs/fs/federationserverservice.asmx

  3. Press ENTER, and then complete the next procedure on the federation server computer. If you see the message There is a problem with this website’s security certificate, click Continue to this website.

    The expected output is a display of XML with the service description document. If this page appears, IIS on the federation server is operational and serving pages successfully.

Procedure 2: To verify that a federation server is operational

  1. Log on to the new federation server as an administrator.

  2. On the Start screen, type Event Viewer, and then press ENTER.

  3. In the details pane, double-click Applications and Services Logs, double-click AD FS Eventing, and then click Admin.

  4. In the Event ID column, look for event ID 100. If the federation server is configured properly, you see a new event—in the Application log of Event Viewer—with the event ID 100. This event verifies that the federation server was able to successfully communicate with the Federation Service.

Next step

Now that you have verified that the federation servers are operational, the next step is to Prepare your network infrastructure for configuring extranet access.

See Also

Concepts

Checklist: Deploy your federation server farm on legacy versions of Windows Server
Checklist: Use AD FS to implement and manage single sign-on