Last week i've updated the Active Directory Federation Services 2016 and above mp to the latest version 10.0.3.1.
Since then one of our adfs servers has a flapping monitor:
Microsoft.ActiveDirectoryFederationServices.2016.TokenIssuanceFederationServerMEXEndpointMonitor (UnitMonitor)
I've investigated the differences between 10.0.3.1 and 10.0.3.0 and i see that the powershell script that is ran by the monitor never worked in the previous version, so that explains why we now have an alert and previously did not.
But now, why do we get this alert? I do not have any adfs knowledge and discussed this with the adfs admin. He sais it's working fine functionally so no reason for this alert.
We extracted the script and ran it on the primary computer it always runs successfully, the variable $script:mexOK always returns true when we run it manually.
This is the error in the alert:
The WS-Metadata Exchange (MEX) endpoint 'https://<our fqdn>/adfs/services/trust/mex' that is used for authentication over SOAP and HTTP protocols is not reachable.
The uri is a load balanced address and when tested in a browser from the adfs node it also works fine.