{"ADFSToolbox":{"Test-AdfsServerHealth":{"AllTests":[{"Name":"IsAdfsRunning","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":null,"Output":{"ADFSServiceState":"Running"},"ExceptionMessage":null,"Exception":null},{"Name":"IsWidRunning","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":null,"Output":{"WIDServiceState":"Running","WIDServiceStartMode":["Manual","Auto"]},"ExceptionMessage":null,"Exception":null},{"Name":"PingFederationMetadata","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":null,"Output":{"PingFedmetadataException":"NONE"},"ExceptionMessage":null,"Exception":null},{"Name":"CheckAdfsSslBindings","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":null,"Output":{"SSLBindings":[{"AcceptClientCerts":false,"AppId":"5d89a20c-beab-4389-9447-324788eb944a","CertificateHash":"842D220E03B7C06978B14BFABE90F55A506707A9","HostName":"sts.aadtestdom.com","CtlStoreName":"AdfsTrustedDevices","PortNumber":443},{"AcceptClientCerts":false,"AppId":"5d89a20c-beab-4389-9447-324788eb944a","CertificateHash":"842D220E03B7C06978B14BFABE90F55A506707A9","HostName":"localhost","CtlStoreName":"AdfsTrustedDevices","PortNumber":443},{"AcceptClientCerts":true,"AppId":"5d89a20c-beab-4389-9447-324788eb944a","CertificateHash":"842D220E03B7C06978B14BFABE90F55A506707A9","HostName":"sts.aadtestdom.com","CtlStoreName":null,"PortNumber":49443},{"AcceptClientCerts":false,"AppId":"5d89a20c-beab-4389-9447-324788eb944a","CertificateHash":"842D220E03B7C06978B14BFABE90F55A506707A9","HostName":"EnterpriseRegistration.aadtestdom.com","CtlStoreName":"AdfsTrustedDevices","PortNumber":443}]},"ExceptionMessage":null,"Exception":null},{"Name":"Test-Certificate-Token-Decrypting-Primary-NotFoundInStore","ComputerName":"aadtestdoms1.aadtestdom.com","Result":1,"Detail":"Token-Decrypting certificate with thumbprint D9D70A9F3B557BF221B2E2A1D46EAF0532EA8A8A not checked for availability because it is in store: CurrentUser","Output":{"Thumbprint":"D9D70A9F3B557BF221B2E2A1D46EAF0532EA8A8A"},"ExceptionMessage":null,"Exception":null},{"Name":"Test-Certificate-Token-Decrypting-Primary-IsSelfSigned","ComputerName":"aadtestdoms1.aadtestdom.com","Result":1,"Detail":"Check Skipped when AutoCertificateRollover is enabled","Output":{"Thumbprint":"D9D70A9F3B557BF221B2E2A1D46EAF0532EA8A8A"},"ExceptionMessage":null,"Exception":null},{"Name":"Test-Certificate-Token-Decrypting-Primary-PrivateKeyAbsent","ComputerName":"aadtestdoms1.aadtestdom.com","Result":1,"Detail":"Check Skipped when AutoCertificateRollover is enabled","Output":{"Thumbprint":"D9D70A9F3B557BF221B2E2A1D46EAF0532EA8A8A"},"ExceptionMessage":null,"Exception":null},{"Name":"Test-Certificate-Token-Decrypting-Primary-Expired","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":"","Output":{"Thumbprint":"D9D70A9F3B557BF221B2E2A1D46EAF0532EA8A8A"},"ExceptionMessage":null,"Exception":null},{"Name":"Test-Certificate-Token-Decrypting-Primary-Revoked","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":"Thumbprint: D9D70A9F3B557BF221B2E2A1D46EAF0532EA8A8A\n-\r\n","Output":{"Thumbprint":"D9D70A9F3B557BF221B2E2A1D46EAF0532EA8A8A","ChainStatus":true},"ExceptionMessage":null,"Exception":null},{"Name":"Test-Certificate-Token-Decrypting-Primary-AboutToExpire","ComputerName":"aadtestdoms1.aadtestdom.com","Result":1,"Detail":"Check Skipped when AutoCertificateRollover is enabled","Output":{"Thumbprint":"D9D70A9F3B557BF221B2E2A1D46EAF0532EA8A8A"},"ExceptionMessage":null,"Exception":null},{"Name":"Test-Certificate-Token-Signing-Primary-NotFoundInStore","ComputerName":"aadtestdoms1.aadtestdom.com","Result":1,"Detail":"Token-Signing certificate with thumbprint A99992967E1F4CD0D7D2BE793A6DE9B9A0B7396B not checked for availability because it is in store: CurrentUser","Output":{"Thumbprint":"A99992967E1F4CD0D7D2BE793A6DE9B9A0B7396B"},"ExceptionMessage":null,"Exception":null},{"Name":"Test-Certificate-Token-Signing-Primary-IsSelfSigned","ComputerName":"aadtestdoms1.aadtestdom.com","Result":1,"Detail":"Check Skipped when AutoCertificateRollover is enabled","Output":{"Thumbprint":"A99992967E1F4CD0D7D2BE793A6DE9B9A0B7396B"},"ExceptionMessage":null,"Exception":null},{"Name":"Test-Certificate-Token-Signing-Primary-PrivateKeyAbsent","ComputerName":"aadtestdoms1.aadtestdom.com","Result":1,"Detail":"Check