ADFS Proxy

Similar Messages

• ADFS and ADFS proxy on 2012 and secondary on 2008 R2 is that ok

  I want to build my ADFS, ADFS Proxy for hybrid setup with exchange 2010 SP3
  I will have primary ADFS and ADFS proxy on 2012 servers and the secondary will be on 2008 R2
  as per my knowledge this should work but I want to confirm
  forest and domain functional level is 2008
  dcs are 2003 2008 and 2012
  thank you

  Hi,
  you cant mix the ADFS versions. Functional level is okay.
  You can see this also from Microsofts proposed migration strategy creating a new 2012 R2 Server with ADFS http://technet.microsoft.com/en-us/library/dn486787.aspx#BKMK_b
  Regards,
  Lutz

• Having 2 ADFS proxy 2 ADFS server 2 ADC each in seperate cloud service, how do they communicate

  i have 2 ADFS proxy services under one cloud service and one availability group and an endpoint for 443
  the same goes for 2 ADFS servers
  1. as far as i know this configuration is enough for HA and NLB for both services, please confirm and support me with official links
  2. Does Azure services communicate with each other using the public or the private IP? For example ADFS proxy communicate with ADFS services over the cloud service public VIP?
  3. What is the process if ADFS service tries to communicate to one DC on Azure & found it unavailable will it fail over another working DC by default?

  Hi,
   The Following link provides some guidelines that may be helpful for your scenario.
   http://www.concurrency.com/blog/migrate-adfs-for-office-365-to-windows-azure/
   also.
   http://stackoverflow.com/questions/21109818/office-365-migration-practice-with-windows-azure
  Let us know if this helps.
  Regards,
  Nithin Rathnakar

• DirSync on 2012 servers wail DCs and ADFS and ADFS proxy are on 2008

  I have my DC forest and domain functional level @ 2008 server
  now ADFS and ADFS Proxy will be on 2008 R2
  I want to have dirSync on 2012 server
  is that ok ?

  Yes, it would work normally.
  Keep trying If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

• ADFS Proxy - unable to establish trust

  I already have an ADFS server which has a working connection to an external vendor application. I now need to add a second connection to another vendor. However, this one needs an ADFS proxy as it will be used by people outside of our organization.
  I have built a server, placed it the dmz and started to run the proxy config wizard. It says it is able to connect to the ADFS server as below
  but when I enter credentials to set up the trust I get the error below
  Does anyone know what is wrong? I have tested the credentials being used, they work fine for logging in to the ADFS server itself. I have even tried using my domain admin account and out of desperation I also tried using the local admin account from the
  proxy server (which is not a domain member as per standard setup instructions), same response.
  The SSL certificate imported to IIS on the proxy was exported from the ADFS server and bound to port 443, the firewall allows traffic from the proxy to the ADFS server over port 443 and the firewall is disabled on both servers so there is nothing blocking
  the connection

  Hi,
  When we installed the AD FS Server role we requested and installed a Certificate on that server.  We now need to Export the Certificate and install it on the AD FS proxy.
  Please refer to this article for more detail information about AD FS Proxy:
  http://www.messageops.com/resources/office-365-documentation/ad-fs-proxy-step-by-step-install-guide/
  Regards
  Vivian Wang

• ADFS Proxy configuration polling interval

  Hi everybody. I was trying to increase the frequency at which the adfs-proxy queries the adfs-server to update its configuration. The powershell command set-WebApplicationProxyConfiguration -ConfigurationChangesPollingIntervalSec is supposed to do that.
  However, no matter the value I configure, it always check every 60 seconds. I am running ADFS 2012 R2 with all the patches, updates...
  Thanks in advance
  // Raúl - I love this game

  Hi Amig@. Yes, of course that you can ask :)  In fact, I want to increase the period. My configuration is not expected to  change very often and my Event Viewer is getting flooded with that events (8 records per server every 60 seconds).
  It's curious that after a fresh installation the polling interval says to be 30 seconds (powershell) but in practice it is 60 seconds. It seems to be hardcoded somewhere
  Thanks for your interest
  // Raúl - I love this game

• Server 2012 ADFS and Server 2008 R2 ADFS Proxy compatilibility

  Hi,
  Does anyone know if a 2008 R2 ADFS Proxy will talk to ADFS running on Server 2012?
  TIA.

