AD FS Error 143 - When an error isn't actually an error
I was working on an Active Directory Federation Services 3.0 implementation when this error started to be thrown seemingly hundreds of times every minute:
The Federation Service was unable to create the federation metadata document as a result of an error. Document Path: /federationmetadata/2007-06/federationmetadata.xml
Exception details: System.Net.HttpListenerException (0x80004005): The specified network name is no longer available at System.Net.HttpResponseStream.Write(Byte buffer, Int32 offset, Int32 size) at Microsoft.IdentityServer.Service.FederationMetadata.SamlMetadataListener.OnGetContext(IAsyncResult result)
As you’d be aware, the
/FederationMetadata/2007-06/FederationMetadata.xml file is pretty important to the healthy running of AD FS, so this started to ring alarm bells for me. That said, it is only listed as a warning level event, and the error
0x80004005 is pretty well known to stand for some form of “access denied”. I threw the URL into a web browser and was able to successfully download the
FederationMetadata.xml file myself, so it seems that even if there is a problem, it’s not necessarily across the board.
After a quick perusal of the interwebs, I found this thread. Specifically:
I logged a case with Microsoft Support. After some troubleshooting we concluded that it is save to ignore this warning. Quote from the Microsoft engineer: The ADFS 143 error message you are seeing is an informative event and related to failure to download the metadata, in your case most likely caused by a user manually trying to download it with IE ESC enabled. Users should not need to download the metadata. I.e. it’s a non-issue.
My guess here is that one of my configured relying parties is trying to download the metadata file and failing. Not ideal, but everything’s working, so I’m pretty comfortable that this error can be ignored until someone complains.