Skipped when AutoCertificateRollover is enabled","Output":{"Thumbprint":"A99992967E1F4CD0D7D2BE793A6DE9B9A0B7396B"},"ExceptionMessage":null,"Exception":null},{"Name":"Test-Certificate-Token-Signing-Primary-Expired","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":"","Output":{"Thumbprint":"A99992967E1F4CD0D7D2BE793A6DE9B9A0B7396B"},"ExceptionMessage":null,"Exception":null},{"Name":"Test-Certificate-Token-Signing-Primary-Revoked","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":"Thumbprint: A99992967E1F4CD0D7D2BE793A6DE9B9A0B7396B\n-\r\n","Output":{"Thumbprint":"A99992967E1F4CD0D7D2BE793A6DE9B9A0B7396B","ChainStatus":true},"ExceptionMessage":null,"Exception":null},{"Name":"Test-Certificate-Token-Signing-Primary-AboutToExpire","ComputerName":"aadtestdoms1.aadtestdom.com","Result":1,"Detail":"Check Skipped when AutoCertificateRollover is enabled","Output":{"Thumbprint":"A99992967E1F4CD0D7D2BE793A6DE9B9A0B7396B"},"ExceptionMessage":null,"Exception":null},{"Name":"Test-Certificate-SSL-Primary-NotFoundInStore","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":null,"Output":{"Thumbprint":"842D220E03B7C06978B14BFABE90F55A506707A9"},"ExceptionMessage":null,"Exception":null},{"Name":"Test-Certificate-SSL-Primary-IsSelfSigned","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":"","Output":{"Thumbprint":"842D220E03B7C06978B14BFABE90F55A506707A9"},"ExceptionMessage":null,"Exception":null},{"Name":"Test-Certificate-SSL-Primary-PrivateKeyAbsent","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":"","Output":{"Thumbprint":"842D220E03B7C06978B14BFABE90F55A506707A9"},"ExceptionMessage":null,"Exception":null},{"Name":"Test-Certificate-SSL-Primary-Expired","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":"","Output":{"Thumbprint":"842D220E03B7C06978B14BFABE90F55A506707A9"},"ExceptionMessage":null,"Exception":null},{"Name":"Test-Certificate-SSL-Primary-Revoked","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":"Thumbprint: 842D220E03B7C06978B14BFABE90F55A506707A9\n","Output":{"ChainStatus":"NONE","Thumbprint":"842D220E03B7C06978B14BFABE90F55A506707A9"},"ExceptionMessage":null,"Exception":null},{"Name":"Test-Certificate-SSL-Primary-AboutToExpire","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":"","Output":{"Thumbprint":"842D220E03B7C06978B14BFABE90F55A506707A9"},"ExceptionMessage":null,"Exception":null},{"Name":"CheckFarmDNSHostResolution","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":null,"Output":{"FarmName":"sts.aadtestdom.com","ResolvedHost":"sts.aadtestdom.com","AdfsServiceAccount":"AADTESTDOM\\aadvsvc$"},"ExceptionMessage":null,"Exception":null},{"Name":"CheckDuplicateSPN","ComputerName":"aadtestdoms1.aadtestdom.com","Result":2,"Detail":"Found SPN in object: CN=aadcsvc,CN=Managed Service Accounts,DC=aadtestdom,DC=com but it does not correspond to service account CN=aadvsvc,CN=Managed Service Accounts,DC=aadtestdom,DC=com","Output":{"ADFSFarmSPN":"host/sts.aadtestdom.com","ServiceAccount":"AADTESTDOM\\aadvsvc$","SpnObjects":["CN=aadcsvc,CN=Managed Service Accounts,DC=aadtestdom,DC=com"]},"ExceptionMessage":null,"Exception":null},{"Name":"TestServiceAccountProperties","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":null,"Output":{"AdfsServiceAccount":"AADTESTDOM\\aadvsvc$","AdfsServiceAccountDisabled":0,"AdfsServiceAccountLockedOut":0,"AdfsServiceAccountPwdExpired":0,"AdfsServiceAccountUserAccountControl":4096},"ExceptionMessage":null,"Exception":null},{"Name":"TestAppPoolIDMatchesServiceID","ComputerName":"aadtestdoms1.aadtestdom.com","Result":1,"Detail":"Test only to be run on ADFS 2.0","Output":null,"ExceptionMessage":null,"Exception":null},{"Name":"TestComputerNameEqFarmName","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":null,"Output":{"ComputerName":"AADTESTDOMS1.AADTESTDOM.COM","AdfsFarmName":"STS.AADTESTDOM.COM"},"ExceptionMessage":null,"Exception":null},{"Name":"TestSSLUsingADFSPort","ComputerName":"aadtestdoms1.aadtestdom.com","Result":1,"Detail":"Test only to be run on ADFS 2.0 