Home > Blockchain >  Multiple valid AD FS configuration databases found in remote SQL Server instance
Multiple valid AD FS configuration databases found in remote SQL Server instance

Time:03-31

We are attempting to join a newly configured AD FS node into the existing farm. We have tested and confirmed firewall > user access is working fine. When trying to join via the wizard we specify the existing farm server, certificate (has been imported and shows in dropdown list) and service account successfully. It fails with an error:

Multiple valid AD FS configuration databases found in remote SQL Server instance with connection string 'Data Source=REDACTED;Initial Catalog=ADFSConfigurationV3;Integrated Security=True;Min Pool Size=20'. Provide a specific database version when joining the machine.

We attempt to use the script that the wizard creates via an admin powershell and are presented with the same message. I have looked at the SQLConnectionString parameters and cannot see any that would look to specify versions from https://docs.microsoft.com/en-us/dotnet/api/system.data.sqlclient.sqlconnection.connectionstring?view=netframework-4.8#remarks

On the SQL server side, there is indeed an older database named AdfsConfiguration which has not been edited since 2020-09-06 by checking tables > IdentityServerPolicy.FarmNodes > right click > select top 1000 rows and viewing the Heartbeat property value. On the newer AdfsConfigurationV3 database under the same table and object I see modified 2022-03-30 (today).

How would I go about finding the multiple configuration databases and specifying exactly which to use? Is it safe to detach the AdfsConfiguration database or is this still used/in use by ADFS even with the later 2016 V3 present in a separate database?

CodePudding user response:

• As you have stated that the ADFS server to be added in the farm is running on Windows Server 2016, the FBL (Farm Behaviour Level) version is 3 and the corresponding ADFS Configuration Database Name will be ‘AdfsConfigurationV3’. Thus, the actual databases to be searched for while specifying the configuration database should be ‘AdfsConfigurationV3’.

• If the OS version of the ADFS node server is ‘Windows Server 2012 R2’, then the FBL will be ‘1’ and the ADFS Configuration Database name will be ‘AdfsConfiguration’ while the OS version, if it is ‘Windows Server 2019’, then the FBL will be ‘4’ and ADFS Configuration Database name will be ‘AdfsConfigurationV4’. Also, you should check for the ‘AdfsConfigurationV3.mdf’, ‘AdfsConfigurationV3_log.ldf’, ‘AdfsArtifactStore.mdf’ and ‘AdfsArtifactStore.ldf’ database files in the other ADFS Farm connected servers and accordingly try to form the connection string and connect to the right database.

• It is safe to detach the ADFS database through the SQL query from the original ADFS Server by using the queries below and then copying them and pasting them at a location where SQL databases are stored on the destination ADFS Server.

  USE [master]
   GO
   EXEC master.dbo.sp_detach_db @dbname = N'AdfsArtifactStore'
   GO
   EXEC master.dbo.sp_detach_db @dbname = N'AdfsConfigurationV3'
   GO

Once the ADFS databases are detached using the above query and pasted on the destination ADFS Server, execute the below SQL query to attach the copied databases to the ADFS Server and make it operational.

 GO
 CREATE DATABASE [AdfsConfigurationV3] ON
 ( FILENAME = N'C:\Program Files\Microsoft SQL 
  Server\MSSQL15.MSSQLSERVER\MSSQL\DATA\AdfsConfigurationV3.mdf' ),
  ( FILENAME = N'C:\Program Files\Microsoft SQL 
   Server\MSSQL15.MSSQLSERVER\MSSQL\DATA\AdfsConfigurationV3_log.ldf' )
    FOR ATTACH
   GO 
   USE [master]
   GO
    CREATE DATABASE [AdfsArtifactStore] ON
      ( FILENAME = N'C:\Program Files\Microsoft SQL 
       Server\MSSQL15.MSSQLSERVER\MSSQL\DATA\AdfsArtifactStore.mdf' ),
     ( FILENAME = N'C:\Program Files\Microsoft SQL 
      Server\MSSQL15.MSSQLSERVER\MSSQL\DATA\AdfsArtifactStore_log.ldf' )
    FOR ATTACH
    GO
     ALTER DATABASE AdfsConfigurationV3 set enable_broker with rollback immediate
     GO

Thus, in this way, you can detach and attach the latest ADFS Database to the preferred primary ADFS Server for it to be replicated and used. But for this, please ensure that you have the ‘OWNER’ permissions access to the ADFS databases in the original and the destination ADFS Servers respectively and while performing the above tasks, ensure that the ADFS Service is stopped and started only when the operation is complete. Post completion of the above tasks, ensure that the connection to the SQL Servers is possible by referring to the documentation link below: -

https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/troubleshooting/ad-fs-tshoot-sql

Also, refer to the link below for detailed information on the above: -

https://purple.telstra.com.au/blog/windows-server-2012-r2-adfs-3-0-migrating-adfs-configuration-database-from-wid-to-sql

Though the above link may not be discussing the issue that you are facing, but it resolves your queries to a greater extent.

Page link:https//www.codepudding.com/Blockchain/355022.html

Prev:NOT EXISTS Vs. Left Outer Join
Next:How do I format this SQL Like Statement
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding