Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Windows Server 2012 R2 ADFS with Web Application Proxy (ADFS Proxy)

Posted on 2014-03-26
3
Medium Priority
?
3,038 Views
Last Modified: 2014-05-11
I am currently working on SSO with yammer as a precursor to SSO to a full office365 migration.  

I am implementing an ADFS server thats running Windows Server 2012 R2 on a domain/forest level of 2008 R2.

Initially I successfully added the proxy and then I was troubleshooting issues with Yammer.  In this I started with MS support and they revoked all proxy trusts.  Inevitably internal SSO started working.  

Cool.

So I removed the proxy and in trying to readd it I am getting the error below.

I tried to do via Install-WebApplicationProxy cmdlet, and get the same basic things.  (Note the error is produced on the actual ADFS server.

Other things to note: Proxy is not domain joined.  

The federation server proxy was not able to authenticate to the Federation Service.

User Action
Ensure that the proxy is trusted by the Federation Service. To do this, log on to the proxy computer with the host name that is identified in the certificate subject name and re-establish trust between the proxy and the Federation Service using the Install-WebApplicationProxy cmdlet.

Additional Data

Certificate details:

Subject Name:
<null>

Thumbprint:
<null>

NotBefore Time:
<null>

NotAfter Time:


xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="AD FS" Guid="{2FFB687A-1571-4ACE-8550-47AB5CCAE2BC}" />
  <EventID>276</EventID>
  <Version>0</Version>
  <Level>2</Level>
  <Task>0</Task>
  <Opcode>0</Opcode>
  <Keywords>0x8000000000000001</Keywords>
  <TimeCreated SystemTime="2014-03-26T14:39:28.048771100Z" />
  <EventRecordID>13944</EventRecordID>
  <Correlation ActivityID="{00000000-0000-0000-8F00-0080000000FB}" />
  <Execution ProcessID="1716" ThreadID="4824" />
  <Channel>AD FS/Admin</Channel>
  <Computer>SSRCNY-SSO.ssrc.org</Computer>
  <Security UserID="S-1-5-21-27592101-676073253-1990678075-14250" />
  </System>
- <UserData>
- <Event xmlns="http://schemas.microsoft.com/ActiveDirectoryFederationServices/2.0/Events">
- <EventData>
  <Data><null></Data>
  <Data><null></Data>
  <Data><null></Data>
  <Data><null></Data>
  </EventData>
  </Event>
  </UserData>
  </Event>
0
Comment
Question by:Citadelny
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 42

Expert Comment

by:Adam Brown
ID: 39956598
You might be having some permissions issues with the account that you are using to connect the proxy to ADFS. Check to make sure you have an SPN set up for that account. http://technet.microsoft.com/en-us/library/dd807078.aspx has more info on setting this permission. This allows the farm account you use to set up the servers to properly impersonate the adfs service name in SSL transactions. This is absolutely necessary for ADFS proxy to work properly.
0
 

Accepted Solution

by:
Citadelny earned 0 total points
ID: 40045213
It ended up being a lack of receiver that needed to be there and was deleted by Microsoft during some troubleshooting.
0
 

Author Closing Comment

by:Citadelny
ID: 40057047
I was able to resolve this on my own.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft is moving in-place eDiscovery & hold from ECP to EOP console under Content Search in Search and Investigation Options.  In this post, I will be showing you how to export emails to a PST file using the Content Search Options.
Windows Server 2003 introduced persistent Volume Shadow Copies and made 2003 a must-do upgrade.  Since then, it's been a must-implement feature for all servers doing any kind of file sharing.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question