ADFS 3.0 无法使用默认配置绑定服务终结点
ADFS 3.0 cannot bind the services endpoint with default configuration
我在已安装 IIS 的服务器上安装了默认配置的 AD FS 3.0。每次服务启动时,它都会抱怨无法绑定 IP 端点 0.0.0.0:808。
以下是事件日志的摘录:
Source: AD FS
Event id: 102
Description:
There was an error in enabling endpoints of Federation Service. Fix configuration errors using PowerShell cmdlets and restart the Federation Service.
Additional Data
Exception details:
System.ServiceModel.AddressAlreadyInUseException: There is already a listener on IP endpoint 0.0.0.0:808. This could happen if there is another application already listening on this endpoint or if you have multiple service endpoints in your service host with the same IP endpoint but with incompatible binding configurations. ---> System.Net.Sockets.SocketException: Only one usage of each socket address (protocol/network address/port) is normally permitted
at System.Net.Sockets.Socket.DoBind(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.Bind(EndPoint localEP)
at System.ServiceModel.Channels.SocketConnectionListener.Listen()
--- End of inner exception stack trace ---
at System.ServiceModel.Channels.SocketConnectionListener.Listen()
at System.ServiceModel.Channels.ConnectionAcceptor.StartAccepting()
at System.ServiceModel.Channels.ExclusiveTcpTransportManager.OnOpen()
at System.ServiceModel.Channels.TransportManager.Open(TransportChannelListener channelListener)
at System.ServiceModel.Channels.TransportManagerContainer.Open(SelectTransportManagersCallback selectTransportManagerCallback)
at System.ServiceModel.Channels.TcpChannelListener`2.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at Microsoft.IdentityServer.ServiceHost.STSService.StartSTSService(ServiceHostManager serviceHostManager, ServiceState serviceState)
AD FS 3.0 在尝试绑定默认服务端口 1501 时存在严重错误。它实际上忽略了该设置并尝试通过从 URI 剥离端口来绑定默认 net.tcp 端口 808如果它配置为 1501。更糟糕的是,此绑定是硬编码的,因此无法为此配置端口共享。
我用这个 technet article 将端口更改为 1502,一切似乎都很顺利。
To change the services net.tcp port from 1501 to 1601
- Launch PowerShell
- Add the AD FS 2.0 PowerShell snap-in:
add-pssnapin microsoft.adfs.powershell
- Configure the Services net.tcp port via the Set-ADFSProperties cmdlet:
Set-ADFSProperties -nettcpport 1601
- Confirm the change:
Get-ADFSProperties
- Restart the AD FS 2.0 service in the Services console
我在已安装 IIS 的服务器上安装了默认配置的 AD FS 3.0。每次服务启动时,它都会抱怨无法绑定 IP 端点 0.0.0.0:808。 以下是事件日志的摘录:
Source: AD FS
Event id: 102
Description:
There was an error in enabling endpoints of Federation Service. Fix configuration errors using PowerShell cmdlets and restart the Federation Service.Additional Data
Exception details:
System.ServiceModel.AddressAlreadyInUseException: There is already a listener on IP endpoint 0.0.0.0:808. This could happen if there is another application already listening on this endpoint or if you have multiple service endpoints in your service host with the same IP endpoint but with incompatible binding configurations. ---> System.Net.Sockets.SocketException: Only one usage of each socket address (protocol/network address/port) is normally permitted
at System.Net.Sockets.Socket.DoBind(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.Bind(EndPoint localEP)
at System.ServiceModel.Channels.SocketConnectionListener.Listen()
--- End of inner exception stack trace ---
at System.ServiceModel.Channels.SocketConnectionListener.Listen()
at System.ServiceModel.Channels.ConnectionAcceptor.StartAccepting()
at System.ServiceModel.Channels.ExclusiveTcpTransportManager.OnOpen()
at System.ServiceModel.Channels.TransportManager.Open(TransportChannelListener channelListener)
at System.ServiceModel.Channels.TransportManagerContainer.Open(SelectTransportManagersCallback selectTransportManagerCallback)
at System.ServiceModel.Channels.TcpChannelListener`2.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at Microsoft.IdentityServer.ServiceHost.STSService.StartSTSService(ServiceHostManager serviceHostManager, ServiceState serviceState)
AD FS 3.0 在尝试绑定默认服务端口 1501 时存在严重错误。它实际上忽略了该设置并尝试通过从 URI 剥离端口来绑定默认 net.tcp 端口 808如果它配置为 1501。更糟糕的是,此绑定是硬编码的,因此无法为此配置端口共享。 我用这个 technet article 将端口更改为 1502,一切似乎都很顺利。
To change the services net.tcp port from 1501 to 1601
- Launch PowerShell
- Add the AD FS 2.0 PowerShell snap-in:
add-pssnapin microsoft.adfs.powershell- Configure the Services net.tcp port via the Set-ADFSProperties cmdlet:
Set-ADFSProperties -nettcpport 1601- Confirm the change:
Get-ADFSProperties- Restart the AD FS 2.0 service in the Services console