<

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

How to Configure ADFS Web Application Proxy for ADSF

Published on
3,281 Points
281 Views
Last Modified:
Shaun Hardneck
Passionate and Experienced IT Professional with experience in Microsoft Exchange Messaging and Office 365 solutions.
WAP (Web Application Proxy) provides reverse proxy functionality for web applications in the corporate network which allows users on most devices to access internal web applications from external networks.

The WAP should not be part of the domain and should be used as a standalone


To start the configuration, the SSL certificate used on the ADFS (Active Directory Federation Services) Server needs to be installed on the WAP Server.


Open the Run box, then type mmc


Tip! Click any graphic to get a full-size view...


Once the MMC console is open, click on File >> Add /Remove Snap-In



Select Certificates from the list and then click on Add.



Select Computer account from the list, then click Next



Select Local computer, then click Next



To close the Snap-in, Click on OK



Expand Certificate, then expand Personal and click on Certificates



Right Click on Personal Certificates, then All Tasks and click on Import



Follow the Import Wizard, then complete the Certificate import process









The next step is to edit the Hosts File and add an entry for the ADFS Server. To open the Host file, Run Notepad as Administrator


Hosts File Location: C:\Windows\System32\drives\etc



Then navigate to the Host File location




Modify the Host File, by adding the entry for the ADFS server with the associated IP.



Example: 10.2.0.14fs.o365cloudlab.co.za



Click on File and then Save, to save the changes.



Lastly, let's ping the new entry from the WAP Server, you should receive a response.



From a PowerShell session, run the following command to start the installation process of the Web Application Proxy role.


add-windowsfeature web-application-proxy





Once the Installation has been completed, run the following command in the same PowerShell Session to restart the Server.


Restart-Computer



Log back in to the server with the same credentials and Navigate to Server Manager and complete the configuration Process of the Role.



When you click on “Open the Web Application Proxy Wizard”, you are prompted with the following Error.



The RSAT-Administration Modules have not been added to the Server, to resolve this Error. Run the Following command in PowerShell.


Add-WindowsFeature -Name RSAT-RemoteAccess -IncludeAllSubFeature




Close the Server Manager Console and Launch it again.


The Web Application Proxy Wizard will open, then Click on Next



On the Federation service name, add the DNS name for the ADFS server which was specified in the Host File. Then provide a domain username and password.



Select the certificate which was installed at the beginning of the deployment and then click next.



The final screen will show a confirmation screen before the configuration starts. It also shows you a PowerShell version of what will be configured.


The following PowerShell script can be used to configure the same.


Install-WebApplicationProxy -FederationServiceTrustCredential System.Management.Automation.PSCredential -CertificateThumbprint '5C02C5C8E052E372F437AB8D3D83DB9DA8E1E647' -FederationServiceName 'fs.o365cloudlab.co.za'


To continue, Click on Configure.



Click on Close, when the configuration is done.




From the Remote Access Management Console, Click on Operation Status and make sure that all is green.



From a Machine that is connected to the internet but not part of the network, verify that you can reach your ADFS server by clicking on the following link.


https://fs.<YourDomainName>/adfs/ls/IdpInitiatedSignon.aspx



Verify that you can sign in.



On successful logon, you will be redirected to s screen showing the logout icon. This means that you have successfully connected from external.



This concludes the Installation and Configured for the Web Application Proxy.


#ThatLazyAdmin

Experts Exchange Profile

0
Comment
0 Comments

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Join & Write a Comment

Wrapper-1-Query. Use an Excel function to calculate a column for an Access query. Part 1. Shows a query in Access that has a calculated column with the results of an Excel worksheet function. See how to call a wrapper function from a query, and …
Basic Overview of office 365 user portal

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month