我尝试通过ADFS为Office 365配置SSO,并尝试使用AD DC为我的虚拟机(Windows Server 2012 R2)配置SSO。 ADFS安装在我的VM上。我的VM位于路由器后面,我已经将端口转发到我的VM,特别是80,443,5985端口。
我已成功安装Windows Server 2012 R2的最新更新和ADFS的个别更新(特别是KB3018886,KB3020773,KB3025078,KB3033917,KB3035025,KB3052122)。
我在AD上创建了额外的UPN后缀。
我使用以下脚本来实现目标。
clear-host
$ErrorActionPreference = "Stop"
$adfsServerAddress = "example.com"
$domainName = "example.com"
$cred = Get-Credential -Message "Enter a Global Administrator account from Office 365"
Write-Host "Connecting to Microsoft Online Services with the credential" -foreground Green
Connect-MsolService -Credential $cred
Enable-PSRemoting -Force
Write-Host "Setting of the MSOL ADFS Context server to the ADFS server" -foreground Green
Set-MsolADFSContext -Computer $adfsServerAddress -logfile c:\log.txt
Write-Host "Converting of the domain to a federated domain" -foreground Green
Convert-MsolDomainToFederated -DomainName $domainName
Write-Host "Verifying federation" -foreground Green
Get-MsolFederationProperty -DomainName $domainName
在我的情况下,UPN后缀,$ adfsServerAddress和$ domainName是相同的。脚本正在我的VM上运行。
脚本在cmdlet Set-MsolADFSContext上失败。错误信息是
Set-MsolADFSContext : The connection to example.com Active Directory
Federation Services 2.0 server failed due to invalid credentials.
At C:\Users\Administrator\Desktop\Office 365 ADFS configuration.ps1:16 char:1
+ Set-MsolADFSContext -Computer $adfsServerAddress -logfile c:\log.txt
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Set-MsolADFSContext], Fed
erationException
+ FullyQualifiedErrorId : ConnectionToGenevaServerFailed,Microsoft.Online.
Identity.Federation.Powershell.ContextCredentialsCommand
我有以下日志。
8/28/2015 3:47:38 AM Command Set-MsolADFSContext invoked.
8/28/2015 3:47:38 AM Creating ADFS Server PS session.
8/28/2015 3:47:38 AM ContextCredentialsCommand:CreatePowerShellSessionToGenevaServer: Invoked.
8/28/2015 3:47:38 AM Creating PS session to 'example.com' ADFS server
8/28/2015 3:47:38 AM Connect using current logged-on user creds.
8/28/2015 3:47:38 AM Runspace Connection info: Scheme:http Port:5985, AuthenticationType:Default Uri:example.com AppName:wsman, Shell:http://schemas.microsoft.com/powershell/Microsoft.PowerShell
8/28/2015 3:47:38 AM Connection Uri: http://example.com:5985/wsman/
8/28/2015 3:47:38 AM Opening runspace to 'http://example.com:5985/wsman/'
8/28/2015 3:47:39 AM System.Management.Automation.Remoting.PSRemotingTransportException: Connecting to remote server example.com failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". For more information, see the about_Remote_Troubleshooting Help topic.
at System.Management.Automation.Runspaces.Internal.RunspacePoolInternal.EndOpen(IAsyncResult asyncResult)
at Microsoft.Online.Identity.Federation.Powershell.PowerShellSession.VerifyAndReconnectRunSpacePool()
8/28/2015 3:47:39 AM fullyQualifiedErrorId: System.Management.Automation.Remoting.PSRemotingDataStructureException
8/28/2015 3:47:39 AM Command failed: Microsoft.Online.Identity.Federation.Powershell.IdentityFederationException: Connecting to remote server example.com failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". For more information, see the about_Remote_Troubleshooting Help topic.
