Solved

Windows Server 2012 R2 ADFS with Web Application Proxy (ADFS Proxy)

Posted on 2014-03-26
3
2,857 Views
Last Modified: 2014-05-11
I am currently working on SSO with yammer as a precursor to SSO to a full office365 migration.  

I am implementing an ADFS server thats running Windows Server 2012 R2 on a domain/forest level of 2008 R2.

Initially I successfully added the proxy and then I was troubleshooting issues with Yammer.  In this I started with MS support and they revoked all proxy trusts.  Inevitably internal SSO started working.  

Cool.

So I removed the proxy and in trying to readd it I am getting the error below.

I tried to do via Install-WebApplicationProxy cmdlet, and get the same basic things.  (Note the error is produced on the actual ADFS server.

Other things to note: Proxy is not domain joined.  

The federation server proxy was not able to authenticate to the Federation Service.

User Action
Ensure that the proxy is trusted by the Federation Service. To do this, log on to the proxy computer with the host name that is identified in the certificate subject name and re-establish trust between the proxy and the Federation Service using the Install-WebApplicationProxy cmdlet.

Additional Data

Certificate details:

Subject Name:
<null>

Thumbprint:
<null>

NotBefore Time:
<null>

NotAfter Time:


xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="AD FS" Guid="{2FFB687A-1571-4ACE-8550-47AB5CCAE2BC}" />
  <EventID>276</EventID>
  <Version>0</Version>
  <Level>2</Level>
  <Task>0</Task>
  <Opcode>0</Opcode>
  <Keywords>0x8000000000000001</Keywords>
  <TimeCreated SystemTime="2014-03-26T14:39:28.048771100Z" />
  <EventRecordID>13944</EventRecordID>
  <Correlation ActivityID="{00000000-0000-0000-8F00-0080000000FB}" />
  <Execution ProcessID="1716" ThreadID="4824" />
  <Channel>AD FS/Admin</Channel>
  <Computer>SSRCNY-SSO.ssrc.org</Computer>
  <Security UserID="S-1-5-21-27592101-676073253-1990678075-14250" />
  </System>
- <UserData>
- <Event xmlns="http://schemas.microsoft.com/ActiveDirectoryFederationServices/2.0/Events">
- <EventData>
  <Data><null></Data>
  <Data><null></Data>
  <Data><null></Data>
  <Data><null></Data>
  </EventData>
  </Event>
  </UserData>
  </Event>
0
Comment
Question by:Citadelny
  • 2
3 Comments
 
LVL 39

Expert Comment

by:Adam Brown
ID: 39956598
You might be having some permissions issues with the account that you are using to connect the proxy to ADFS. Check to make sure you have an SPN set up for that account. http://technet.microsoft.com/en-us/library/dd807078.aspx has more info on setting this permission. This allows the farm account you use to set up the servers to properly impersonate the adfs service name in SSL transactions. This is absolutely necessary for ADFS proxy to work properly.
0
 

Accepted Solution

by:
Citadelny earned 0 total points
ID: 40045213
It ended up being a lack of receiver that needed to be there and was deleted by Microsoft during some troubleshooting.
0
 

Author Closing Comment

by:Citadelny
ID: 40057047
I was able to resolve this on my own.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This Experts Exchange lesson shows how to use VBA to loop through rows in Excel.  In order to sort, filter, and use database features, there needs to be a value in each column for every row. When data arrives with values missing, code to copy values…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question