I installed AD FS 3.0 with a default configuration on a server where IIS was already installed. Every time the service is started, it complains about not being able to bind the IP endpoint 0.0.0.0:808. Here is an excerpt from event log:
Source: AD FS
Event id: 102
Description:
There was an error in enabling endpoints of Federation Service. Fix configuration errors using PowerShell cmdlets and restart the Federation Service.Additional Data
Exception details:
System.ServiceModel.AddressAlreadyInUseException: There is already a listener on IP endpoint 0.0.0.0:808. This could happen if there is another application already listening on this endpoint or if you have multiple service endpoints in your service host with the same IP endpoint but with incompatible binding configurations. ---> System.Net.Sockets.SocketException: Only one usage of each socket address (protocol/network address/port) is normally permitted
at System.Net.Sockets.Socket.DoBind(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.Bind(EndPoint localEP)
at System.ServiceModel.Channels.SocketConnectionListener.Listen()
--- End of inner exception stack trace ---
at System.ServiceModel.Channels.SocketConnectionListener.Listen()
at System.ServiceModel.Channels.ConnectionAcceptor.StartAccepting()
at System.ServiceModel.Channels.ExclusiveTcpTransportManager.OnOpen()
at System.ServiceModel.Channels.TransportManager.Open(TransportChannelListener channelListener)
at System.ServiceModel.Channels.TransportManagerContainer.Open(SelectTransportManagersCallback selectTransportManagerCallback)
at System.ServiceModel.Channels.TcpChannelListener`2.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at Microsoft.IdentityServer.ServiceHost.STSService.StartSTSService(ServiceHostManager serviceHostManager, ServiceState serviceState)
AD FS 3.0 has a serious bug when it tries to bind the default services port 1501. It actually ignores the setting and tries to bind on the default net.tcp port 808 by stripping the port away from the URI if it is configured to 1501. To get things worse this binding is hard-coded and therefore port sharing can't be configured for this. I used this technet article to change the port to 1502 and all seems to work like a charm.
To change the services net.tcp port from 1501 to 1601
- Launch PowerShell
- Add the AD FS 2.0 PowerShell snap-in:
add-pssnapin microsoft.adfs.powershell- Configure the Services net.tcp port via the Set-ADFSProperties cmdlet:
Set-ADFSProperties -nettcpport 1601- Confirm the change:
Get-ADFSProperties- Restart the AD FS 2.0 service in the Services console