at Microsoft.Online.Identity.Federation.Powershell.PowerShellSession.ParseAndThrowErrorRecord(ErrorRecord errorRecord, String overRideErrorId)
at Microsoft.Online.Identity.Federation.Powershell.PowerShellSession.VerifyAndReconnectRunSpacePool()
at Microsoft.Online.Identity.Federation.Powershell.ContextCredentialsCommand.OpenToGenevaServer(PSCredential serverCredential)
at Microsoft.Online.Identity.Federation.Powershell.ContextCredentialsCommand.<>c__DisplayClass2.<CreatePowerShellSessionToGenevaServer>b__0()
at Microsoft.Online.Identity.Federation.Powershell.Utility.InvokeOperationWithRetry(Action operation, Type exceptionType, String errorId, Int32 retryCount, Int32 retryWaitTimeInMilliseconds)
8/28/2015 3:47:39 AM Retry errorId: ConnectionToGenevaServerFailed
8/28/2015 3:47:39 AM Retry exception: Microsoft.Online.Identity.Federation.Powershell.IdentityFederationException
8/28/2015 3:47:40 AM Going to sleep mode for 1000 milliseconds before reattempt - 2
8/28/2015 3:47:41 AM Runspace Connection info: Scheme:http Port:5985, AuthenticationType:Default Uri:example.com AppName:wsman, Shell:http://schemas.microsoft.com/powershell/Microsoft.PowerShell
8/28/2015 3:47:41 AM Connection Uri: http://example.com:5985/wsman/
8/28/2015 3:47:41 AM Opening runspace to 'http://example.com:5985/wsman/'
8/28/2015 3:47:42 AM System.Management.Automation.Remoting.PSRemotingTransportException: Connecting to remote server example.com failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". For more information, see the about_Remote_Troubleshooting Help topic.
at System.Management.Automation.Runspaces.Internal.RunspacePoolInternal.EndOpen(IAsyncResult asyncResult)
at Microsoft.Online.Identity.Federation.Powershell.PowerShellSession.VerifyAndReconnectRunSpacePool()
8/28/2015 3:47:42 AM fullyQualifiedErrorId: System.Management.Automation.Remoting.PSRemotingDataStructureException
8/28/2015 3:47:42 AM Command failed: Microsoft.Online.Identity.Federation.Powershell.IdentityFederationException: Connecting to remote server example.com failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". For more information, see the about_Remote_Troubleshooting Help topic.
at Microsoft.Online.Identity.Federation.Powershell.PowerShellSession.ParseAndThrowErrorRecord(ErrorRecord errorRecord, String overRideErrorId)
at Microsoft.Online.Identity.Federation.Powershell.PowerShellSession.VerifyAndReconnectRunSpacePool()
at Microsoft.Online.Identity.Federation.Powershell.ContextCredentialsCommand.OpenToGenevaServer(PSCredential serverCredential)
at Microsoft.Online.Identity.Federation.Powershell.ContextCredentialsCommand.<>c__DisplayClass2.<CreatePowerShellSessionToGenevaServer>b__0()
at Microsoft.Online.Identity.Federation.Powershell.Utility.InvokeOperationWithRetry(Action operation, Type exceptionType, String errorId, Int32 retryCount, Int32 retryWaitTimeInMilliseconds)
8/28/2015 3:47:42 AM Retry errorId: ConnectionToGenevaServerFailed
8/28/2015 3:47:42 AM Retry exception: Microsoft.Online.Identity.Federation.Powershell.IdentityFederationException
8/28/2015 3:47:42 AM Going to sleep mode for 2000 milliseconds before reattempt - 3
8/28/2015 3:47:44 AM Runspace Connection info: Scheme:http Port:5985, AuthenticationType:Default Uri:example.com AppName:wsman, Shell:http://schemas.microsoft.com/powershell/Microsoft.PowerShell
8/28/2015 3:47:44 AM Connection Uri: http://example.com:5985/wsman/
8/28/2015 3:47:44 AM Opening runspace to 'http://example.com:5985/wsman/'
8/28/2015 3:47:45 AM System.Management.Automation.Remoting.PSRemotingTransportException: Connecting to remote server example.com failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". For more information, see the about_Remote_Troubleshooting Help topic.
