To monitor activityID and ADFS health in general:

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-agent-install#test-connectivity-to-azure-ad-connect-health-service

In case of problems restart in the following order:

1.Microsoft AD Health Diagnostics Agent (service name: AdHealthAdfsDiagnostics)
2. Microsoft AD Health Monitoring Agent (service name: AdHealthAdfsMonitor)
3. Microsoft AD Health Insights Agent (service name: AdHealthAdfsInsights)

https://blogs.technet.microsoft.com/aadceeteam/2015/02/13/under-the-hood-tour-of-azure-ad-connect-health-ad-fs-diagnostics-module/

 

PS C:\Program Files\Azure Ad Connect Health Adfs Agent\Diagnostics> import-module .\ADFSDiagnostics.psm1

PS C:\Program Files\Microsoft AD Health Agent\Microsoft AD Diagnostics Service> Get-Command -Module ADFSDiagnostics

CommandType Name Version Source
———– —- ——- ——
Function Get-AdfsServerConfiguration 0.0 ADFSDiagnostics
Function Get-AdfsServerTrace 0.0 ADFSDiagnostics
Function Get-AdfsSystemInformation 0.0 ADFSDiagnostics
Function Get-AdfsVersionEx 0.0 ADFSDiagnostics
Function Receive-AdfsServerTrace 0.0 ADFSDiagnostics
Function Set-ADFSDiagTestMode 0.0 ADFSDiagnostics
Function Start-AdfsServerTrace 0.0 ADFSDiagnostics
Function Test-AdfsServerHealth 0.0 ADFSDiagnostics
Function Test-AdfsServerHealthSingleCheck 0.0 ADFSDiagnostics
Function Test-AdfsServerToken 0.0 ADFSDiagnostics

Monitor ActivityID:

Sometimes it is useful to have it in a table format. For that, use the parameter OutHtmlFilePath, and the cmdlet will format the output to an HTML file and opens up the browser:

PS C:\Program Files\Azure Ad Connect Health Adfs Agent\Diagnostics> Get-AdfsServerTrace -ActivityId 00000000-0000-0000-ce70-0080000000df -OutHtmlFilePath .\report.htm

 

Test ADFS server health:
PS C:\Program Files\Azure Ad Connect Health Adfs Agent\Diagnostics> test-adfsserverhealth | ft name,result -autosize

Name Result
—- ——
IsAdfsRunning Pass
IsWidRunning Pass
PingFederationMetadata Pass
CheckAdfsSslBindings Pass
Test-Certificate-Token-Decrypting-Primary-NotFoundInStore NotRun
Test-Certificate-Token-Decrypting-Primary-IsSelfSigned NotRun
Test-Certificate-Token-Decrypting-Primary-PrivateKeyAbsent NotRun
Test-Certificate-Token-Decrypting-Primary-Expired Pass
Test-Certificate-Token-Decrypting-Primary-Revoked Pass
Test-Certificate-Token-Decrypting-Primary-AboutToExpire NotRun
Test-Certificate-Token-Signing-Primary-NotFoundInStore NotRun
Test-Certificate-Token-Signing-Primary-IsSelfSigned NotRun
Test-Certificate-Token-Signing-Primary-PrivateKeyAbsent NotRun
Test-Certificate-Token-Signing-Primary-Expired Pass
Test-Certificate-Token-Signing-Primary-Revoked Pass
Test-Certificate-Token-Signing-Primary-AboutToExpire NotRun
Test-Certificate-SSL-Primary-NotFoundInStore Pass
Test-Certificate-SSL-Primary-IsSelfSigned Pass
Test-Certificate-SSL-Primary-PrivateKeyAbsent Pass
Test-Certificate-SSL-Primary-Expired Pass
Test-Certificate-SSL-Primary-Revoked Fail
Test-Certificate-SSL-Primary-AboutToExpire Pass
CheckFarmDNSHostResolution Pass
CheckDuplicateSPN Pass
TestServiceAccountProperties Pass
TestAppPoolIDMatchesServiceID NotRun
TestComputerNameEqFarmName Pass
TestSSLUsingADFSPort NotRun
TestSSLCertSubjectContainsADFSFarmName Pass
TestAdfsAuditPolicyEnabled Pass
TestAdfsRequestToken Pass
CheckOffice365Endpoints Pass
TestADFSO365RelyingParty Fail
TestNtlmOnlySupportedClientAtProxyEnabled Pass

 

 

 

Advertisements