Machine","Output":{"AdfsSSLCertThumbprint":"NONE","AdfsSSLBindings":"NONE","AdfsHttpsPort":"NONE"},"ExceptionMessage":null,"Exception":null},{"Name":"TestSSLCertSubjectContainsADFSFarmName","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":null,"Output":{"SslCertThumbprints":["842D220E03B7C06978B14BFABE90F55A506707A9"],"ADFSFarmName":"sts.aadtestdom.com"},"ExceptionMessage":null,"Exception":null},{"Name":"TestAdfsAuditPolicyEnabled","ComputerName":"aadtestdoms1.aadtestdom.com","Result":2,"Detail":"Audits are not configured for Usage data collection : Expected \u0027Success and Failure\u0027, Actual=\u0027No Auditing\u0027","Output":{"StsAuditConfig":"FailureAudits;SuccessAudits;","MachineAuditPolicy":"No Auditing"},"ExceptionMessage":null,"Exception":null},{"Name":"TestAdfsRequestToken","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":"Token Received: \u003cs:Envelope xmlns:s=\"http://www.w3.org/2003/05/soap-envelope\" xmlns:a=\"http://www.w3.org/2005/08/addressing\"\u003e\u003cs:Header\u003e\u003ca:Action s:mustUnderstand=\"1\"\u003ehttp://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue\u003c/a:Action\u003e\u003c/s:Header\u003e\u003cs:Body\u003e\u003ct:RequestSecurityTokenResponse xmlns:t=\"http://schemas.xmlsoap.org/ws/2005/02/trust\"\u003e\u003ct:Lifetime\u003e\u003cwsu:Created xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"\u003e2019-01-15T21:49:32.917Z\u003c/wsu:Created\u003e\u003cwsu:Expires xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"\u003e2019-01-16T05:49:32.917Z\u003c/wsu:Expires\u003e\u003c/t:Lifetime\u003e\u003cwsp:AppliesTo xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\"\u003e\u003cwsa:EndpointReference xmlns:wsa=\"http://www.w3.org/2005/08/addressing\"\u003e\u003cwsa:Address\u003ehttp://sts.aadtestdom.com/adfs/services/trust\u003c/wsa:Address\u003e\u003c/wsa:EndpointReference\u003e\u003c/wsp:AppliesTo\u003e\u003ct:RequestedSecurityToken\u003e\u003cSecurityContextToken b:Id=\"_5404c924-8cae-4fc5-9cea-c613a1925fb9-BF01BBA466027217C9F0F6BAF246B7DA\" xmlns=\"http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512\" xmlns:b=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"\u003e\u003cIdentifier\u003eurn:uuid:672e0877-5c92-402a-846d-aa0bbab58f85\u003c/Identifier\u003e\u003cInstance\u003eurn:uuid:50aead87-8e31-448c-887a-0c7bb55fbd85\u003c/Instance\u003e\u003cCookie xmlns=\"http://schemas.microsoft.com/ws/2006/05/security\"\u003eAAEAAAKGzKRkMD8YUPFNk6/pQKndwDokdXxn/UoNjRPzJ/sxVfzwJKQJpPidVdNufVDGwbGei+vGC48Iqy7+oIdXpQ6wnoKtp7PURk4W6DytSDuPnKvVhXpMA4WgG412+ogdKrymr6ila+ZxSXRx7+jvdHl7tQZNr0HlyuyIfBCDqzmufYVAySEmcMch9mBf6XYPcfaxuOQCsRtsjzjHgT0N6w9jztQaK+2+AVR2LMENsODQ4XhQLOsCuh3Co7vMsdD26X8nqHL3/0eBCUOohTBzeB2TBNpYtvgM0s8+tEIUndoj9vOqLW/LXqH9HkWolvp+Jmf8Yb+0HG2JBiN5IdBzxLjYGl8IaA2fbvYNBXPHqoRchVpN/44yvegDZ/XvkqtZwQABAABjVicazXCpMzszkht7dXCYmZekbUKLJlLyV2av3RpTWQFuNXe8zmjkal/MjlgHq85zTvt4CBSbOtKf5Qwm7FklqUwTZ7MZvTOkp7vrXw5GQ11y/vIBUryGDHYacbca0Fg8nsb/eYK1BjwlxXWGtHWAmP/RHduZPVH3vFfk2nPUUAoZkGTcs0Z7VBCemesm+68ecLYl2GIRGziCTJtqafTro8PlYCdoLzlE3L8eDyaNy9tEsBZ4gUr2pLuP324NY/v6lqjkJeyKB2271SkkJIBxWXW931aen/zDpPjaHOrGm1y+JHIYyAViJSk3oWzVfi55PRnOhrVtRmk5HElxQ4FkIAMAAKs20hcitdXnBOxzVTyJCr2sa7mKZprZxW8DJftriMGLRx+LdmSDjmdf1m5OazC00KsQn7UAxARRtY6U0J6zEz/SprQgKtt6dU0t2ZdjC13TubAeHX896Ou5R4tnsSpjup/+ypy2rjpx4tt89NmydJCTV1i5ibAsPODij3ugFKZyzrnkmppnPYWDdJPCz6mc4QnJj+ig2jFnPBkEFvQBTyNO2K7GftNST0DG1ZcwwM8uLteq0W/wmcGPX0WA1J221jpAgs4Uqz1noF9bOXgWdA1inujCywqB8N97chdValxIAOf4sy5j3KUKi8KNnW4K6XWlq9eLBEEFc4X8WuVMB3Oh1n3PK07pJnSSTwmSoLNGphsv6Es6N83ue3C4YTtzFA61myE9zvBXDDOkXJ3Q51f8HaUhsgsIubT/vB2QUp6ljnDtYSb99Z0wdveYL3J3gDtVuv0URm5vCxKuImeqBvqLQYeg3c/IEq5NlI9W7OMx/L6C4f1xhwHHMXfT44yghQ1juL1B1ZXgTCubivi84zYY6DjUB5k5PLjMmM9MhMZYmt54VM0WrssGGB+u/PJyoFK2FkUSD2FJEv1H6ysN94LFp4Ljtor/X35jytdri+FoY3YLEA7Q6Pc+CFzB1Q6C46AvPdN42j5wYrp1I2uTb+MdW72RdjTCPtY1GqfI+vx6X63tGDdUwlaNYPqfOcJhTgUSwp28M3ls8pS9QIHEeXy4Af4LOon05Dlrm7r2//BSov3RZb18EZph9FBVuZcqyuBygesAIQwdyu/YXc9JRW5QCWeM228Vb42yF13Zz8pirIKBD+WGUEGctvqZOGb9wTVw4QVF1YjvZ53evLGFYOkcsO7gvysCXBy4xexBaOaTINW9Op/pJC3EB/NUbHi/0i+TmuNTEX2Wrdp7NEBXuER2lVXJh3ayYlAvoVa6nxBiO06b0aCfxkILnKesEl8fOhdxySooMXKG9AO0vptP3dFBtu07F1oUGqDBhMsB8wJrDlL4+zvka1Ubey823Tl+qakxRdl02D1TbINYpreiUfWKkHhwVvy8cXtcspHU3VOe\u003c/Cookie\u003e\u003c/SecurityContextToken\u003e\u003c/t:RequestedSecurityToken\u003e\u003ct:TokenType\u003ehttp://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0\u003c/t:TokenType\u003e\u003ct:RequestType\u003ehttp://schemas.xmlsoap.org/ws/2005/02/trust/Issue\u003c/t:RequestType\u003e\u003ct:KeyType\u003ehttp://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey\u003c/t:KeyType\u003e\u003c/t:RequestSecurityTokenResponse\u003e\u003c/s:Body\u003e\u003c/s:Envelope\u003e\nTotal