Categories: ADFSCRM DynamicsMicrosoft ADFSMicrosoft AzureOffice 365

Error After Migrating ADFS from 2012R2 to 2016

<div> &NewLine;<&excl;-- WP QUADS Content Ad Plugin v&period; 2&period;0&period;92 -->&NewLine;<div class&equals;"quads-location quads-ad2531 " id&equals;"quads-ad2531" style&equals;"float&colon;none&semi;margin&colon;0px 3px 3px 3px&semi;padding&colon;0px 0px 0px 0px&semi;" data-lazydelay&equals;"0">&NewLine;&NewLine;<&sol;div>&NewLine; <h2>The Story&colon; <&sol;h2><p>You might have got a request to upgrade from ADFS 2012 R2 to Windows ADFS 2016&period; <&sol;p><div> &NewLine;<&excl;-- WP QUADS Content Ad Plugin v&period; 2&period;0&period;92 -->&NewLine;<div class&equals;"quads-location quads-ad2528 " id&equals;"quads-ad2528" style&equals;"float&colon;none&semi;margin&colon;0px 3px 3px 3px&semi;padding&colon;0px 0px 0px 0px&semi;" data-lazydelay&equals;"0">&NewLine;&NewLine;<&sol;div>&NewLine; <&sol;div><div> &NewLine;<&excl;-- WP QUADS Content Ad Plugin v&period; 2&period;0&period;92 -->&NewLine;<div class&equals;"quads-location quads-ad2525 " id&equals;"quads-ad2525" style&equals;"float&colon;none&semi;margin&colon;0px 3px 3px 3px&semi;padding&colon;0px 0px 0px 0px&semi;" data-lazydelay&equals;"0">&NewLine;&NewLine;<&sol;div>&NewLine; <&sol;div><div> &NewLine;<&excl;-- WP QUADS Content Ad Plugin v&period; 2&period;0&period;92 -->&NewLine;<div class&equals;"quads-location quads-ad2526 " id&equals;"quads-ad2526" style&equals;"float&colon;none&semi;margin&colon;0px 3px 3px 3px&semi;padding&colon;0px 0px 0px 0px&semi;" data-lazydelay&equals;"0">&NewLine;&NewLine;<&sol;div>&NewLine; <&sol;div><p>This process can be complicated especially if you&rsquo&semi;ll have to migrate the Database as well and it would be more of an issue when the Database is WID &lpar;Windows Internal Database&rpar; since there&rsquo&semi;s no much documentation about troubleshooting issues involving WID on ADFS&period;<&sol;p><p>I have got a request from a client whom have done a migration with another consultant and obviously it was not done right&period; <&sol;p><h2>Symptoms <&sol;h2><p>On Windows 2016 ADFS when trying to update the ADFS SSL certificate I get the following error&colon;<&sol;p><h5>Set-AdfsSslCertificate -ThumbPrint A7etc &colon; PS0159 &colon; The Operation is not supported at the current Farm Behavior Level &lsquo&semi;1&rsquo&semi;&period; Raise the farm to at least version &lsquo&semi;2&rsquo&semi; before retrying&period;<&sol;h5><p>At line&colon;1 char&colon;1 <&sol;p><p><a href&equals;"https&colon;&sol;&sol;www&period;moh10ly&period;com&sol;wp-content&sol;uploads&sol;2020&sol;01&sol;clip&lowbar;image001-1&period;png"><img width&equals;"844" height&equals;"117" title&equals;"clip&lowbar;image001" style&equals;"display&colon; inline&semi; background-image&colon; none&semi;" alt&equals;"clip&lowbar;image001" src&equals;"https&colon;&sol;&sol;www&period;moh10ly&period;com&sol;wp-content&sol;uploads&sol;2020&sol;01&sol;clip&lowbar;image001&lowbar;thumb-1&period;png" border&equals;"0"><&sol;a> &NewLine;<&sol;p><div> &NewLine;<&excl;-- WP QUADS Content Ad Plugin v&period; 2&period;0&period;92 -->&NewLine;<div class&equals;"quads-location quads-ad2529 " id&equals;"quads-ad2529" style&equals;"float&colon;none&semi;margin&colon;0px 3px 3px 3px&semi;padding&colon;0px 0px 0px 0px&semi;" data-lazydelay&equals;"0">&NewLine;&NewLine;<&sol;div>&NewLine; <&sol;div><p>Trying to update the database from 1 to 2&comma;3 will also fail with the following error&colon;<&sol;p><p>Invoke-AdfsFarmBehaviorLevelRaise <&sol;p><p><a href&equals;"https&colon;&sol;&sol;www&period;moh10ly&period;com&sol;wp-content&sol;uploads&sol;2020&sol;01&sol;image-14&period;png"><img width&equals;"868" height&equals;"512" title&equals;"image" style&equals;"margin&colon; 0px&semi; display&colon; inline&semi; background-image&colon; none&semi;" alt&equals;"image" src&equals;"https&colon;&sol;&sol;www&period;moh10ly&period;com&sol;wp-content&sol;uploads&sol;2020&sol;01&sol;image&lowbar;thumb-14&period;png" border&equals;"0"><&sol;a><&sol;p><h2>Error&colon;<&sol;h2><p>Database upgrade cannot be performed on AdfsServer&period;domain&period;com&period; Error&colon; A database for the target behavior level already exists&period;<&sol;p><p>&NewLine;<p><&sol;p>&NewLine;<&sol;p><h2>Troubleshooting&colon;<&sol;h2><p>If you&rsquo&semi;re installing ADFS on WID &lpar;Windows Internal Database&rpar; you should run the following to get the database name&sol;Connect String<&sol;p><h5><&sol;h5><h2>On ADFS Server <&sol;h2><p>Open Windows PowerShell&NewLine;<&sol;p><ol>&NewLine;<li>Enter the following&colon;&NewLine;<div>&colon;&colon;CODECOLORER&lowbar;BLOCK&lowbar;1&colon;&colon;<&sol;div>&NewLine;<p>and hit Enter<&sol;p>&NewLine;<&sol;li><li>Enter the following&colon;&NewLine;<div>&colon;&colon;CODECOLORER&lowbar;BLOCK&lowbar;2&colon;&colon;<&sol;div>&NewLine;<p>and hit enter&period;<&sol;p>&NewLine;<&sol;li><li>You should see the connect string information&period;<&sol;li>&NewLine;<&sol;ol><p><a href&equals;"https&colon;&sol;&sol;www&period;moh10ly&period;com&sol;wp-content&sol;uploads&sol;2020&sol;01&sol;image-15&period;png"><img width&equals;"1028" height&equals;"150" title&equals;"image" style&equals;"margin&colon; 0px&semi; display&colon; inline&semi; background-image&colon; none&semi;" alt&equals;"image" src&equals;"https&colon;&sol;&sol;www&period;moh10ly&period;com&sol;wp-content&sol;uploads&sol;2020&sol;01&sol;image&lowbar;thumb-15&period;png" border&equals;"0"><&sol;a><&sol;p><p>Go to Service Console and stop ADFS Service or from Powershell type <strong>Net stop adfssrv<&sol;strong> <&sol;p><p>Run <strong>SQL Server 2017 Database Engine Tuning Advisor <&sol;strong> as an administrator<&sol;p><p><a href&equals;"https&colon;&sol;&sol;www&period;moh10ly&period;com&sol;wp-content&sol;uploads&sol;2020&sol;01&sol;clip&lowbar;image0014&period;png"><img width&equals;"819" height&equals;"318" title&equals;"clip&lowbar;image001&lbrack;4&rsqb;" style&equals;"margin&colon; 0px&semi; display&colon; inline&semi; background-image&colon; none&semi;" alt&equals;"clip&lowbar;image001&lbrack;4&rsqb;" src&equals;"https&colon;&sol;&sol;www&period;moh10ly&period;com&sol;wp-content&sol;uploads&sol;2020&sol;01&sol;clip&lowbar;image0014&lowbar;thumb&period;png" border&equals;"0"><&sol;a><&sol;p><p>Use