I am building a standalone adfs server to connect CRM which is hosted by Microsoft. The problem I'm having is whenever I go to https://example.mycompany.com/FederationMetadata/2007-06/ I receive 404 and 500 errors. However I can sign in and out of this url
just fine https://example.mycompany.com/adfs/ls/IdpInitiatedSignon.aspx. I am using a the same wild card cert for the service communication and token signing my token decrypting cert is a self signed one. Also I have noticed
the below error in my event viewer. Also the account that I'm using for the adfs service has read access to all the certs and has full access on the WIF database. Any help would be much appreciated. Also I can access these two urls just fine https://example.mycompany.com/adfs/fs/Federationserverservice.asmx
https://example.mycompany.com/adfs/services/trust/mex.
Log Name: AD FS 2.0/Admin
Source: AD FS 2.0
Date: 7/29/2013 7:05:37 PM
Event ID: 143
Task Category: None
Level: Warning
Keywords: AD FS
User: example\test
Computer: example.mycompany.com
Description:
The Federation Service was unable to create the federation metadata document as a result of an error.
Document Path: /federationmetadata/2007-06/federationmetadata.xml
Additional Data
Exception details:
Microsoft.IdentityServer.PolicyModel.Client.StorageAuthorizationException: ADMIN0120: The client is not authorized to access the endpoint net.tcp://localhost:1500/policy. The client process must be run with elevated administrative privileges.
at Microsoft.IdentityServer.PolicyModel.Client.PolicyStoreClientManager.SearchWorker(Filter filter, Int32 maxObjects, String[] propertyNames, Boolean firstTry, PropertyFactoryBase propertyFactory)
at Microsoft.IdentityServer.PolicyModel.Client.PolicyManager.Search(Filter filter, Int32 maxObjects, String[] propertyNames)
at Microsoft.IdentityServer.Service.FederationMetadata.SamlMetadataService.GetConfiguredClaims(ServiceState state)
at Microsoft.IdentityServer.Service.FederationMetadata.SamlMetadataService.GenerateMetadata(ServiceState state)
at Microsoft.IdentityServer.Service.FederationMetadata.SamlMetadataListener.OnGetContext(IAsyncResult result)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="AD FS 2.0" Guid="{20E25DDB-09E5-404B-8A56-EDAE2F12EE81}" />
<EventID>143</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000001</Keywords>
<TimeCreated SystemTime="2013-07-30T00:05:37.005215700Z" />
<EventRecordID>269</EventRecordID>
<Correlation />
<Execution ProcessID="2068" ThreadID="2188" />
<Channel>AD FS 2.0/Admin</Channel>
<Computer>ADFS.onealsteel.com</Computer>
<Security UserID="S-1-5-21-1063662291-1518012612-666385194-21359" />
</System>
<UserData>
<Event xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://schemas.microsoft.com/ActiveDirectoryFederationServices/2.0/Events">
<EventData>
<Data>/federationmetadata/2007-06/federationmetadata.xml</Data>
<Data>Microsoft.IdentityServer.PolicyModel.Client.StorageAuthorizationException: ADMIN0120: The client is not authorized to access the endpoint net.tcp://localhost:1500/policy. The client process must be run
with elevated administrative privileges.
at Microsoft.IdentityServer.PolicyModel.Client.PolicyStoreClientManager.SearchWorker(Filter filter, Int32 maxObjects, String[] propertyNames, Boolean firstTry, PropertyFactoryBase propertyFactory)
at Microsoft.IdentityServer.PolicyModel.Client.PolicyManager.Search(Filter filter, Int32 maxObjects, String[] propertyNames)
at Microsoft.IdentityServer.Service.FederationMetadata.SamlMetadataService.GetConfiguredClaims(ServiceState state)
at Microsoft.IdentityServer.Service.FederationMetadata.SamlMetadataService.GenerateMetadata(ServiceState state)
at Microsoft.IdentityServer.Service.FederationMetadata.SamlMetadataListener.OnGetContext(IAsyncResult result)</Data>
</EventData>
</Event>
</UserData>
</Event>