Resources For IT Professionals
Post an article
Wikis - Page Details
  • First published by (Microsoft)
  • When: 22 Dec 2010 11:47 AM
  • Last revision by (aMicrosof)
  • When: 16 Apr 2012 11:43 AM
  • Revisions: 9
  • Comments: 4
Options
RSSSubscribe to Article (RSS)
Can You Improve This Article?
Positively! Click Sign In to add the tip, solution, correction or comment that will help other users.

Report inappropriate content using these instructions.
Wiki  >  TechNet Articles  >  AD FS 2.0: How to Change the net.tcp Ports for Services and Administration

AD FS 2.0: How to Change the net.tcp Ports for Services and Administration

AD FS 2.0: How to Change the net.tcp Ports for Services and Administration

Active Directory Federation Services (AD FS) 2.0 uses two net.tcp ports for functions of the Federation Service.

Services net.tcp port - 1501

Administration net.tcp port - 1500

There may come a time when another application or service is using either of the above ports, and a conflict occurs which causes an issue with one of the services. You can configure AD FS 2.0 to listen on different net.tcp ports in order to avoid the conflict.

The steps below detail the supported method for changing the Services or Administration net.tcp ports in AD FS 2.0:

Note: In the steps, the example new ports are:
Services - 1601
Administration - 1600


To change the services net.tcp port from 1501 to 1601

1. Launch PowerShell
2. Add the AD FS 2.0 PowerShell snap-in:
    add-pssnapin microsoft.adfs.powershell
3. Configure the Services net.tcp port via the Set-ADFSProperties cmdlet:
    Set-ADFSProperties -nettcpport 1601
4. Confirm the change:
    Get-ADFSProperties
5. Restart the AD FS 2.0 service in the Services console


To change the administration net.tcp port from 1500 to 1600

1. Launch PowerShell
2. Get a WMI object into a $temp variable:
    $temp= Get-WmiObject -namespace root/ADFS -class SecurityTokenService
3. Set the ConfigurationServiceAddress property to the new net.tcp address using the new port:
    $temp.ConfigurationServiceAddress=”net.tcp://localhost:1600/policy”
4. Write your change back to the object:
    $temp.put()
5. Restart the AD FS 2.0 service in the Services console
6. Verify the change from an elevated Command Prompt:
    a. netstat -anob > netstat.txt
    b. Open netstat.txt in Notepad
    c. Find 1600


 

Symptoms of port conflict

If port 1501 is taken by another process at the time of AD FS 2.0 service start, you will find event ID 364 in the AD FS 2.0/Admin log in Event Log with the following description:  

MSIS7004: An exception occurred while connecting to the federation service. The service endpoint URL 'net.tcp://localhost:1501/adfs/services/trusttcp/windows' may be incorrect or the service is not running. ---> System.TimeoutException: The open operation did not complete within the allotted timeout of 00:01:00. The time allotted to this operation may have been a portion of a longer timeout. ---> System.TimeoutException: The socket transfer timed out after 00:01:00. You have exceeded the timeout set on your binding. The time allotted to this operation may have been a portion of a longer timeout. ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.

 

 

Community Resources

Net.TCP Port Sharing

http://msdn.microsoft.com/en-us/library/ms734772.aspx

 

, , , , , , , , , [Edit tags]
Leave a Comment
  • Please add 7 and 3 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
  • 16 Apr 2012 11:43 AM

    Ed Price - MSFT edited Revision 7. Comment: Typo in the first line. Changed "fedration" to "Federation".

  • 16 Feb 2011 3:11 PM

    Ed Price MSFT edited Revision 5. Comment: Updated title.

  • 10 Feb 2011 7:55 PM

    Ed Price MSFT edited Revision 3. Comment: Title and formatting edits.

Page 1 of 1 (3 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • Posted by
    on 10 Feb 2011 7:55 PM

    Ed Price MSFT edited Revision 3. Comment: Title and formatting edits.

  • Posted by
    on 16 Feb 2011 3:11 PM

    Ed Price MSFT edited Revision 5. Comment: Updated title.

  • Posted by
    on 16 Apr 2012 11:43 AM

    Ed Price - MSFT edited Revision 7. Comment: Typo in the first line. Changed "fedration" to "Federation".

  • Posted by
    on 17 Jul 2013 7:05 AM

    Is port 1501 used for any communication between ADFS Proxy and ADFS Federation servers?

Page 1 of 1 (4 items)