Attempts: 1","Output":{"ErrorMessage":"NONE"},"ExceptionMessage":null,"Exception":null},{"Name":"TestTrustedDevicesCertificateStore","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":null,"Output":null,"ExceptionMessage":null,"Exception":null},{"Name":"TestAdfsPatches","ComputerName":"aadtestdoms1.aadtestdom.com","Result":1,"Detail":null,"Output":null,"ExceptionMessage":null,"Exception":null},{"Name":"TestServicePrincipalName","ComputerName":"aadtestdoms1.aadtestdom.com","Result":2,"Detail":"An existing SPN was found for HOST/sts.aadtestdom.com but it did not resolve to the ADFS service account.","Output":null,"ExceptionMessage":null,"Exception":null},{"Name":"TestTLSMismatch","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":null,"Output":null,"ExceptionMessage":null,"Exception":null},{"Name":"TestNonSelfSignedCertificatesInRootStore","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":null,"Output":null,"ExceptionMessage":null,"Exception":null},{"Name":"TestSelfSignedCertificatesInIntermediateCaStore","ComputerName":"aadtestdoms1.aadtestdom.com","Result":2,"Detail":"There were self-signed certificates found in the intermediate CA store. Move them to the root certificate store.","Output":{"SelfSignedCertificates":[{"FriendlyName":"","Issuer":"CN=Root Agency","Subject":"CN=Root Agency","Thumbprint":"FEE449EE0E3965A5246F000E87FDE2A065FD89D4"},{"FriendlyName":"","Issuer":"CN=aadtestdom-AADTESTDOMDC-CA, DC=aadtestdom, DC=com","Subject":"CN=aadtestdom-AADTESTDOMDC-CA, DC=aadtestdom, DC=com","Thumbprint":"E2D0EF85C434E5D09D66120BE290E0F81CA23F98"}]},"ExceptionMessage":null,"Exception":null},{"Name":"TestProxyTrustPropagation","ComputerName":"aadtestdoms1.aadtestdom.com","Result":4,"Detail":"No AD FS farm information was provided. Specify the list of servers in your farm using the -adfsServers flag.","Output":null,"ExceptionMessage":null,"Exception":null},{"Name":"TestTimeSync","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":null,"Output":null,"ExceptionMessage":null,"Exception":null},{"Name":"CheckOffice365Endpoints","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":null,"Output":{"PassiveEnabled":true,"WSTrust2005UsernameMixedProxyEnabled":true,"PassiveProxyEnabled":true,"WSTrust2005WindowsTransportProxyEnabled":true,"WSTrust2005WindowsTransportEnabled":true,"WSTrust2005UsernameMixedEnabled":true},"ExceptionMessage":null,"Exception":null},{"Name":"TestADFSO365RelyingParty","ComputerName":"aadtestdoms1.aadtestdom.com","Result":1,"Detail":"Microsoft Office 365 Identity PlatformRelying Party trust is missing\nExpected Relying Party Identifier: urn:federation:MicrosoftOnline","Output":{"MicrosoftOnlineRPSignatureAlgorithm":"NONE","MicrosoftOnlineRPEnabled":"NONE","MicrosoftOnlineRPDisplayName":"NONE","MicrosoftOnlineRPID":"urn:federation:MicrosoftOnline"},"ExceptionMessage":null,"Exception":null}],"ReachableServers":["aadtestdoms1.aadtestdom.com"],"UnreachableServers":[],"PassedTests":[{"Name":"IsAdfsRunning","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":null,"Output":{"ADFSServiceState":"Running"},"ExceptionMessage":null,"Exception":null},{"Name":"IsWidRunning","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":null,"Output":{"WIDServiceState":"Running","WIDServiceStartMode":["Manual","Auto"]},"ExceptionMessage":null,"Exception":null},{"Name":"PingFederationMetadata","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":null,"Output":{"PingFedmetadataException":"NONE"},"ExceptionMessage":null,"Exception":null},{"Name":"CheckAdfsSslBindings","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":null,"Output":{"SSLBindings":[{"AcceptClientCerts":false,"AppId":"5d89a20c-beab-4389-9447-324788eb944a","CertificateHash":"842D220E03B7C06978B14BFABE90F55A506707A9","HostName":"sts.aadtestdom.com","CtlStoreName":"AdfsTrustedDevices","PortNumber":443},{"AcceptClientCerts":false,"AppId":"5d89