the Server name as this<&sol;p><p><a href&equals;"file&colon;&sol;&sol;&percnt;5C&percnt;5C&period;&percnt;5Cpipe&percnt;5CMICROSOFT&num;&num;WID&percnt;5Ctsql&percnt;5Cquery">&bsol;&bsol;&period;&bsol;pipe&bsol;MICROSOFT&num;&num;WID&bsol;tsql&bsol;query<&sol;a><&sol;p><p>As for Authentication&comma; Use the Windows Authentication with the user you&rsquo&semi;re logged into if you know that&rsquo&semi;s a privileged user and can authenticate&comma; If not try with a user which you&rsquo&semi;ve done the upgrade of ADFS with&period;<&sol;p><p><a href&equals;"https&colon;&sol;&sol;www&period;moh10ly&period;com&sol;wp-content&sol;uploads&sol;2020&sol;01&sol;image-16&period;png"><img width&equals;"1028" height&equals;"542" title&equals;"image" style&equals;"margin&colon; 0px&semi; display&colon; inline&semi; background-image&colon; none&semi;" alt&equals;"image" src&equals;"https&colon;&sol;&sol;www&period;moh10ly&period;com&sol;wp-content&sol;uploads&sol;2020&sol;01&sol;image&lowbar;thumb-16&period;png" border&equals;"0"><&sol;a><&sol;p><p>After authenticating&comma; You will be able to see AdfsConfiguration &comma; AdfsConfigurationV3 and AdfsArtifactStore&period; What we need to see is that AdfsConfigurationV3 has data in it and is not totally empty&period; <&sol;p><p><a href&equals;"https&colon;&sol;&sol;www&period;moh10ly&period;com&sol;wp-content&sol;uploads&sol;2020&sol;01&sol;clip&lowbar;image0016&period;png"><img width&equals;"1028" height&equals;"604" title&equals;"clip&lowbar;image001&lbrack;6&rsqb;" style&equals;"margin&colon; 0px&semi; display&colon; inline&semi; background-image&colon; none&semi;" alt&equals;"clip&lowbar;image001&lbrack;6&rsqb;" src&equals;"https&colon;&sol;&sol;www&period;moh10ly&period;com&sol;wp-content&sol;uploads&sol;2020&sol;01&sol;clip&lowbar;image0016&lowbar;thumb&period;png" border&equals;"0"><&sol;a><&sol;p><p>After checking and comparing the size between V1 and V3&comma; It appeared that V3 database is empty&period; So what next&quest; <&sol;p><h2>Solution<&sol;h2><p>Deleting the AdfsConfigurationV3 was the first thought that hit my mind however&comma; before deleting anything I always take a snapshot of the VM since backing up the WID is more painful and takes more time than simply backing up the VM &lpar;Checkpoint&comma; Snapshot&rpar;&period; <&sol;p><p>So the steps to fix this issue is <&sol;p><ul>&NewLine;<li>Taking a VM Snapshot&sol;Checkpoint&sol;Backup&period;<&sol;li>&NewLine;<li>Download Microsoft SQL Server Management Studio from this link <a title&equals;"https&colon;&sol;&sol;go&period;microsoft&period;com&sol;fwlink&sol;&quest;linkid&equals;864329" href&equals;"https&colon;&sol;&sol;go&period;microsoft&period;com&sol;fwlink&sol;&quest;linkid&equals;864329">https&colon;&sol;&sol;go&period;microsoft&period;com&sol;fwlink&sol;&quest;linkid&equals;864329<&sol;a><&sol;li>&NewLine;<li>Install Microsoft SQL Server Management Studio on ADFS Server<&sol;li>&NewLine;<li>Run MS SQL Server Management Studio as Administrator<&sol;li>&NewLine;<li>In the Server Name type &colon;<&sol;li>&NewLine;<&sol;ul><blockquote>&NewLine;<p><a href&equals;"file&colon;&sol;&sol;&percnt;5C&percnt;5C&period;&percnt;5Cpipe&percnt;5CMICROSOFT&num;&num;WID&percnt;5Ctsql&percnt;5Cquery">&bsol;&bsol;&period;&bsol;pipe&bsol;MICROSOFT&num;&num;WID&bsol;tsql&bsol;query<&sol;a><&sol;p>&NewLine;<&sol;blockquote><p>Leave the Authentication as it is and logon&period; <&sol;p><p><a href&equals;"https&colon;&sol;&sol;www&period;moh10ly&period;com&sol;wp-content&sol;uploads&sol;2020&sol;01&sol;image-17&period;png"><img width&equals;"1028" height&equals;"609" title&equals;"image" style&equals;"display&colon; inline&semi; background-image&colon; none&semi;" alt&equals;"image" src&equals;"https&colon;&sol;&sol;www&period;moh10ly&period;com&sol;wp-content&sol;uploads&sol;2020&sol;01&sol;image&lowbar;thumb-17&period;png" border&equals;"0"><&sol;a><&sol;p><ul>&NewLine;<li>From the SQL Object Explorer right click and Delete the AdfsConfigurationV3 and leave AdfsConfiguration Database only&period; <&sol;li>&NewLine;<&sol;ul><p><a href&equals;"https&colon;&sol;&sol;www&period;moh10ly&period;com&sol;wp-content&sol;uploads&sol;2020&sol;01&sol;image-18&period;png"><img width&equals;"1028" height&equals;"482" title&equals;"image" style&equals;"margin&colon; 0px&semi; display&colon; inline&semi; background-image&colon; none&semi;" alt&equals;"image" src&equals;"https&colon;&sol;&sol;www&period;moh10ly&period;com&sol;wp-content&sol;uploads&sol;2020&sol;01&sol;image&lowbar;thumb-18&period;png" border&equals;"0"><&sol;a><&sol;p><ul>&NewLine;<li>After deleting the Database&comma; Start ADFS Service to make sure that it can load the old database without an issue&period;<&sol;li>&NewLine;<li>Then run the cmdlet Invoke-AdfsFarmBehaviorLevelRaise and Accept by typing Y and Enter&period;<&sol;li>&NewLine;<&sol;ul><p><a href&equals;"https&colon;&sol;&sol;www&period;moh10ly&period;com&sol;wp-content&sol;uploads&sol;2020&sol;01&sol;image-19&period;png"><img width&equals;"1028" height&equals;"743" title&equals;"image" style&equals;"margin&colon; 0px&semi; display&colon; inline&semi; background-image&colon; none&semi;" alt&equals;"image" src&equals;"https&colon;&sol;&sol;www&period;moh10ly&period;com&sol;wp-content&sol;uploads&sol;2020&sol;01&sol;image&lowbar;thumb-19&period;png" border&equals;"0"><&sol;a><&sol;p><p>This might take about 5 minutes to finish&period;<&sol;p><p><a href&equals;"https&colon;&sol;&sol;www&period;moh10ly&period;com&sol;wp-content&sol;uploads&sol;2020&sol;01&sol;image-20&period;png"><img width&equals;"1028" height&equals;"745" title&equals;"image" style&equals;"display&colon; inline&semi; background-image&colon; none&semi;" alt&equals;"image" src&equals;"https&colon;&sol;&sol;www&period;moh10ly&period;com&sol;wp-content&sol;uploads&sol;2020&sol;01&sol;image&lowbar;thumb-20&period;png" border&equals;"0"><&sol;a><&sol;p><p>When this process is done&comma; You should see the following message indicating the success of the Database Upgrade&period; <&sol;p><p><a href&equals;"https&colon;&sol;&sol;www&period;moh10ly&period;com&sol;wp-content&sol;uploads&sol;2020&sol;01&sol;image-21&period;png"><img width&equals;"654" height&equals;"69" title&equals;"image" style&equals;"margin&colon; 0px&semi; display&colon; inline&semi; background-image&colon; none&semi;" alt&equals;"image" src&equals;"https&colon;&sol;&sol;www&period;moh10ly&period;com&sol;wp-content&sol;uploads&sol;2020&sol;01&sol;image&lowbar;thumb-21&period;png" border&equals;"0"><&sol;a><&sol;p><p>To double check&comma; We will run the cmdlet Get-AdfsFarmInformation<&sol;p><p><a href&equals;"https&colon;&sol;&sol;www&period;moh10ly&period;com&sol;wp-content&sol;uploads&sol;2020&sol;01&sol;image-22&period;png"><img width&equals;"658" height&equals;"117" title&equals;"image" style&equals;"margin&colon; 0px&semi; display&colon; inline&semi; background-image&colon; none&semi;" alt&equals;"image" src&equals;"https&colon;&sol;&sol;www&period;moh10ly&period;com&sol;wp-content&sol;uploads&sol;2020&sol;01&sol;image&lowbar;thumb-22&period;png" border&equals;"0"><&sol;a><&sol;p><h2>Updating Certificate <&sol;h2><p>After this success&comma; I am going to run the cmdlet below to replace the current certificate with the new one<&sol;p><p>Set-AdfsSslCertificate -Thumbprint 9b19426e17180c0b9c5d4atye53dda3bce9dbff<&sol;p><p>And here we go&period; It works perfectly fine<&sol;p><p><a href&equals;"https&colon;&sol;&sol;www&period;moh10ly&period;com&sol;wp-content&sol;uploads&sol;2020&sol;01&sol;image-23&period;png"><img width&equals;"974" height&equals;"138" title&equals;"image" style&equals;"margin&colon; 0px&semi; display&colon; inline&semi; background-image&colon; none&semi;" alt&equals;"image" src&equals;"https&colon;&sol;&sol;www&period;moh10ly&period;com&sol;wp-content&sol;uploads&sol;2020&sol;01&sol;image&lowbar;thumb-23&period;png" border&equals;"0"><&sol;a><&sol;p><p>References&colon; <&sol;p><p><a href&equals;"https&colon;&sol;&sol;docs&period;microsoft&period;com&sol;en-us&sol;windows-server&sol;identity&sol;ad-fs&sol;troubleshooting&sol;ad-fs-tshoot-sql">https&colon;&sol;&sol;docs&period;microsoft&period;com&sol;en-us&sol;windows-server&sol;identity&sol;ad-fs&sol;troubleshooting&sol;ad-fs-tshoot-sql<&sol;a><&sol;p><div> &NewLine;<&excl;-- WP QUADS Content Ad Plugin v&period; 2&period;0&period;92 -->&NewLine;<div class&equals;"quads-location quads-ad2524 " id&equals;"quads-ad2524" style&equals;"float&colon;none&semi;margin&colon;0px 3px 3px 3px&semi;padding&colon;0px 0px 0px 0px&semi;" data-lazydelay&equals;"0">&NewLine;&NewLine;<&sol;div>&NewLine; <&sol;div><p><a href&equals;"https&colon;&sol;&sol;docs&period;microsoft&period;com&sol;en-us&sol;windows-server&sol;identity&sol;ad-fs&sol;design&sol;federation-server-farm-using-sql-server">https&colon;&sol;&sol;docs&period;microsoft&period;com&sol;en-us&sol;windows-server&sol;identity&sol;ad-fs&sol;design&sol;federation-server-farm-using-sql-server<&sol;a><&sol;p><&sol;div>&NewLine;&NewLine;<&excl;-- WP QUADS Content Ad Plugin v&period; 2&period;0&period;92 -->&NewLine;<div class&equals;"quads-location quads-ad2523 " id&equals;"quads-ad2523" style&equals;"float&colon;none&semi;margin&colon;0px 3px 3px 3px&semi;padding&colon;0px 0px 0px 0px&semi;" data-lazydelay&equals;"0">&NewLine;&NewLine;<&sol;div>&NewLine;&NewLine;

