ADFS Proxy on Azure

Similar Messages

• Having 2 ADFS proxy 2 ADFS server 2 ADC each in seperate cloud service, how do they communicate

  i have 2 ADFS proxy services under one cloud service and one availability group and an endpoint for 443
  the same goes for 2 ADFS servers
  1. as far as i know this configuration is enough for HA and NLB for both services, please confirm and support me with official links
  2. Does Azure services communicate with each other using the public or the private IP? For example ADFS proxy communicate with ADFS services over the cloud service public VIP?
  3. What is the process if ADFS service tries to communicate to one DC on Azure & found it unavailable will it fail over another working DC by default?

  Hi,
   The Following link provides some guidelines that may be helpful for your scenario.
   http://www.concurrency.com/blog/migrate-adfs-for-office-365-to-windows-azure/
   also.
   http://stackoverflow.com/questions/21109818/office-365-migration-practice-with-windows-azure
  Let us know if this helps.
  Regards,
  Nithin Rathnakar

• ADFS Proxy

  I have a proxy server in a DMZ i'm unable to connect to a load balanced cluster on the other side using the cluster address. What ports (if any) do I need to open?
  Is there any trouble shooting or diagnostics I need to do?
  I would also appreciate some tips and pointers when rolling out office 365
  Thanks in advance

  The ADFS Proxy really only needs HTTPS (443) open to the ADFS farm. It will also need any dependent ports and protocols available such as DNS, etc. If it is a domain-joined machine then it will need normal AD ports and protocols (DNS, LDAP, Kerberos, etc.)
  Here's a really nice troubleshooting guide for ADFS 2.0:
  http://technet.microsoft.com/en-us/library/adfs2-troubleshooting-guide%28v=ws.10%29.aspx
  One general test I always use for the proxy is this: from the proxy server, navigate to this URL (replace the domain name with the domain of your ADFS service)
  https://adfs.domain.com/adfs/services/trust/mex
  If you get XML data returned then you are generally good to go.

• ADFS and ADFS proxy on 2012 and secondary on 2008 R2 is that ok

  I want to build my ADFS, ADFS Proxy for hybrid setup with exchange 2010 SP3
  I will have primary ADFS and ADFS proxy on 2012 servers and the secondary will be on 2008 R2
  as per my knowledge this should work but I want to confirm
  forest and domain functional level is 2008
  dcs are 2003 2008 and 2012
  thank you

  Hi,
  you cant mix the ADFS versions. Functional level is okay.
  You can see this also from Microsofts proposed migration strategy creating a new 2012 R2 Server with ADFS http://technet.microsoft.com/en-us/library/dn486787.aspx#BKMK_b
  Regards,
  Lutz

• DirSync on 2012 servers wail DCs and ADFS and ADFS proxy are on 2008

  I have my DC forest and domain functional level @ 2008 server
  now ADFS and ADFS Proxy will be on 2008 R2
  I want to have dirSync on 2012 server
  is that ok ?

  Yes, it would work normally.
  Keep trying If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

• ADFS Proxy - unable to establish trust

  I already have an ADFS server which has a working connection to an external vendor application. I now need to add a second connection to another vendor. However, this one needs an ADFS proxy as it will be used by people outside of our organization.
  I have built a server, placed it the dmz and started to run the proxy config wizard. It says it is able to connect to the ADFS server as below
  but when I enter credentials to set up the trust I get the error below
  Does anyone know what is wrong? I have tested the credentials being used, they work fine for logging in to the ADFS server itself. I have even tried using my domain admin account and out of desperation I also tried using the local admin account from the
  proxy server (which is not a domain member as per standard setup instructions), same response.
  The SSL certificate imported to IIS on the proxy was exported from the ADFS server and bound to port 443, the firewall allows traffic from the proxy to the ADFS server over port 443 and the firewall is disabled on both servers so there is nothing blocking
  the connection

  Hi,
  When we installed the AD FS Server role we requested and installed a Certificate on that server.  We now need to Export the Certificate and install it on the AD FS proxy.
  Please refer to this article for more detail information about AD FS Proxy:
  http://www.messageops.com/resources/office-365-documentation/ad-fs-proxy-step-by-step-install-guide/
  Regards
  Vivian Wang

• ADFS Proxy configuration polling interval

  Hi everybody. I was trying to increase the frequency at which the adfs-proxy queries the adfs-server to update its configuration. The powershell command set-WebApplicationProxyConfiguration -ConfigurationChangesPollingIntervalSec is supposed to do that.
  However, no matter the value I configure, it always check every 60 seconds. I am running ADFS 2012 R2 with all the patches, updates...
  Thanks in advance
  // Raúl - I love this game

  Hi Amig@. Yes, of course that you can ask :)  In fact, I want to increase the period. My configuration is not expected to  change very often and my Event Viewer is getting flooded with that events (8 records per server every 60 seconds).
  It's curious that after a fresh installation the polling interval says to be 30 seconds (powershell) but in practice it is 60 seconds. It seems to be hardcoded somewhere
  Thanks for your interest
  // Raúl - I love this game

• Server 2012 ADFS and Server 2008 R2 ADFS Proxy compatilibility

  Hi,
  Does anyone know if a 2008 R2 ADFS Proxy will talk to ADFS running on Server 2012?
  TIA.