at System.Management.Automation.Runspaces.Internal.RunspacePoolInternal.EndOpen(IAsyncResult asyncResult)
at Microsoft.Online.Identity.Federation.Powershell.PowerShellSession.VerifyAndReconnectRunSpacePool()
8/28/2015 3:47:45 AM fullyQualifiedErrorId: System.Management.Automation.Remoting.PSRemotingDataStructureException
8/28/2015 3:47:45 AM Command failed: Microsoft.Online.Identity.Federation.Powershell.IdentityFederationException: Connecting to remote server example.com failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". For more information, see the about_Remote_Troubleshooting Help topic.
at Microsoft.Online.Identity.Federation.Powershell.PowerShellSession.ParseAndThrowErrorRecord(ErrorRecord errorRecord, String overRideErrorId)
at Microsoft.Online.Identity.Federation.Powershell.PowerShellSession.VerifyAndReconnectRunSpacePool()
at Microsoft.Online.Identity.Federation.Powershell.ContextCredentialsCommand.OpenToGenevaServer(PSCredential serverCredential)
at Microsoft.Online.Identity.Federation.Powershell.ContextCredentialsCommand.<>c__DisplayClass2.<CreatePowerShellSessionToGenevaServer>b__0()
at Microsoft.Online.Identity.Federation.Powershell.Utility.InvokeOperationWithRetry(Action operation, Type exceptionType, String errorId, Int32 retryCount, Int32 retryWaitTimeInMilliseconds)
8/28/2015 3:47:45 AM Retry errorId: ConnectionToGenevaServerFailed
8/28/2015 3:47:45 AM Retry exception: Microsoft.Online.Identity.Federation.Powershell.IdentityFederationException
8/28/2015 3:47:45 AM Failure after too many retry attempts...
8/28/2015 3:47:45 AM Wrong credentials to ADFS Server connection, attempt #'1'
8/28/2015 3:47:45 AM Prompting the user for 'example.com' ADFS Server creds.
8/28/2015 3:47:45 AM ContextCredentialsCommand:GetServerCredentials: Invoked.
8/28/2015 3:47:55 AM Runspace Connection info: Scheme:http Port:5985, AuthenticationType:Default Uri:example.com AppName:wsman, Shell:http://schemas.microsoft.com/powershell/Microsoft.PowerShell
8/28/2015 3:47:55 AM Connection Uri: http://example.com:5985/wsman/
8/28/2015 3:47:55 AM Opening runspace to 'http://example.com:5985/wsman/'
8/28/2015 3:47:56 AM System.Management.Automation.Remoting.PSRemotingTransportException: Connecting to remote server example.com failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". For more information, see the about_Remote_Troubleshooting Help topic.
at System.Management.Automation.Runspaces.Internal.RunspacePoolInternal.EndOpen(IAsyncResult asyncResult)
at Microsoft.Online.Identity.Federation.Powershell.PowerShellSession.VerifyAndReconnectRunSpacePool()
8/28/2015 3:47:56 AM fullyQualifiedErrorId: System.Management.Automation.Remoting.PSRemotingDataStructureException
8/28/2015 3:47:56 AM Command failed: Microsoft.Online.Identity.Federation.Powershell.IdentityFederationException: Connecting to remote server example.com failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". For more information, see the about_Remote_Troubleshooting Help topic.