a20c-beab-4389-9447-324788eb944a","CertificateHash":"842D220E03B7C06978B14BFABE90F55A506707A9","HostName":"localhost","CtlStoreName":"AdfsTrustedDevices","PortNumber":443},{"AcceptClientCerts":true,"AppId":"5d89a20c-beab-4389-9447-324788eb944a","CertificateHash":"842D220E03B7C06978B14BFABE90F55A506707A9","HostName":"sts.aadtestdom.com","CtlStoreName":null,"PortNumber":49443},{"AcceptClientCerts":false,"AppId":"5d89a20c-beab-4389-9447-324788eb944a","CertificateHash":"842D220E03B7C06978B14BFABE90F55A506707A9","HostName":"EnterpriseRegistration.aadtestdom.com","CtlStoreName":"AdfsTrustedDevices","PortNumber":443}]},"ExceptionMessage":null,"Exception":null},{"Name":"Test-Certificate-Token-Decrypting-Primary-Expired","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":"","Output":{"Thumbprint":"D9D70A9F3B557BF221B2E2A1D46EAF0532EA8A8A"},"ExceptionMessage":null,"Exception":null},{"Name":"Test-Certificate-Token-Decrypting-Primary-Revoked","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":"Thumbprint: D9D70A9F3B557BF221B2E2A1D46EAF0532EA8A8A\n-\r\n","Output":{"Thumbprint":"D9D70A9F3B557BF221B2E2A1D46EAF0532EA8A8A","ChainStatus":true},"ExceptionMessage":null,"Exception":null},{"Name":"Test-Certificate-Token-Signing-Primary-Expired","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":"","Output":{"Thumbprint":"A99992967E1F4CD0D7D2BE793A6DE9B9A0B7396B"},"ExceptionMessage":null,"Exception":null},{"Name":"Test-Certificate-Token-Signing-Primary-Revoked","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":"Thumbprint: A99992967E1F4CD0D7D2BE793A6DE9B9A0B7396B\n-\r\n","Output":{"Thumbprint":"A99992967E1F4CD0D7D2BE793A6DE9B9A0B7396B","ChainStatus":true},"ExceptionMessage":null,"Exception":null},{"Name":"Test-Certificate-SSL-Primary-NotFoundInStore","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":null,"Output":{"Thumbprint":"842D220E03B7C06978B14BFABE90F55A506707A9"},"ExceptionMessage":null,"Exception":null},{"Name":"Test-Certificate-SSL-Primary-IsSelfSigned","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":"","Output":{"Thumbprint":"842D220E03B7C06978B14BFABE90F55A506707A9"},"ExceptionMessage":null,"Exception":null},{"Name":"Test-Certificate-SSL-Primary-PrivateKeyAbsent","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":"","Output":{"Thumbprint":"842D220E03B7C06978B14BFABE90F55A506707A9"},"ExceptionMessage":null,"Exception":null},{"Name":"Test-Certificate-SSL-Primary-Expired","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":"","Output":{"Thumbprint":"842D220E03B7C06978B14BFABE90F55A506707A9"},"ExceptionMessage":null,"Exception":null},{"Name":"Test-Certificate-SSL-Primary-Revoked","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":"Thumbprint: 842D220E03B7C06978B14BFABE90F55A506707A9\n","Output":{"ChainStatus":"NONE","Thumbprint":"842D220E03B7C06978B14BFABE90F55A506707A9"},"ExceptionMessage":null,"Exception":null},{"Name":"Test-Certificate-SSL-Primary-AboutToExpire","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":"","Output":{"Thumbprint":"842D220E03B7C06978B14BFABE90F55A506707A9"},"ExceptionMessage":null,"Exception":null},{"Name":"CheckFarmDNSHostResolution","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":null,"Output":{"FarmName":"sts.aadtestdom.com","ResolvedHost":"sts.aadtestdom.com","AdfsServiceAccount":"AADTESTDOM\\aadvsvc$"},"ExceptionMessage":null,"Exception":null},{"Name":"TestServiceAccountProperties","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":null,"Output":{"AdfsServiceAccount":"AADTESTDOM\\aadvsvc$","AdfsServiceAccountDisabled":0,"AdfsServiceAccountLockedOut":0,"AdfsServiceAccountPwdExpired":0,"AdfsServiceAccountUserAccountControl":4096},"ExceptionMessage":null,"Exception":null},{"Name":"TestComputerNameEqFarmName","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":null,"Output":{"ComputerName":"AADTESTDOMS1.AADTESTDOM.COM","AdfsFarmName":"STS.AADTESTDOM.COM"},"ExceptionMessage":null,"Exception":null},{"Name":"TestSSLCertSubjectContainsADFSFarmName","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":null,"Output":{"SslCertThumbprints":["842D220E03B7C06978B14BFABE90F55A506707A9"],"ADFSFarmName":"sts.aadtestdom.com"},"ExceptionMessage":null,"Exception":null},{"Name":"TestAdfsRequestToken","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":"Token