<div>
Hi, <br />
<br />
Thanks for a very good explanation. Have got the connection correct :) <br />
<br />
But....<br />
<br />
The wizard crashed, and required me to uninstall. After reinstall I have issues when adding the WAP. <br />
<br />
See attached picture. Am not able to find much information related to this error. No records in the event log. <br />
<br />
WAP is added to servers and PS and everything works fine. Server can ping and control the WAP.<br />
<br />
<br />
SOLVED !!<br />
<br />
For further reference. <br />
Machine.config on WAP was corrupted. Restoring this to default solved the issue<br />
<a href="https://filedb.experts-exchange.com/incoming/2017/12_w50/1215405/wap-problem.png" target="_blank" class="file-inline" title="wap-problem.png (64 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>wap-problem.png</a>
</div>


wap-problem.png

<div>
Since you're using AADConnect to deploy the services, it seems that both of WAP and ADFS servers are in the same network. <br />
(Correct me if I wrong)<br />
If that's the case, you SHOULD strongly consider deploying WAP as STANDALONE (not part of the domain) in DMZ and make sure and validate that it can ONLY accept incoming traffic on port 443 and allowed to get out to the internet (53 for DNS obviously is required) to &quot;Windows Update&quot; and &quot;Office365&quot; infrastructure ONLY. That's the ideal config.<br />
<br />
Internally, it should be able to reach out from DMZ to the internal LAN over port 443 to the ADFS server.<br />
<br />
NONE of the machines should be able to talk to the WAP server internally.<br />
<br />
I understand that you would require some sort of the management, so make it as secure as you can.<br />
<br />
Consider also running SCW to further secure the WAP machine and minimize attack surface.<br />
<br />
Let me know if you have any further questions.
</div>


<div>
<div class="content wysiwyg-content">
Hi, <br />
<br />
Having some issues wrapping my head around the DNS setup for Azure AD connect. <br />
<br />
I plan for 1 ADFS and 1 WAP. <br />
<br />
Is this correct ?<br />
DNS on inside (new zone with the portion adfs.contoso.com)<br />
ADFS.contoso.com - Local ip (192.168.2.200)<br />
<br />
DNS on outside<br />
ADFS - External ip (190.190.190.190)<br />
WAP - External ip (190.190.190.190)<br />
<br />
Add wap in server list for server where adfs is running. <br />
<br />
Which ports needs to be open for this to work ?
</div>
</div>


Hi, 

Having some issues wrapping my head around the DNS setup for Azure AD connect. 

I plan for 1 ADFS and 1 WAP. 

Is this correct ?
DNS on inside (new zone with the portion adfs.contoso.com)
ADFS.contoso.com - Local ip (192.168.2.200)

DNS on outside
ADFS - External ip (190.190.190.190)
WAP - External ip (190.190.190.190)

Add wap in server list for server where adfs is running. 

Which ports needs to be open for this to work ?

Azure AD connect ADFS DNS/firewall setup

The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.

Microsoft Azure is a cloud computing platform and infrastructure for building, deploying and managing applications and services through datacenters. It provides both platform-as-a-service (PaaS) and infrastructure-as-a-service (IaaS) services and supports many different programming languages, tools and frameworks, including both Microsoft-specific and third-party software and systems. Cloud Services is a PaaS environment and can be used to create scalable applications and services; there are specific software development kits (SDKs) provided by Microsoft for Python, Java, Node.js and .NET. Azure also has file and storage services, data management, analytics and DNS services.