Exchange 2016 Integration with ADFS 2016
Hello,
We are implementing Exchange 2016 and need to integrate it with ADFS. I prepared ADFS 2016 and configured it.
when i did the integration on the exchange by running the following commands i got an error on the owa page as below & Screen shot.
ADFS Commands on Exchange:
Set-OrganizationConfig -AdfsIssuer https://adfs.mycompany.com/adfs/ls/ -AdfsAudienceUris "https://mail.mycompany.com/owa/","https://mail.mycompany.com/ecp/","https://mail.mycompany.com/owa","https://mail.mycompany.com/ecp" -AdfsSignCertificateThumbp
Set-EcpVirtualDirectory -Identity "exchangeserver01\ecp (Default Web Site)" -Adfsadfsentication $true -Basicadfsentication $false -Digestadfsentication $false -Formsadfsentication $false -Oadfsadfsentication $false -Windowsadfsentication $false
Set-OwaVirtualDirectory -Identity "exchangeserver01\owa (Default Web Site)" -Adfsadfsentication $true -Basicadfsentication $false -Digestadfsentication $false -Formsadfsentication $false -Oadfsadfsentication $false -Windowsadfsentication $false
OWA Error:
We are implementing Exchange 2016 and need to integrate it with ADFS. I prepared ADFS 2016 and configured it.
when i did the integration on the exchange by running the following commands i got an error on the owa page as below & Screen shot.
ADFS Commands on Exchange:
Set-OrganizationConfig -AdfsIssuer https://adfs.mycompany.com/adfs/ls/ -AdfsAudienceUris "https://mail.mycompany.com/owa/","https://mail.mycompany.com/ecp/","https://mail.mycompany.com/owa","https://mail.mycompany.com/ecp" -AdfsSignCertificateThumbp
Set-EcpVirtualDirectory -Identity "exchangeserver01\ecp (Default Web Site)" -Adfsadfsentication $true -Basicadfsentication $false -Digestadfsentication $false -Formsadfsentication $false -Oadfsadfsentication $false -Windowsadfsentication $false
Set-OwaVirtualDirectory -Identity "exchangeserver01\owa (Default Web Site)" -Adfsadfsentication $true -Basicadfsentication $false -Digestadfsentication $false -Formsadfsentication $false -Oadfsadfsentication $false -Windowsadfsentication $false
OWA Error:
Adam Brown
Is the thumbprint you're using the certificate used by the ADFS web page or is it the ADFS Token Signing certificate? It needs to be the latter.
ASKER
it is token signing certificate
Hi,
since token signing certificate is self signed (or at least it is by default), then you need to import it into Exchange certificate store Trusted Root Certificate Authority.
At least that is what I did, and it worked for me.
PS: You would probably need to do IIS restart.
Regards,
Ivan.
since token signing certificate is self signed (or at least it is by default), then you need to import it into Exchange certificate store Trusted Root Certificate Authority.
At least that is what I did, and it worked for me.
PS: You would probably need to do IIS restart.
Regards,
Ivan.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Solved by myself