从 ADFS 2.1 升级到 4.0 后出现 ADFS 错误

不知道有没有人看到这个问题或者有什么想法？

我们最近将 ADFS 从 W2008r2 上的 ADFS 2.1 迁移到 W2016 上的 ADFS 4.0。

基本功能看起来不错，但我发现使用我的所有依赖方信任更新联合元数据存在问题；尝试右键单击并选择“从联合元数据更新...”（或转到属性、监控、测试 URL）会出现以下错误：

"An error occurred during an attempt to read the federation metadata. Verify that the specified URL or host name is a valid metadata endpoint".

相关的错误消息是

Method not found: 'Microsoft.identitymodel.protocols.WSFederation.Metadata.MetadataBase Microsoft.Identity.Model.Protocols.WSFederation.Metadata.MetadataSerializer.ReadMetadata(System.IO.Stream)'.

不需要代理服务器，也没有定义代理服务器。我可以在 ADFS 服务器上的 IE 中浏览到联邦元数据 URL，并获得预期的 XML 页面。我检查了证书是否正确定义，ADFS 服务帐户是否具有对它们的读取权限等。

在服务启动或尝试测试/更新元数据时，事件日志中没有错误消息。尝试添加新的信赖方信任会产生相同的错误。

我已经运行了 ADFS 诊断程序，并且 test-adfsserverhealth 给出了一个我认为是关键的错误，但我不知道下一步该去哪里。

Name             : PingFederationMetadata
Result           : Fail
Detail           : System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a
                   send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing
                   connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An
                   existing connection was forcibly closed by the remote host
                      at System.Net.Sockets.Socket.Receive(Byte[] buffer, Int32 offset, Int32 size, SocketFlags
                   socketFlags)
                      at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
                      --- End of inner exception stack trace ---
                      at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
                      at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count)
                      at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest
                   asyncRequest)
                      at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer,
                   AsyncProtocolRequest asyncRequest)
                      at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
                      at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext,
                   ContextCallback callback, Object state, Boolean preserveSyncCtx)
                      at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback
                   callback, Object state, Boolean preserveSyncCtx)
                      at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback
                   callback, Object state)
                      at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
                      at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
                      at System.Net.ConnectStream.WriteHeaders(Boolean async)
                      --- End of inner exception stack trace ---
                      at System.Net.WebClient.DownloadDataInternal(Uri address, WebRequest& request)
                      at System.Net.WebClient.DownloadData(Uri address)
                      at CallSite.Target(Closure , CallSite , Object , Object )
Output           : {PingFedmetadataException}
ExceptionMessage :