Received: \u003cs:Envelope xmlns:s=\"http://www.w3.org/2003/05/soap-envelope\" xmlns:a=\"http://www.w3.org/2005/08/addressing\"\u003e\u003cs:Header\u003e\u003ca:Action s:mustUnderstand=\"1\"\u003ehttp://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue\u003c/a:Action\u003e\u003c/s:Header\u003e\u003cs:Body\u003e\u003ct:RequestSecurityTokenResponse xmlns:t=\"http://schemas.xmlsoap.org/ws/2005/02/trust\"\u003e\u003ct:Lifetime\u003e\u003cwsu:Created xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"\u003e2019-01-15T21:49:32.917Z\u003c/wsu:Created\u003e\u003cwsu:Expires xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"\u003e2019-01-16T05:49:32.917Z\u003c/wsu:Expires\u003e\u003c/t:Lifetime\u003e\u003cwsp:AppliesTo xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\"\u003e\u003cwsa:EndpointReference xmlns:wsa=\"http://www.w3.org/2005/08/addressing\"\u003e\u003cwsa:Address\u003ehttp://sts.aadtestdom.com/adfs/services/trust\u003c/wsa:Address\u003e\u003c/wsa:EndpointReference\u003e\u003c/wsp:AppliesTo\u003e\u003ct:RequestedSecurityToken\u003e\u003cSecurityContextToken b:Id=\"_5404c924-8cae-4fc5-9cea-c613a1925fb9-BF01BBA466027217C9F0F6BAF246B7DA\" xmlns=\"http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512\" xmlns:b=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"\u003e\u003cIdentifier\u003eurn:uuid:672e0877-5c92-402a-846d-aa0bbab58f85\u003c/Identifier\u003e\u003cInstance\u003eurn:uuid:50aead87-8e31-448c-887a-0c7bb55fbd85\u003c/Instance\u003e\u003cCookie xmlns=\"http://schemas.microsoft.com/ws/2006/05/security\"\u003eAAEAAAKGzKRkMD8YUPFNk6/pQKndwDokdXxn/UoNjRPzJ/sxVfzwJKQJpPidVdNufVDGwbGei+vGC48Iqy7+oIdXpQ6wnoKtp7PURk4W6DytSDuPnKvVhXpMA4WgG412+ogdKrymr6ila+ZxSXRx7+jvdHl7tQZNr0HlyuyIfBCDqzmufYVAySEmcMch9mBf6XYPcfaxuOQCsRtsjzjHgT0N6w9jztQaK+2+AVR2LMENsODQ4XhQLOsCuh3Co7vMsdD26X8nqHL3/0eBCUOohTBzeB2TBNpYtvgM0s8+tEIUndoj9vOqLW/LXqH9HkWolvp+Jmf8Yb+0HG2JBiN5IdBzxLjYGl8IaA2fbvYNBXPHqoRchVpN/44yvegDZ/XvkqtZwQABAABjVicazXCpMzszkht7dXCYmZekbUKLJlLyV2av3RpTWQFuNXe8zmjkal/MjlgHq85zTvt4CBSbOtKf5Qwm7FklqUwTZ7MZvTOkp7vrXw5GQ11y/vIBUryGDHYacbca0Fg8nsb/eYK1BjwlxXWGtHWAmP/RHduZPVH3vFfk2nPUUAoZkGTcs0Z7VBCemesm+68ecLYl2GIRGziCTJtqafTro8PlYCdoLzlE3L8eDyaNy9tEsBZ4gUr2pLuP324NY/v6lqjkJeyKB2271SkkJIBxWXW931aen/zDpPjaHOrGm1y+JHIYyAViJSk3oWzVfi55PRnOhrVtRmk5HElxQ4FkIAMAAKs20hcitdXnBOxzVTyJCr2sa7mKZprZxW8DJftriMGLRx+LdmSDjmdf1m5OazC00KsQn7UAxARRtY6U0J6zEz/SprQgKtt6dU0t2ZdjC13TubAeHX896Ou5R4tnsSpjup/+ypy2rjpx4tt89NmydJCTV1i5ibAsPODij3ugFKZyzrnkmppnPYWDdJPCz6mc4QnJj+ig2jFnPBkEFvQBTyNO2K7GftNST0DG1ZcwwM8uLteq0W/wmcGPX0WA1J221jpAgs4Uqz1noF9bOXgWdA1inujCywqB8N97chdValxIAOf4sy5j3KUKi8KNnW4K6XWlq9eLBEEFc4X8WuVMB3Oh1n3PK07pJnSSTwmSoLNGphsv6Es6N83ue3C4YTtzFA61myE9zvBXDDOkXJ3Q51f8HaUhsgsIubT/vB2QUp6ljnDtYSb99Z0wdveYL3J3gDtVuv0URm5vCxKuImeqBvqLQYeg3c/IEq5NlI9W7OMx/L6C4f1xhwHHMXfT44yghQ1juL1B1ZXgTCubivi84zYY6DjUB5k5PLjMmM9MhMZYmt54VM0WrssGGB+u/PJyoFK2FkUSD2FJEv1H6ysN94LFp4Ljtor/X35jytdri+FoY3YLEA7Q6Pc+CFzB1Q6C46AvPdN42j5wYrp1I2uTb+MdW72RdjTCPtY1GqfI+vx6X63tGDdUwlaNYPqfOcJhTgUSwp28M3ls8pS9QIHEeXy4Af4LOon05Dlrm7r2//BSov3RZb18EZph9FBVuZcqyuBygesAIQwdyu/YXc9JRW5QCWeM228Vb42yF13Zz8pirIKBD+WGUEGctvqZOGb9wTVw4QVF1YjvZ53evLGFYOkcsO7gvysCXBy4xexBaOaTINW9Op/pJC3EB/NUbHi/0i+TmuNTEX2Wrdp7NEBXuER2lVXJh3ayYlAvoVa6nxBiO06b0aCfxkILnKesEl8fOhdxySooMXKG9AO0vptP3dFBtu07F1oUGqDBhMsB8wJrDlL4+zvka1Ubey823Tl+qakxRdl02D1TbINYpreiUfWKkHhwVvy8cXtcspHU3VOe\u003c/Cookie\u003e\u003c/SecurityContextToken\u003e\u003c/t:RequestedSecurityToken\u003e\u003ct:TokenType\u003ehttp://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0\u003c/t:TokenType\u003e\u003ct:RequestType\u003ehttp://schemas.xmlsoap.org/ws/2005/02/trust/Issue\u003c/t:RequestType\u003e\u003ct:KeyType\u003ehttp://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey\u003c/t:KeyType\u003e\u003c/t:RequestSecurityTokenResponse\u003e\u003c/s:Body\u003e\u003c/s:Envelope\u003e\nTotal Attempts: 