Solved

Windows Server 2012 R2 ADFS with Web Application Proxy (ADFS Proxy)

Posted on 2014-03-26
3
2,818 Views
Last Modified: 2014-05-11
I am currently working on SSO with yammer as a precursor to SSO to a full office365 migration.  

I am implementing an ADFS server thats running Windows Server 2012 R2 on a domain/forest level of 2008 R2.

Initially I successfully added the proxy and then I was troubleshooting issues with Yammer.  In this I started with MS support and they revoked all proxy trusts.  Inevitably internal SSO started working.  

Cool.

So I removed the proxy and in trying to readd it I am getting the error below.

I tried to do via Install-WebApplicationProxy cmdlet, and get the same basic things.  (Note the error is produced on the actual ADFS server.

Other things to note: Proxy is not domain joined.  

The federation server proxy was not able to authenticate to the Federation Service.

User Action
Ensure that the proxy is trusted by the Federation Service. To do this, log on to the proxy computer with the host name that is identified in the certificate subject name and re-establish trust between the proxy and the Federation Service using the Install-WebApplicationProxy cmdlet.

Additional Data

Certificate details:

Subject Name:
<null>

Thumbprint:
<null>

NotBefore Time:
<null>

NotAfter Time:


xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="AD FS" Guid="{2FFB687A-1571-4ACE-8550-47AB5CCAE2BC}" />
  <EventID>276</EventID>
  <Version>0</Version>
  <Level>2</Level>
  <Task>0</Task>
  <Opcode>0</Opcode>
  <Keywords>0x8000000000000001</Keywords>
  <TimeCreated SystemTime="2014-03-26T14:39:28.048771100Z" />
  <EventRecordID>13944</EventRecordID>
  <Correlation ActivityID="{00000000-0000-0000-8F00-0080000000FB}" />
  <Execution ProcessID="1716" ThreadID="4824" />
  <Channel>AD FS/Admin</Channel>
  <Computer>SSRCNY-SSO.ssrc.org</Computer>
  <Security UserID="S-1-5-21-27592101-676073253-1990678075-14250" />
  </System>
- <UserData>
- <Event xmlns="http://schemas.microsoft.com/ActiveDirectoryFederationServices/2.0/Events">
- <EventData>
  <Data><null></Data>
  <Data><null></Data>
  <Data><null></Data>
  <Data><null></Data>
  </EventData>
  </Event>
  </UserData>
  </Event>
0
Comment
Question by:Citadelny
  • 2
3 Comments
 
LVL 39

Expert Comment

by:Adam Brown
ID: 39956598
You might be having some permissions issues with the account that you are using to connect the proxy to ADFS. Check to make sure you have an SPN set up for that account. http://technet.microsoft.com/en-us/library/dd807078.aspx has more info on setting this permission. This allows the farm account you use to set up the servers to properly impersonate the adfs service name in SSL transactions. This is absolutely necessary for ADFS proxy to work properly.
0
 

Accepted Solution

by:
Citadelny earned 0 total points
ID: 40045213
It ended up being a lack of receiver that needed to be there and was deleted by Microsoft during some troubleshooting.
0
 

Author Closing Comment

by:Citadelny
ID: 40057047
I was able to resolve this on my own.
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
A procedure for exporting installed hotfix details of remote computers using powershell
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
how to add IIS SMTP to handle application/Scanner relays into office 365.

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now