Solved

ADFS Windows server 2012 R2 Failing on - The target computer is not joined to a domain

Posted on 2015-01-19
6
543 Views
Last Modified: 2015-01-27
I am setting up ADFS on a windows 2012 R2 domain server; I am getting an error during running the Active Directory Federation Services Configuration Wizard.
The error is
The target computer is not joined to a domain. Only machines that are joined to a domain can be members of a AD FS farm.
The machine is a domain server and global catalogue and has been rebooted since joining the domain. The domain is Domain.local by default.
I have added the MyDomain.com as a UPN Suffix in the “Active Directory Domains and Trusts” and I can confirm I can log on as any user@MyDomain.com in the local domain.
Connect to AD DS step
The account being used to connect to AD DS is an Active Directory Administrator, though the profile is Domain.local\administrator name (I have used Domain.com\ administrator name and get the same error).
Specify Service Properties
I am importing a certificate setup for adfs.MyDomain.com (alternate enterpriseregistraion.MyDomain.com)
The import works fine.
Specify Service Account
I am using a group managed service account without any issues.
Specify Database
I am using the default, WID.
pre-requisite Checks fail on
The target computer is not joined to a domain. Only machines that are joined to a domain can be members of a AD FS farm.
ADFS-Fail-on-Setup.PNG
0
Comment
Question by:davidfrank
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 40

Expert Comment

by:Vasil Michev (MVP)
ID: 40558326
Is this a single forest setup or? Have you verified that everything is OK with replication and you can contact the other DCs with no problem?
0
 
LVL 1

Author Comment

by:davidfrank
ID: 40558349
Yes, single forest, yes replication seems fine.
0
 
LVL 1

Author Comment

by:davidfrank
ID: 40558353
I have migrated from SBS 2008 and all has gone well, moved to O365, wanted to get ADFS running for SSO.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 40

Accepted Solution

by:
Vasil Michev (MVP) earned 500 total points
ID: 40558408
Well, installing AD FS on a DC is somewhat a security risk, but other than that it's supported. Have you tried it on a member server? Or running the install via PowerShell?
0
 
LVL 1

Author Comment

by:davidfrank
ID: 40558457
No, will try on member server. Wanted it all in one place a only a few boxes. Haven't tried using power shell thought i'd get same result.
0
 
LVL 1

Author Comment

by:davidfrank
ID: 40573401
I am going to come back to this issue later, looking at the options either
1. use existing WS2012 box
2. get a box just for this ADFS function with WS2012R2
3. Use a 3rd party service.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question