Sign in
 
.NET Framework Developer Center > .NET Development Forums > Claims based access platform (CBA), code-named Geneva > ADMIN0017: An exception occurred while connecting to the policy store service. The policy administration URL 'net.pipe://localhost/policy' may be incorrect or the "Geneva" service is not running.
Ask a questionAsk a question
Search Forums:
 

QuestionADMIN0017: An exception occurred while connecting to the policy store service. The policy administration URL 'net.pipe://localhost/policy' may be incorrect or the "Geneva" service is not running.

  • Monday, November 02, 2009 7:56 PMBetoMVPUsers MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    Hi, I had successfully deployed 4 Geneva Beta 2 Labs on my organization and partners. This error happened after a couple of weeks of normal operations and ONLY on x64 systems.

    Symptom: If you try to open the Geneva Server MMC, you get the message "ADMIN0017: An exception occurred while connecting to the policy store service. The policy administration URL 'net.pipe://localhost/policy' may be incorrect or the "Geneva" service is not running."

    Env
    1. No information is logged to the event log.
    2. The Geneva Server is running and can be restarted normally.
    3. The Initial Configuration Wizard can be run many times that it will finish successfully.
    4. On a Geneva Farm comprised of two nodes, a Win2k8 x86 SP2 and Win2k8 x64 SP2, only the x64 Geneva failed.
    5. Geneva Farm db is SQL Server 2008 (without SP2)
    Now I am uninstalling/reinstalling IIS7, Geneva Server and Geneva Fx. I would love some help on understanding the underlying problem or troubleshooting steps because I am blinded now,

    Thanks,
    Beto
     

All Replies

  • Tuesday, November 03, 2009 4:05 PMRakesh Bilaney - MSFTModeratorUsers MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    Are you running the MMC as a local machine user (rather than a domain user)? The policy service uses integrated windows authentication.
    For debugging purpose, could you attach a debugger to the geneva service and enable exceptions. Then you could try launching the MMC and note down what all exceptions are seen on the service.

     
  • Tuesday, November 03, 2009 4:55 PMBetoMVPUsers MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    I am running as a Domain Admin. I will work on gathering the exceptions right away,
    Thanks for your reply,
    Beto
     
  • Wednesday, November 18, 2009 2:20 PMBetoMVPUsers MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote

    Hi Rakesh, it was difficult moving forward as I had to go to my customer premises to debug this. Any help on this will be much appreciated.

    Troubleshoot
    Could you attach a debugger to the geneva service and enable exceptions?
    Nothing here. I installed VSTS on the Geneva Server machine, attached to the geneva service, enabled exceptions and no exception was catched by the debugger when the error happened every time I opened the MMC. I also tried attaching to the MMC process itself but the error happens just when the proccess starts and I am not able to catch anything useful here.

    Re-deployment
    So, I re-deployed the RP-STS Server,
       1) Provisioned a fresh Win2k8 SP2 x86 VM (Now I swicthed to x86)
       2) Imported Certificates + Installed Pre-Requisites + Geneva Server
       3) Run Initial Configuration Wizard and used the existing Geneva Server database.

    The wizard went good, the process is running under the service account identity, when I opened the MMC (still optimistic :S) the error rised again AHHHH!
    ADMIN0017: An exception occurred while connecting to the policy store service. The policy administration URL 'net.pipe://localhost/policy' may be incorrect or the "Geneva" service is not running.

    Re-Troubleshoot
    I really can only think about a DB corruption (uploaded a backup to skydrive), do not forget that the service was running smoothly for months, even devs already started to integrate applications to this STS. I enabled tracing on the Microsoft.IdentityServer.Servicehost (find below, uploaded to skydrive), when I restarted the service, the log file was populated and I went though each event looking for problems when accessing the policy store. No luck here, I only found a couple of this events:

    <E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">

    <System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">

    <EventID>0</EventID>

    <Type>3</Type>

    <SubType Name="Information">0</SubType>

    <Level>8</Level>

    <TimeCreated SystemTime="2009-11-17T20:40:43.0075459Z" />

    <Source Name="Microsoft.IdentityServer.Policy.PolicyServer.Service" />

    <Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" />

    <Execution ProcessName="Microsoft.IdentityServer.ServiceHost" ProcessID="4332" ThreadID="13" />

    <Channel />

    <Computer>VADER-02</Computer>

    </System>

    <ApplicationData>

    <TraceData>

    <DataItem>Authorized a request to the policy store service.</DataItem>

    </TraceData>

    </ApplicationData>

    </E2ETraceEvent>

    Then I enabled logging on the FederationPassive application which was never populated.

    Debug Info
    http://cid-5f9c7b75bd402dda.skydrive.live.com/self.aspx/Public/Support/Geneva%20Support.zip
    Content desc:
     - DBs: Backup of the Geneva Policy Store
     - FederationPassive: web.config showing how did I enabled tracing.
     - Microsoft Geneva Server: Microsoft.IdentityServer.Servicehost.exe.config showing how did I enabled tracing.
     - Logs: Logs from the Geneva Service 

    Beto