ADFS / WAP and Exchange 2010 OWA

Hi 2gether

I fighting around with publishing Exchange 2010 OWA trought Server 2012 ADFS and Web Application Proxy.

I have an WAP Server joined to my domain and placed in an OPT Zone. I want to use the ADFS Preauthentification for publishing OWA in my DNS SplitScope Scenario.

After i fill in my Usercreds to login to OWA, nothing really happens.
URLI see that the WAP Server is requesting an kerberos ticket, but the ADFS Server is not able to send the kerberos ticket back. I read the how-to and step by step guide a thousand time...added the SPN, activated constrained delegation..but it does not work at all.

The Logs on the WAP Server are telling me:

WAP Server EventLog EVENT ID 12027, Username and Password wrong (0x8007052e). But i am quiet sure the credentials are right...because EAS and the other published rules work.

On the other side the ADFS Serverlog tells me:
ADFS Log
364:

Encountered error during federation passive request.

Additional Data

Protocol Name:

Relying Party:

Exception details:

Microsoft.IdentityServer.Web.InvalidScopeException: 06a7aa66-3aad-e311-80c1-005056983900

   at Microsoft.IdentityServer.Web.Protocols.MSISHttp.MSISHttpProtocolHandler.ValidateSignInContext(MSISHttpSignInRequestContext msisContext, WrappedHttpListenerRequest request)

   at Microsoft.IdentityServer.Web.Protocols.MSISHttp.MSISHttpProtocolHandler.CreateProtocolContext(WrappedHttpListenerRequest request)

   at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetProtocolHandler(WrappedHttpListenerRequest request, ProtocolContext& protocolContext, PassiveProtocolHandler& protocolHandler)

   at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)

Open in new window



Did anyone had this problem before? The strange thing is...i tested the whole thing before with the same components and it worked in the lab.

thx for any help
ITSGMBHAsked:
Who is Participating?
 
ITSGMBHAuthor Commented:
solved by myself...

i had to add the WAP Server computer account to the
Windows Authorization Access Group

after the reboot everything rocked!!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.