I was working on an Active Directory Federation Services 3.0 implementation when this error started to be thrown seemingly hundreds of times every minute:
The Federation Service was unable to create the federation metadata document as a result of an error. Document Path: /federationmetadata/2007-06/federationmetadata.xml
Additional Data
Exception details: System.Net.HttpListenerException (0x80004005): The specified network name is no longer available at System.Net.HttpResponseStream.Write(Byte[] buffer, Int32 offset, Int32 size) at Microsoft.IdentityServer.Service.FederationMetadata.SamlMetadataListener.OnGetContext(IAsyncResult result)
As you’d be aware, the /FederationMetadata/2007-06/FederationMetadata.xml
file is pretty important to the healthy running of AD FS, so this started to ring alarm bells for me. That said, it is only listed as a warning level event, and the error 0x80004005
is pretty well known to stand for some form of “access denied”. I threw the URL into a web browser and was able to successfully download the FederationMetadata.xml
file myself, so it seems that even if there is a problem, it’s not necessarily across the board.
After a quick perusal of the interwebs, I found this thread. Specifically:
I logged a case with Microsoft Support. After some troubleshooting we concluded that it is save to ignore this warning. Quote from the Microsoft engineer: The ADFS 143 error message you are seeing is an informative event and related to failure to download the metadata, in your case most likely caused by a user manually trying to download it with IE ESC enabled. Users should not need to download the metadata. I.e. it’s a non-issue.
My guess here is that one of my configured relying parties is trying to download the metadata file and failing. Not ideal, but everything’s working, so I’m pretty comfortable that this error can be ignored until someone complains.
Comments/questions
There's no commenting functionality here. If you'd like to comment, please either mention me (@[email protected]) on Mastodon or email me. I don't have any logging or analytics running on this website, so if you found something useful or interesting it would mean a lot to hear from you.