1","Output":{"ErrorMessage":"NONE"},"ExceptionMessage":null,"Exception":null},{"Name":"TestTrustedDevicesCertificateStore","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":null,"Output":null,"ExceptionMessage":null,"Exception":null},{"Name":"TestTLSMismatch","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":null,"Output":null,"ExceptionMessage":null,"Exception":null},{"Name":"TestNonSelfSignedCertificatesInRootStore","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":null,"Output":null,"ExceptionMessage":null,"Exception":null},{"Name":"TestTimeSync","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":null,"Output":null,"ExceptionMessage":null,"Exception":null},{"Name":"CheckOffice365Endpoints","ComputerName":"aadtestdoms1.aadtestdom.com","Result":0,"Detail":null,"Output":{"PassiveEnabled":true,"WSTrust2005UsernameMixedProxyEnabled":true,"PassiveProxyEnabled":true,"WSTrust2005WindowsTransportProxyEnabled":true,"WSTrust2005WindowsTransportEnabled":true,"WSTrust2005UsernameMixedEnabled":true},"ExceptionMessage":null,"Exception":null}],"WarningTests":[{"Name":"TestProxyTrustPropagation","ComputerName":"aadtestdoms1.aadtestdom.com","Result":4,"Detail":"No AD FS farm information was provided. Specify the list of servers in your farm using the -adfsServers flag.","Output":null,"ExceptionMessage":null,"Exception":null}],"FailedTests":[{"Name":"CheckDuplicateSPN","ComputerName":"aadtestdoms1.aadtestdom.com","Result":2,"Detail":"Found SPN in object: CN=aadcsvc,CN=Managed Service Accounts,DC=aadtestdom,DC=com but it does not correspond to service account CN=aadvsvc,CN=Managed Service Accounts,DC=aadtestdom,DC=com","Output":{"ADFSFarmSPN":"host/sts.aadtestdom.com","ServiceAccount":"AADTESTDOM\\aadvsvc$","SpnObjects":["CN=aadcsvc,CN=Managed Service Accounts,DC=aadtestdom,DC=com"]},"ExceptionMessage":null,"Exception":null},{"Name":"TestAdfsAuditPolicyEnabled","ComputerName":"aadtestdoms1.aadtestdom.com","Result":2,"Detail":"Audits are not configured for Usage data collection : Expected \u0027Success and Failure\u0027, Actual=\u0027No Auditing\u0027","Output":{"StsAuditConfig":"FailureAudits;SuccessAudits;","MachineAuditPolicy":"No Auditing"},"ExceptionMessage":null,"Exception":null},{"Name":"TestServicePrincipalName","ComputerName":"aadtestdoms1.aadtestdom.com","Result":2,"Detail":"An existing SPN was found for HOST/sts.aadtestdom.com but it did not resolve to the ADFS service account.","Output":null,"ExceptionMessage":null,"Exception":null},{"Name":"TestSelfSignedCertificatesInIntermediateCaStore","ComputerName":"aadtestdoms1.aadtestdom.com","Result":2,"Detail":"There were self-signed certificates found in the intermediate CA store. Move them to the root certificate store.","Output":{"SelfSignedCertificates":[{"FriendlyName":"","Issuer":"CN=Root Agency","Subject":"CN=Root Agency","Thumbprint":"FEE449EE0E3965A5246F000E87FDE2A065FD89D4"},{"FriendlyName":"","Issuer":"CN=aadtestdom-AADTESTDOMDC-CA, DC=aadtestdom, DC=com","Subject":"CN=aadtestdom-AADTESTDOMDC-CA, DC=aadtestdom, DC=com","Thumbprint":"E2D0EF85C434E5D09D66120BE290E0F81CA23F98"}]},"ExceptionMessage":null,"Exception":null}],"ErrorTests":[],"NotRunTests":[{"Name":"Test-Certificate-Token-Decrypting-Primary-NotFoundInStore","ComputerName":"aadtestdoms1.aadtestdom.com","Result":1,"Detail":"Token-Decrypting certificate with thumbprint D9D70A9F3B557BF221B2E2A1D46EAF0532EA8A8A not checked for availability because it is in store: CurrentUser","Output":{"Thumbprint":"D9D70A9F3B557BF221B2E2A1D46EAF0532EA8A8A"},"ExceptionMessage":null,"Exception":null},{"Name":"Test-Certificate-Token-Decrypting-Primary-IsSelfSigned","ComputerName":"aadtestdoms1.aadtestdom.com","Result":1,"Detail":"Check Skipped when AutoCertificateRollover is enabled","Output":{"Thumbprint":"D9D70A9F3B557BF221B2E2A1D46EAF0532EA8A8A"},"ExceptionMessage":null,"Exception":null},{"Name":"Test-Certificate-Token-Decrypting-Primary-PrivateKeyAbsent","ComputerName":"aadtestdoms1.aadtestdom.com","Result":1,"Detail":"Check Skipped when AutoCertificateRollover is enabled","Output":{"Thumbprint":"D9D70A9F3B557BF221B2E2A1D46EAF0532EA8A8A"},"ExceptionMessage":null,"Exception":null},{"Name":"Test-Certificate-Token-Decrypting-Primary-AboutToExpire","ComputerName":"aadtestdoms1.aadtestdom.com","Result":1,"Detail":"Check Skipped when AutoCertificateRollover is enabled","Output":{"Thumbprint":"D9D70A9F3B557BF221B2E2A1D46EAF0532EA8A8A"},"ExceptionMessage":null,"Exception":null},{"Name":"Test-Certificate-Token-Signing-Primary-NotFoundInStore","ComputerName":"aadtestdoms1.aadtestdom.com","Result":1,"Detail":"Token-Signing