• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3121
  • Last Modified:

Windows Server 2012 R2 ADFS with Web Application Proxy (ADFS Proxy)

I am currently working on SSO with yammer as a precursor to SSO to a full office365 migration.  

I am implementing an ADFS server thats running Windows Server 2012 R2 on a domain/forest level of 2008 R2.

Initially I successfully added the proxy and then I was troubleshooting issues with Yammer.  In this I started with MS support and they revoked all proxy trusts.  Inevitably internal SSO started working.  

Cool.

So I removed the proxy and in trying to readd it I am getting the error below.

I tried to do via Install-WebApplicationProxy cmdlet, and get the same basic things.  (Note the error is produced on the actual ADFS server.

Other things to note: Proxy is not domain joined.  

The federation server proxy was not able to authenticate to the Federation Service.

User Action
Ensure that the proxy is trusted by the Federation Service. To do this, log on to the proxy computer with the host name that is identified in the certificate subject name and re-establish trust between the proxy and the Federation Service using the Install-WebApplicationProxy cmdlet.

Additional Data

Certificate details:

Subject Name:
<null>

Thumbprint:
<null>

NotBefore Time:
<null>

NotAfter Time:


xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="AD FS" Guid="{2FFB687A-1571-4ACE-8550-47AB5CCAE2BC}" />
  <EventID>276</EventID>
  <Version>0</Version>
  <Level>2</Level>
  <Task>0</Task>
  <Opcode>0</Opcode>
  <Keywords>0x8000000000000001</Keywords>
  <TimeCreated SystemTime="2014-03-26T14:39:28.048771100Z" />
  <EventRecordID>13944</EventRecordID>
  <Correlation ActivityID="{00000000-0000-0000-8F00-0080000000FB}" />
  <Execution ProcessID="1716" ThreadID="4824" />
  <Channel>AD FS/Admin</Channel>
  <Computer>SSRCNY-SSO.ssrc.org</Computer>
  <Security UserID="S-1-5-21-27592101-676073253-1990678075-14250" />
  </System>
- <UserData>
- <Event xmlns="http://schemas.microsoft.com/ActiveDirectoryFederationServices/2.0/Events">
- <EventData>
  <Data><null></Data>
  <Data><null></Data>
  <Data><null></Data>
  <Data><null></Data>
  </EventData>
  </Event>
  </UserData>
  </Event>
0
Citadelny
Asked:
Citadelny
  • 2
1 Solution
 
Adam BrownSr Solutions ArchitectCommented:
You might be having some permissions issues with the account that you are using to connect the proxy to ADFS. Check to make sure you have an SPN set up for that account. http://technet.microsoft.com/en-us/library/dd807078.aspx has more info on setting this permission. This allows the farm account you use to set up the servers to properly impersonate the adfs service name in SSL transactions. This is absolutely necessary for ADFS proxy to work properly.
0
 
CitadelnyAuthor Commented:
It ended up being a lack of receiver that needed to be there and was deleted by Microsoft during some troubleshooting.
0
 
CitadelnyAuthor Commented:
I was able to resolve this on my own.
0

Featured Post

Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now