at Microsoft.Online.Identity.Federation.Powershell.PowerShellSession.ParseAndThrowErrorRecord(ErrorRecord errorRecord, String overRideErrorId)
at Microsoft.Online.Identity.Federation.Powershell.PowerShellSession.VerifyAndReconnectRunSpacePool()
at Microsoft.Online.Identity.Federation.Powershell.ContextCredentialsCommand.OpenToGenevaServer(PSCredential serverCredential)
at Microsoft.Online.Identity.Federation.Powershell.ContextCredentialsCommand.<>c__DisplayClass2.<CreatePowerShellSessionToGenevaServer>b__0()
at Microsoft.Online.Identity.Federation.Powershell.Utility.InvokeOperationWithRetry(Action operation, Type exceptionType, String errorId, Int32 retryCount, Int32 retryWaitTimeInMilliseconds)
8/28/2015 3:47:56 AM Retry errorId: ConnectionToGenevaServerFailed
8/28/2015 3:47:56 AM Retry exception: Microsoft.Online.Identity.Federation.Powershell.IdentityFederationException
8/28/2015 3:47:56 AM Going to sleep mode for 1000 milliseconds before reattempt - 2
8/28/2015 3:47:57 AM Runspace Connection info: Scheme:http Port:5985, AuthenticationType:Default Uri:example.com AppName:wsman, Shell:http://schemas.microsoft.com/powershell/Microsoft.PowerShell
8/28/2015 3:47:57 AM Connection Uri: http://example.com:5985/wsman/
8/28/2015 3:47:57 AM Opening runspace to 'http://example.com:5985/wsman/'
8/28/2015 3:47:58 AM System.Management.Automation.Remoting.PSRemotingTransportException: Connecting to remote server example.com failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". For more information, see the about_Remote_Troubleshooting Help topic.
at System.Management.Automation.Runspaces.Internal.RunspacePoolInternal.EndOpen(IAsyncResult asyncResult)
at Microsoft.Online.Identity.Federation.Powershell.PowerShellSession.VerifyAndReconnectRunSpacePool()
8/28/2015 3:47:58 AM fullyQualifiedErrorId: System.Management.Automation.Remoting.PSRemotingDataStructureException
8/28/2015 3:47:58 AM Command failed: Microsoft.Online.Identity.Federation.Powershell.IdentityFederationException: Connecting to remote server example.com failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". For more information, see the about_Remote_Troubleshooting Help topic.
at Microsoft.Online.Identity.Federation.Powershell.PowerShellSession.ParseAndThrowErrorRecord(ErrorRecord errorRecord, String overRideErrorId)
at Microsoft.Online.Identity.Federation.Powershell.PowerShellSession.VerifyAndReconnectRunSpacePool()
at Microsoft.Online.Identity.Federation.Powershell.ContextCredentialsCommand.OpenToGenevaServer(PSCredential serverCredential)
at Microsoft.Online.Identity.Federation.Powershell.ContextCredentialsCommand.<>c__DisplayClass2.<CreatePowerShellSessionToGenevaServer>b__0()
at Microsoft.Online.Identity.Federation.Powershell.Utility.InvokeOperationWithRetry(Action operation, Type exceptionType, String errorId, Int32 retryCount, Int32 retryWaitTimeInMilliseconds)
8/28/2015 3:47:58 AM Retry errorId: ConnectionToGenevaServerFailed
8/28/2015 3:47:58 AM Retry exception: Microsoft.Online.Identity.Federation.Powershell.IdentityFederationException
8/28/2015 3:47:58 AM Going to sleep mode for 2000 milliseconds before reattempt - 3
8/28/2015 3:48:00 AM Runspace Connection info: Scheme:http Port:5985, AuthenticationType:Default Uri:example.com AppName:wsman, Shell:http://schemas.microsoft.com/powershell/Microsoft.PowerShell
8/28/2015 3:48:00 AM Connection Uri: http://example.com:5985/wsman/
8/28/2015 3:48:00 AM Opening runspace to 'http://example.com:5985/wsman/'
8/28/2015 3:48:01 AM System.Management.Automation.Remoting.PSRemotingTransportException: Connecting to remote server example.com failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". For more information, see the about_Remote_Troubleshooting Help topic.
at System.Management.Automation.Runspaces.Internal.RunspacePoolInternal.EndOpen(IAsyncResult asyncResult)
at Microsoft.Online.Identity.Federation.Powershell.PowerShellSession.VerifyAndReconnectRunSpacePool()
8/28/2015 3:48:01 AM fullyQualifiedErrorId: System.Management.Automation.Remoting.PSRemotingDataStructureException
8/28/2015 3:48:01 AM Command failed: Microsoft.Online.Identity.Federation.Powershell.IdentityFederationException: Connecting to remote server example.com failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". For more information, see the about_Remote_Troubleshooting Help topic.