  I have not found a reference to say if this is supported or not. I know that there is no longer a separate ADFS proxy role in Windows 2012 R2.  The Remote Access feature provides VPN, Direct Access and Web Application Proxy (WAP) functionality.
  So, better to use the new functionality.
  More if you ask them here: https://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=Geneva
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• ADFS Proxy server Event ID 393

  0
  Hello,
  I am setting up ADFS proxy server , i am setting proxy server in DMZ and only port which is open to ineternal ADFS service is 443,
  I am using a SAN cert with ADFS service name as Subject alternative name (ADFSService.net) ad the subject name of cert is what will be resolved over the internet (ABC.COM).
  I have successfully setup ADFS SQL farm , where as iam getting evet ID 393 when i asetting up ADFS proxy server. it i not accepting the creds of the ineternal ADFS servce service account .
  the federation server proxy could not establish a trust with the federation service
  Any help would be highly appreciated.

  Hi Zulfiqar,
  Please check the time difference between the proxy server and the ADFS server.

• ADFS Proxy on Azure

  I am planning to install ADFS proxy on Azure platform what are the options available to protect it and how to achieve the same.

  Hi,
  If you want to deploy ADFS proxy on Azure VMs, I recommend you to create 2 VMs of ADFS proxy in an availability set for redundancy reasons.
  For more detailed information, you can refer to the article below:
  http://blogs.technet.com/b/abizerh/archive/2013/11/19/adfs-on-azure-vms.aspx
  Best regards,
  Susie
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• ADFS 3.0 Proxy cannot create trust relationship

  Hi,
  I am trying to configure ADFS 3.0 High Avalilabilty scenario (Two AD FS farm with WID , NLB + Two ADFS 3.0 Proxy server with NLB) and I got following error during the second ADFS proxy installation:
  An error occurred when attempting to establish a trust relationship with the federation service. Error:
  The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
  The first proxy server is working fine and the trustrelationship is established. Any idea why?
  Thanks in advance.
  Isurinda.

  Hello,
  this is better asked in
  http://social.msdn.microsoft.com/Forums/office/en-US/home?forum=Geneva
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://msmvps.com/blogs/mweber/
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

• ADF deployment when there is a proxy

  Hi I am using ADF wirh BPM.In the application i have ADF proxy project.I can change the endpoints in composite by using config plan but how do i change the endpoint mentioned in the ADF proxy while deploying in different environments.
  It will be helpful if some one suggests a step by step approach.

  you can check the thread as well
  webservice client : different wsdl file for test/production environment
  ~Abhijit

• Compatibility ADFS 2.0 with ADFS 2.1 proxy server

  Hi,
  I'll install an ADFS proxy server to support an internal ADFS (Server 2008 R2) environment.
  Because of the huge differences between ADFS on Server 2008 R2 and 2012 R2, I'll install the proxy server it on a 2012 server (not R2).
  Are there any known things to take in mind when using a config like this?
  My preferred option would be to use 2008 R2 too for proxy, but it's quite EOL.

  I am not 100% sure what you are doing. But let me be extremely explicit: Use a proxy of the same OS and ADFS version as the ADFS server. Make sure they have the same patches etc. Do not mix the versions.
  There are too many subtle differences (if the mix works at all). If you don't want to use 2012R2 then use both ADFS and its proxy on 2012.
  Paul Lemmers

• Time out error after redirection (ADFS-Office 365 SSO)