  I have not found a reference to say if this is supported or not. I know that there is no longer a separate ADFS proxy role in Windows 2012 R2.  The Remote Access feature provides VPN, Direct Access and Web Application Proxy (WAP) functionality.
  So, better to use the new functionality.
  More if you ask them here: https://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=Geneva
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• ADFS Proxy server Event ID 393

  0
  Hello,
  I am setting up ADFS proxy server , i am setting proxy server in DMZ and only port which is open to ineternal ADFS service is 443,
  I am using a SAN cert with ADFS service name as Subject alternative name (ADFSService.net) ad the subject name of cert is what will be resolved over the internet (ABC.COM).
  I have successfully setup ADFS SQL farm , where as iam getting evet ID 393 when i asetting up ADFS proxy server. it i not accepting the creds of the ineternal ADFS servce service account .
  the federation server proxy could not establish a trust with the federation service
  Any help would be highly appreciated.

  Hi Zulfiqar,
  Please check the time difference between the proxy server and the ADFS server.

• Which is the best windows server application proxy or Azure application proxy ???

  Hi everyone,
  I know that Azure application proxy is based on windows server 2012 r2 web application proxy ..
  but what is the difference between the two . and under which cases we can go for  azure app proxy and windows server 2012 r2 web application proxy ??
  Any examples will be great to understand ..
  Thanks ,
  Kalai

  Hi,
  Thanks for your post.
  Web Application Proxy provides reverse proxy functionality for web applications inside your corporate network to allow users on any device to access them from outside the corporate network. Web Application Proxy preauthenticates access to web applications
  using Active Directory Federation Services (AD FS), and also functions as an AD FS proxy.
  Web Application Proxy can be run on Windows Azure VMs, but there are no recommended scenarios for running it on Windows Azure VMs.
  https://technet.microsoft.com/en-us/library/dn584113.aspx
  A server running Windows Server 2012 R2 or Windows 8.1 or higher on which you can install the Azure Application Proxy Connector. The server must be able to send HTTPS requests to the Application Proxy services in the cloud, and it must have an HTTPS connection
  to the applications that you intend to publish.
  https://msdn.microsoft.com/en-us/library/azure/dn768214.aspx
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Coudn't Not Verify Custom Domain

  Hi all, anyones had got this error when verify custom domain?
  I met this error when to click Verify Button on Azure Active Directory
  And this error when i try verify with PS Command: New-MsolFederatedDomain -DomainName <Name Domain>
  when i'm used this on my lab this going success to add custom Domain. But when im tried this to my client i met error:
  New-MsolFederatedDomain:Microsoft.Online.Administration.Automation.DomainLiveNamespaceAuthenticationException.
  I did those steps after register DNS TXT Record on Domain Registar and had taken 72 Hours.
  My Environment:
  1 AD
  1 ADFS Server
  1 TMG Server (Adfs Proxy)
  1 Azure Pass
  Thanks,
  Fazar Susanto

  Hi,
  I have just done an NSLOOKUP on your domain and the TXT record is showing the MX=<digits> record.  Please double check your DNS settings for the TXT to makesure you have not added a SPACE or TAB by mistake
  cheers

• ADFS 3.0 Proxy cannot create trust relationship

  Hi,
  I am trying to configure ADFS 3.0 High Avalilabilty scenario (Two AD FS farm with WID , NLB + Two ADFS 3.0 Proxy server with NLB) and I got following error during the second ADFS proxy installation:
  An error occurred when attempting to establish a trust relationship with the federation service. Error:
  The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
  The first proxy server is working fine and the trustrelationship is established. Any idea why?
  Thanks in advance.
  Isurinda.

  Hello,
  this is better asked in
  http://social.msdn.microsoft.com/Forums/office/en-US/home?forum=Geneva
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://msmvps.com/blogs/mweber/
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

• ADF deployment when there is a proxy

  Hi I am using ADF wirh BPM.In the application i have ADF proxy project.I can change the endpoints in composite by using config plan but how do i change the endpoint mentioned in the ADF proxy while deploying in different environments.
  It will be helpful if some one suggests a step by step approach.

  you can check the thread as well
  webservice client : different wsdl file for test/production environment
  ~Abhijit

• ADFS in Azure

  Hi All
  Ive read many articles today about hosting ADFS/Dirsync/ADFSProxy
  Can someone help me understand how traffic flows between the ADFS proxy and the ADFS servers, or how it should. Some articles talk of separate subnets or even the same subnet. If that is true how is firewalling controlled.

  Hi and thanks for your reply, I've read this article. What isn't clear is I understand ADFS proxies should be in same cloud for load balancing purposes. Does that mean same cloud as Everything else? Or just them within the same cloud. As the ADFS servers
  dont need to be exposed to internet, just the proxies. I see these as viable options: 1.All servers in one cloud and same vnet but separate ADFS proxies by subnet and use NSG to firewall. Using internal load balancer. 2.ADFS servers and ADFS proxies in same
  cloud and vnet, ADFS proxies on different subnet and use windows firewall and internal load balancer. 3.ADFS servers and ADFS proxies in different clouds and vnets. ADFS servers will access ADFS proxies thru the external cloud ip of the ADFS servers 3.ADFS
  servers and ADFS proxies in different clouds and vnets. Vpn between vnets, ADFS servers will access ADFS proxies thru the the vpn and load balanced ip. Thanks for your reply anyhow

• Compatibility ADFS 2.0 with ADFS 2.1 proxy server

  Hi,
  I'll install an ADFS proxy server to support an internal ADFS (Server 2008 R2) environment.
  Because of the huge differences between ADFS on Server 2008 R2 and 2012 R2, I'll install the proxy server it on a 2012 server (not R2).
  Are there any known things to take in mind when using a config like this?
  My preferred option would be to use 2008 R2 too for proxy, but it's quite EOL.

  I am not 100% sure what you are doing. But let me be extremely explicit: Use a proxy of the same OS and ADFS version as the ADFS server. Make sure they have the same patches etc. Do not mix the versions.
  There are too many subtle differences (if the mix works at all). If you don't want to use 2012R2 then use both ADFS and its proxy on 2012.
  Paul Lemmers