at Microsoft.Online.Identity.Federation.Powershell.PowerShellSession.ParseAndThrowErrorRecord(ErrorRecord errorRecord, String overRideErrorId)
at Microsoft.Online.Identity.Federation.Powershell.PowerShellSession.VerifyAndReconnectRunSpacePool()
at Microsoft.Online.Identity.Federation.Powershell.ContextCredentialsCommand.OpenToGenevaServer(PSCredential serverCredential)
at Microsoft.Online.Identity.Federation.Powershell.ContextCredentialsCommand.<>c__DisplayClass2.<CreatePowerShellSessionToGenevaServer>b__0()
at Microsoft.Online.Identity.Federation.Powershell.Utility.InvokeOperationWithRetry(Action operation, Type exceptionType, String errorId, Int32 retryCount, Int32 retryWaitTimeInMilliseconds)
8/28/2015 3:48:01 AM Retry errorId: ConnectionToGenevaServerFailed
8/28/2015 3:48:01 AM Retry exception: Microsoft.Online.Identity.Federation.Powershell.IdentityFederationException
8/28/2015 3:48:01 AM Failure after too many retry attempts...
8/28/2015 3:48:01 AM Wrong credentials to ADFS Server connection, attempt #'2'
8/28/2015 3:48:01 AM Prompting the user for 'example.com' ADFS Server creds.
8/28/2015 3:48:01 AM ContextCredentialsCommand:GetServerCredentials: Invoked.
8/28/2015 3:48:17 AM Runspace Connection info: Scheme:http Port:5985, AuthenticationType:Default Uri:example.com AppName:wsman, Shell:http://schemas.microsoft.com/powershell/Microsoft.PowerShell
8/28/2015 3:48:17 AM Connection Uri: http://example.com:5985/wsman/
8/28/2015 3:48:17 AM Opening runspace to 'http://example.com:5985/wsman/'
8/28/2015 3:48:18 AM System.Management.Automation.Remoting.PSRemotingTransportException: Connecting to remote server example.com failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". For more information, see the about_Remote_Troubleshooting Help topic.
at System.Management.Automation.Runspaces.Internal.RunspacePoolInternal.EndOpen(IAsyncResult asyncResult)
at Microsoft.Online.Identity.Federation.Powershell.PowerShellSession.VerifyAndReconnectRunSpacePool()
8/28/2015 3:48:18 AM fullyQualifiedErrorId: System.Management.Automation.Remoting.PSRemotingDataStructureException
8/28/2015 3:48:18 AM Command failed: Microsoft.Online.Identity.Federation.Powershell.IdentityFederationException: Connecting to remote server example.com failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". For more information, see the about_Remote_Troubleshooting Help topic.
at Microsoft.Online.Identity.Federation.Powershell.PowerShellSession.ParseAndThrowErrorRecord(ErrorRecord errorRecord, String overRideErrorId)
at Microsoft.Online.Identity.Federation.Powershell.PowerShellSession.VerifyAndReconnectRunSpacePool()
at Microsoft.Online.Identity.Federation.Powershell.ContextCredentialsCommand.OpenToGenevaServer(PSCredential serverCredential)
at Microsoft.Online.Identity.Federation.Powershell.ContextCredentialsCommand.<>c__DisplayClass2.<CreatePowerShellSessionToGenevaServer>b__0()
at Microsoft.Online.Identity.Federation.Powershell.Utility.InvokeOperationWithRetry(Action operation, Type exceptionType, String errorId, Int32 retryCount, Int32 retryWaitTimeInMilliseconds)
8/28/2015 3:48:18 AM Retry errorId: ConnectionToGenevaServerFailed
8/28/2015 3:48:18 AM Retry exception: Microsoft.Online.Identity.Federation.Powershell.IdentityFederationException
8/28/2015 3:48:18 AM Going to sleep mode for 1000 milliseconds before reattempt - 2
8/28/2015 3:48:19 AM Runspace Connection info: Scheme:http Port:5985, AuthenticationType:Default Uri:example.com AppName:wsman, Shell:http://schemas.microsoft.com/powershell/Microsoft.PowerShell
8/28/2015 3:48:19 AM Connection Uri: http://example.com:5985/wsman/
8/28/2015 3:48:19 AM Opening runspace to 'http://example.com:5985/wsman/'
8/28/2015 3:48:20 AM System.Management.Automation.Remoting.PSRemotingTransportException: Connecting to remote server example.com failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". For more information, see the about_Remote_Troubleshooting Help topic.
