从 ADFS 2.1 升级到 4.0 后出现 ADFS 错误

我不知道是否有人见过这个问题或有什么想法？

我们最近将 ADFS 从 W2008r2 上的 ADFS 2.1 迁移到了 W2016 上的 ADFS 4.0。

基本功能似乎很好，但是我发现使用我的所有依赖方信任更新联合元数据时出现问题；尝试右键单击并选择“从联合元数据更新...”（或转到属性、监视、测试 URL）出现以下错误：

"An error occurred during an attempt to read the federation metadata. Verify that the specified URL or host name is a valid metadata endpoint".

相关的错误消息是

Method not found: 'Microsoft.identitymodel.protocols.WSFederation.Metadata.MetadataBase Microsoft.Identity.Model.Protocols.WSFederation.Metadata.MetadataSerializer.ReadMetadata(System.IO.Stream)'.

无需代理服务器，也未定义代理服务器。我可以在 ADFS 服务器上的 IE 中顺利浏览联合元数据 URL 并获取预期的 XML 页面。我已检查证书是否正确定义，ADFS 服务帐户是否具有对证书的读取权限等。

服务启动时或尝试测试/更新元数据时，事件日志中均无错误消息。尝试添加新的依赖方信任时会出现同样的错误。

我已经运行了 ADFS 诊断程序，并且 test-adfsserverhealth 给出了一个错误，我认为这是关键，但我不知道下一步该怎么做。

Name             : PingFederationMetadata
Result           : Fail
Detail           : System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a
                   send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing
                   connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An
                   existing connection was forcibly closed by the remote host
                      at System.Net.Sockets.Socket.Receive(Byte[] buffer, Int32 offset, Int32 size, SocketFlags
                   socketFlags)
                      at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
                      --- End of inner exception stack trace ---
                      at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
                      at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count)
                      at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest
                   asyncRequest)
                      at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer,
                   AsyncProtocolRequest asyncRequest)
                      at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
                      at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext,
                   ContextCallback callback, Object state, Boolean preserveSyncCtx)
                      at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback
                   callback, Object state, Boolean preserveSyncCtx)
                      at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback
                   callback, Object state)
                      at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
                      at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
                      at System.Net.ConnectStream.WriteHeaders(Boolean async)
                      --- End of inner exception stack trace ---
                      at System.Net.WebClient.DownloadDataInternal(Uri address, WebRequest& request)
                      at System.Net.WebClient.DownloadData(Uri address)
                      at CallSite.Target(Closure , CallSite , Object , Object )
Output           : {PingFedmetadataException}
ExceptionMessage :