Windows Server 2012 R2 ADFS with Web Application Proxy (ADFS Proxy)

Posted on 2014-03-26
Medium Priority
Last Modified: 2014-05-11
I am currently working on SSO with yammer as a precursor to SSO to a full office365 migration.  

I am implementing an ADFS server thats running Windows Server 2012 R2 on a domain/forest level of 2008 R2.

Initially I successfully added the proxy and then I was troubleshooting issues with Yammer.  In this I started with MS support and they revoked all proxy trusts.  Inevitably internal SSO started working.  


So I removed the proxy and in trying to readd it I am getting the error below.

I tried to do via Install-WebApplicationProxy cmdlet, and get the same basic things.  (Note the error is produced on the actual ADFS server.

Other things to note: Proxy is not domain joined.  

The federation server proxy was not able to authenticate to the Federation Service.

User Action
Ensure that the proxy is trusted by the Federation Service. To do this, log on to the proxy computer with the host name that is identified in the certificate subject name and re-establish trust between the proxy and the Federation Service using the Install-WebApplicationProxy cmdlet.

Additional Data

Certificate details:

Subject Name:


NotBefore Time:

NotAfter Time:

- <System>
  <Provider Name="AD FS" Guid="{2FFB687A-1571-4ACE-8550-47AB5CCAE2BC}" />
  <TimeCreated SystemTime="2014-03-26T14:39:28.048771100Z" />
  <Correlation ActivityID="{00000000-0000-0000-8F00-0080000000FB}" />
  <Execution ProcessID="1716" ThreadID="4824" />
  <Channel>AD FS/Admin</Channel>
  <Security UserID="S-1-5-21-27592101-676073253-1990678075-14250" />
- <UserData>
- <Event xmlns="http://schemas.microsoft.com/ActiveDirectoryFederationServices/2.0/Events">
- <EventData>
Question by:Citadelny
  • 2
LVL 44

Expert Comment

by:Adam Brown
ID: 39956598
You might be having some permissions issues with the account that you are using to connect the proxy to ADFS. Check to make sure you have an SPN set up for that account. http://technet.microsoft.com/en-us/library/dd807078.aspx has more info on setting this permission. This allows the farm account you use to set up the servers to properly impersonate the adfs service name in SSL transactions. This is absolutely necessary for ADFS proxy to work properly.

Accepted Solution

Citadelny earned 0 total points
ID: 40045213
It ended up being a lack of receiver that needed to be there and was deleted by Microsoft during some troubleshooting.

Author Closing Comment

ID: 40057047
I was able to resolve this on my own.

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

In this article, I will demonstrate that how to do a PST migration from Exchange Server to Office 365. This method allows importing one single PST, or multiple PST's at once.
Native ability to set a user account password via AD GPO was removed because the passwords can be easily decrypted by any authenticated user in the domain. Microsoft recommends LAPS as a replacement and I have written an article that does something …
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question