at System.Management.Automation.Runspaces.Internal.RunspacePoolInternal.EndOpen(IAsyncResult asyncResult)
at Microsoft.Online.Identity.Federation.Powershell.PowerShellSession.VerifyAndReconnectRunSpacePool()
8/28/2015 3:48:20 AM fullyQualifiedErrorId: System.Management.Automation.Remoting.PSRemotingDataStructureException
8/28/2015 3:48:20 AM Command failed: Microsoft.Online.Identity.Federation.Powershell.IdentityFederationException: Connecting to remote server example.com failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". For more information, see the about_Remote_Troubleshooting Help topic.
at Microsoft.Online.Identity.Federation.Powershell.PowerShellSession.ParseAndThrowErrorRecord(ErrorRecord errorRecord, String overRideErrorId)
at Microsoft.Online.Identity.Federation.Powershell.PowerShellSession.VerifyAndReconnectRunSpacePool()
at Microsoft.Online.Identity.Federation.Powershell.ContextCredentialsCommand.OpenToGenevaServer(PSCredential serverCredential)
at Microsoft.Online.Identity.Federation.Powershell.ContextCredentialsCommand.<>c__DisplayClass2.<CreatePowerShellSessionToGenevaServer>b__0()
at Microsoft.Online.Identity.Federation.Powershell.Utility.InvokeOperationWithRetry(Action operation, Type exceptionType, String errorId, Int32 retryCount, Int32 retryWaitTimeInMilliseconds)
8/28/2015 3:48:20 AM Retry errorId: ConnectionToGenevaServerFailed
8/28/2015 3:48:20 AM Retry exception: Microsoft.Online.Identity.Federation.Powershell.IdentityFederationException
...
8/28/2015 3:48:23 AM Failure after too many retry attempts...
8/28/2015 3:48:23 AM Wrong credentials to ADFS Server connection, attempt #'3'
正如我们所看到的,我们在所有尝试中都有相同的错误
Connecting to remote server example.com failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". For more information, see the about_Remote_Troubleshooting Help topic.
我试图执行&#34; winrm quickconfig&#34;并得到了以下:
WinRM service is already running on this machine.
WinRM is already set up for remote management on this computer.
我在&#34; Enable-PSRemoting -Force&#34;命令。
在Set-MsolADFSContext的执行过程中,它会两次请求example.com的凭据。我输入了有效的凭证。
在事件查看器中,我有
之类的记录A logon was attempted using explicit credentials.
Subject:
Security ID: WMDOMAIN\Administrator
Account Name: Administrator
Account Domain: WMDOMAIN
Logon ID: 0x10EF8F6
Logon GUID: {59d6d6bb-ed3f-ef6b-d744-b8a45aa4fa64}
Account Whose Credentials Were Used:
Account Name: administrator
Account Domain: WMDOMAIN
Logon GUID: {00000000-0000-0000-0000-000000000000}
Target Server:
Target Server Name: example.com
Additional Information: HTTP/example.com
Process Information:
Process ID: 0x2208
Process Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Network Information:
Network Address: -
Port: -
This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
我不知道可以做些什么。请帮忙。
答案 0 :(得分:1)
ADFS主机必须能够解析$ adfsServerAddress。我只是在hosts文件中添加了记录,问题就消失了。