moh10ly

Leave a Comment
Share
Published by
moh10ly
Tags: ADFSCRMMicrosoftOffice 365
6 years ago

Recent Posts

Reset passwords for Active Directory Users

Reset and manage your Active Directory users' Passwords Active Directory is one of the most…

3 years ago

Finding Exchange Database hidden mailboxes. ​

Finding Exchange Database hidden mailboxes. Story:Maybe you have been in this situation before, trying to…

3 years ago

Setting up ADConnect and PTA (Password auth through) servers agents behind proxy

If you're using a Proxy server in your firewall or in your network and have…

3 years ago

Get Report of Active Directory Locked Accounts and Machine they logged in from

Story:I got some clients  that have reported some of their users being locked out and…

3 years ago

Checking and Providing Full and SendAs delegate access on O365 Exchange Online

Delegate Permissions This is a code that I have wrote recently to check if an…

3 years ago

Retrieving attachments from Exchange mailbox using python

Story: I got a request from a client who constantly gets CVs and have to…

4 years ago

Warning: Undefined array key "adsense_ad_type" in /www/wwwroot/www.moh10ly.com/wp-content/plugins/quick-adsense-reloaded/includes/amp-condition-display.php on line 298

Warning: Undefined array key "adsense_ad_type" in /www/wwwroot/www.moh10ly.com/wp-content/plugins/quick-adsense-reloaded/includes/amp-condition-display.php on line 298

Warning: Undefined array key "adsense_ad_type" in /www/wwwroot/www.moh10ly.com/wp-content/plugins/quick-adsense-reloaded/includes/amp-condition-display.php on line 298

Warning: Undefined array key "adsense_ad_type" in /www/wwwroot/www.moh10ly.com/wp-content/plugins/quick-adsense-reloaded/includes/amp-condition-display.php on line 298

Warning: Undefined array key "adsense_ad_type" in /www/wwwroot/www.moh10ly.com/wp-content/plugins/quick-adsense-reloaded/includes/amp-condition-display.php on line 298

Warning: Undefined array key "adsense_ad_type" in /www/wwwroot/www.moh10ly.com/wp-content/plugins/quick-adsense-reloaded/includes/amp-condition-display.php on line 298

Warning: Undefined array key "adsense_ad_type" in /www/wwwroot/www.moh10ly.com/wp-content/plugins/quick-adsense-reloaded/includes/amp-condition-display.php on line 298

Warning: Undefined array key "adsense_ad_type" in /www/wwwroot/www.moh10ly.com/wp-content/plugins/quick-adsense-reloaded/includes/amp-condition-display.php on line 298

Warning: Undefined array key "adsense_ad_type" in /www/wwwroot/www.moh10ly.com/wp-content/plugins/quick-adsense-reloaded/includes/amp-condition-display.php on line 298

Warning: Undefined array key "adsense_ad_type" in /www/wwwroot/www.moh10ly.com/wp-content/plugins/quick-adsense-reloaded/includes/amp-condition-display.php on line 298

Warning: Undefined array key "adsense_ad_type" in /www/wwwroot/www.moh10ly.com/wp-content/plugins/quick-adsense-reloaded/includes/amp-condition-display.php on line 298

Warning: Undefined array key "adsense_ad_type" in /www/wwwroot/www.moh10ly.com/wp-content/plugins/quick-adsense-reloaded/includes/amp-condition-display.php on line 298

Warning: Undefined array key "adsense_ad_type" in /www/wwwroot/www.moh10ly.com/wp-content/plugins/quick-adsense-reloaded/includes/amp-condition-display.php on line 298

Warning: Undefined array key "adsense_ad_type" in /www/wwwroot/www.moh10ly.com/wp-content/plugins/quick-adsense-reloaded/includes/amp-condition-display.php on line 298

Warning: Undefined array key "adsense_ad_type" in /www/wwwroot/www.moh10ly.com/wp-content/plugins/quick-adsense-reloaded/includes/amp-condition-display.php on line 298

Warning: Undefined array key "adsense_ad_type" in /www/wwwroot/www.moh10ly.com/wp-content/plugins/quick-adsense-reloaded/includes/amp-condition-display.php on line 298

Warning: Undefined array key "adsense_ad_type" in /www/wwwroot/www.moh10ly.com/wp-content/plugins/quick-adsense-reloaded/includes/amp-condition-display.php on line 298

Warning: Undefined array key "adsense_ad_type" in /www/wwwroot/www.moh10ly.com/wp-content/plugins/quick-adsense-reloaded/includes/amp-condition-display.php on line 298