  Hi everyone,
   I've been having a problem with configuring ADFS and Office 365 SSO. So Everything is setup and signing into office 365 from the internal network works perfectly but when trying to access from the external network I get timed out. A brief overview
  of my setup:
  LAN------>Firewall---------->Firewall------>Internet
                     |
                   DMZ
  LAN network: 192.168.50.0/24
  DC-DNS, RODC-DNS, ADFS1-ADFS2 (NLB), DIRSYNC.
  DMZ: 172.16.50.0/24
  ADFS Proxy1-ADFS Proxy 2 (NLB) (NLB IP: 172.16.50.225)
  Firewall-Firewall: 10.10.10.0/24
  Internal Firewall: Inside: 192.168.50.254/Outside: 10.10.10.2
  External Firewall: Inside: 10.10.10.1/Outside: 172.31.130.83 (working in a class lab with my universities private network)
  Our network engineering department has its own firewall, I was given a Public IP address of 199.50.X.X that port forwards both port 80 and 443 to the outside interface of the external firewall (172.31.130.83)
  The internal firewall allows outgoing and incoming connections from anywhere for troubleshooting the issue. The External Firewall has been configured portforward both port 80 and 443 to the adfs proxy NLB address.
  Other firewall configurations such as NAT and static routes have been configured correctly.
  I've updated the public DNS records, the A record for my ADFS from the public IP address godaddy assigned to my public domain to the public IP given to me (199.50.X.X). I added the adfs server internal IP and name to the adfs proxy host files and DNS resolution
  is working both internal and externally.
  Using a domain-joined computer and user I am able to sign into office 365 with no problems. The problem starts when I try to access from an external device. When entering a domain user email at the office portal, it tries to redirect me to my adfs proxy
  but after a minute or so it fails to load my internal adfs login page and using google chrome I see a timeout error.
  Checked event viewer on both adfs and adfs proxy servers and nothing is showing up, checked my firewalls and everything seems to be working fine, I also confirmed that the faculty's firewall is receiving and forwarding correctly through ports 443 and 80
  (my external firewall also shows the same results).
  Any help would appreciated, been troubleshooting for more than  week and pretty much out of options other than starting over.
  Thank you.
  Moe.

  Hi Moe,
  Regarding specific ADFS query, I suggest you refer to experts from the following forum to get professional support:
  Claims based access platform (CBA), code-named Geneva Forum
  http://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=Geneva
  Thank you for your understanding and support.
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• ADFS SSO not working correctly on 'old' portal, but works fine on preview portal

  We recently configured an AADSYNC and ADFS 'connection' between Azure and our on-premise environment.
  When i log into the preview portal everything works fine, I'm being redirected to our ADFS proxy server and I get authenticated and logged into the portal.
  However, when i try to login to the 'old' portal (manage.windowsazure.com), after entering my username i get redirected to a forms based webpage of our ADFS environment. When i enter my credentials there i get logged in to the portal so, however I houldn't
  be getting a web based login page.
  I am ofcourse trying this from the internal netwerk, the address of our ADFS server is being resolved to the ip address of the internal ADFS server (otherwise logging into the preview portal should also display the web based login page).
  When i go to portal.office.com ADFS is also working fine, no web based login page is being displayed, so it's really just the manage.windowsazure.com portal thats acting strange.
  (I'm trying all this from the same computer, in the same netwerk environment roughly at the same time, and this also happens on other systems and with other users).
  Any ideas?

  I'm having the exact same issue.  If you look at the AD FS server, you'll see a 164 event logged when you try to log in to the old portal.  Something to the effect of:
  Relying Party:
  urn:federation:MicrosoftOnline
  Exception details:
  Microsoft.IdentityServer.Service.Policy.PolicyServer.Engine.InvalidAuthenticationTypePolicyException: MSIS7102: Requested Authentication Method is not supported on the STS
  I have a case opened with Microsoft, awaiting a call back.  This just started, and I don't understand AD FS enough yet to know what to change, or if I should.

• ADFS external access

   Hi,
   here is a quick question.
   I am in the process of  installing ADFS on production. I am wondering about external access i.e. I will get a third party certificate
   but the server is in my domain and only with one nic with a private ip address. I have not found any documents on how  external  traffic is contolled   or managed to the ADFD server. Should I use NAT. I must be missing something.
  pls adv,
  Erró

  Erro,
  The piece you're missing is the Web Application Proxy (in 2012 R2) known as the ADFS Proxy in previous versions of ADFS. This is a server that sits in your DMZ and sends requests on to the ADFS server inside the network. Since you don't seem to be in
  product yet may I suggest running 2012 R2. Here's why:  WAP supersedes the ADFS Proxy server.  When you want to upgrade your ADFS environment and you have an ADFS proxy server, you can't use it anymore.  You'd be forced at that time to go to
  WAP.  Just food for thought.  Here's more on each subject, and since you're now pointed in the right direction I'm sure a quick Bing will render the information to fill the gaps.
  Web Application Proxy -
  http://technet.microsoft.com/en-us/library/dn383650.aspx
  ADFS Proxy server -
  http://blogs.technet.com/b/askds/archive/2012/01/05/understanding-the-ad-fs-2-0-proxy.aspx
  http://blogs.technet.com/b/askds/archive/2012/01/05/understanding-the-ad-fs-2-0-proxy.aspx
  Hope this helps.