certificate with thumbprint A99992967E1F4CD0D7D2BE793A6DE9B9A0B7396B not checked for availability because it is in store: CurrentUser","Output":{"Thumbprint":"A99992967E1F4CD0D7D2BE793A6DE9B9A0B7396B"},"ExceptionMessage":null,"Exception":null},{"Name":"Test-Certificate-Token-Signing-Primary-IsSelfSigned","ComputerName":"aadtestdoms1.aadtestdom.com","Result":1,"Detail":"Check Skipped when AutoCertificateRollover is enabled","Output":{"Thumbprint":"A99992967E1F4CD0D7D2BE793A6DE9B9A0B7396B"},"ExceptionMessage":null,"Exception":null},{"Name":"Test-Certificate-Token-Signing-Primary-PrivateKeyAbsent","ComputerName":"aadtestdoms1.aadtestdom.com","Result":1,"Detail":"Check Skipped when AutoCertificateRollover is enabled","Output":{"Thumbprint":"A99992967E1F4CD0D7D2BE793A6DE9B9A0B7396B"},"ExceptionMessage":null,"Exception":null},{"Name":"Test-Certificate-Token-Signing-Primary-AboutToExpire","ComputerName":"aadtestdoms1.aadtestdom.com","Result":1,"Detail":"Check Skipped when AutoCertificateRollover is enabled","Output":{"Thumbprint":"A99992967E1F4CD0D7D2BE793A6DE9B9A0B7396B"},"ExceptionMessage":null,"Exception":null},{"Name":"TestAppPoolIDMatchesServiceID","ComputerName":"aadtestdoms1.aadtestdom.com","Result":1,"Detail":"Test only to be run on ADFS 2.0","Output":null,"ExceptionMessage":null,"Exception":null},{"Name":"TestSSLUsingADFSPort","ComputerName":"aadtestdoms1.aadtestdom.com","Result":1,"Detail":"Test only to be run on ADFS 2.0 Machine","Output":{"AdfsSSLCertThumbprint":"NONE","AdfsSSLBindings":"NONE","AdfsHttpsPort":"NONE"},"ExceptionMessage":null,"Exception":null},{"Name":"TestAdfsPatches","ComputerName":"aadtestdoms1.aadtestdom.com","Result":1,"Detail":null,"Output":null,"ExceptionMessage":null,"Exception":null},{"Name":"TestADFSO365RelyingParty","ComputerName":"aadtestdoms1.aadtestdom.com","Result":1,"Detail":"Microsoft Office 365 Identity PlatformRelying Party trust is missing\nExpected Relying Party Identifier: urn:federation:MicrosoftOnline","Output":{"MicrosoftOnlineRPSignatureAlgorithm":"NONE","MicrosoftOnlineRPEnabled":"NONE","MicrosoftOnlineRPDisplayName":"NONE","MicrosoftOnlineRPID":"urn:federation:MicrosoftOnline"},"ExceptionMessage":null,"Exception":null}]},"Adfs-Configuration":{"Role":1,"MajorOsVersion":10,"CurrentFarmBehavior":3,"AdfsServers":["aadtestdoms1.aadtestdom.com"],"WapServers":null,"OperatingSystem":"Microsoft Windows Server 2016 Datacenter","Database":"Windows Internal Database","FederationServiceName":"sts.aadtestdom.com","ServiceAccount":"AADTESTDOM\\aadvsvc$","ServiceAccountType":"GMSA","ServiceAccountSpn":["Registered ServicePrincipalNames for CN=aadvsvc,CN=Managed Service Accounts,DC=aadtestdom,DC=com:"],"AdfsGlobalAuthenticationPolicy":{"AdditionalAuthenticationProvider":[],"DeviceAuthenticationEnabled":false,"AllowAdditionalAuthenticationAsPrimary":null,"EnablePaginatedAuthenticationPages":null,"DeviceAuthenticationMethod":2,"TreatDomainJoinedDevicesAsCompliant":false,"PrimaryIntranetAuthenticationProvider":["WindowsAuthentication","FormsAuthentication","MicrosoftPassportAuthentication"],"PrimaryExtranetAuthenticationProvider":["FormsAuthentication","MicrosoftPassportAuthentication"],"WindowsIntegratedFallbackEnabled":true,"ClientAuthenticationMethods":"ClientSecretPostAuthentication, ClientSecretBasicAuthentication, PrivateKeyJWTBearerAuthentication, WindowsIntegratedAuthentication"},"AdfsSslCertificate":{"Issuer":"CN=aadtestdom-AADTESTDOMDC-CA, DC=aadtestdom, DC=com","NotBefore":"\/Date(1531262826000)\/","NotAfter":"\/Date(1594334826000)\/","Thumbprint":"842D220E03B7C06978B14BFABE90F55A506707A9"},"AdfsCertificate":[{"IsPrimary":true,"CertificateType":"Token-Signing","Certificate":{"Issuer":"CN=ADFS Signing - sts.aadtestdom.com","NotBefore":"\/Date(1547588588000)\/","NotAfter":"\/Date(1579124588000)\/","Thumbprint":"A99992967E1F4CD0D7D2BE793A6DE9B9A0B7396B"}}],"AdfsRelyingPartyTrust":[{"Name":"RPT Test","Identifier":["https://blah/trst"],"ProtocolProfile":"WsFed-SAML","AccessControlPolicyName":"Permit everyone","IssuanceAuthorizationRules":"","AdditionalAuthenticationRules":"","IssuanceTransformRules":""}]}},"Version":"1.0.9"}
|