Hi,
This is a bit of a combined question - I may need to break it into several other ones, but wanted to present it all in case there's overlap/context.
We're running ADFS on Windows 2012 R2 (fully patched) with both ADFS Farm servers and Proxies. We've recently added EMS to our stack and one of the first services we've enabled is the AD Connect Health.
All the servers are behind firewalls and access the web via a proxy so we've followed the documentation and reached the point where everything appears to be working (no errors in the event logs of the farm servers anyway - we've noted that the Identity service on the Proxy servers keeps crashing after a few seconds once it reaches the "Hub connection started successfully" event and then tries to process the following type of message:
WS: OnMessage({"R":[{"ServiceType":"AdFederationService","ServiceId":"BIGGUID","RoleType":"AdfsProxy_30","ModuleConfigurations":null}],"I":"0"})
). The servers have registered on the Azure Blade and are all returning token request information. However, we are seeing absolutely no Usage Analytics data, and the farm servers are both tagged with having a "Health service data is not up to date"
error.
We've checked and confirmed that the necessary event logging is in place and can see all the AD FS Auditing events in the Security logs of the servers. We've also run network traces and can see all the necessary traffic is either routing correctly through the proxy or being handled successfully through the firewall (depending on the service). I've reinstalled and reconfigured the health service a few times but it doesn't appear to have made any difference.
I'd note, we're not actually using AD Connect to perform the synchronization yet - we're still using AADSync but nothing in the documentation would seem to suggest that this is a requirement.
Has anyone come across this, or could you provide any pointers?
Thanks,
Stuart