250 Hello - AD FS

2

Unable to Edit WAP Published Application in Mixed Mode Farm

Posted on 24th July 2020 by Rhoderick Milne [MSFT]

During the upgrade process it is expected that there will be multiple versions of AD FS and WAP servers operating in a farm at a given time. This is actually a good option as it allows us to easily upgrade from AD FS 2012 R2 to a newer version such as 2016 or 2019. We can do this without having to build a brand new farm from scratch and then cutting over applications to the new farm wi… Read the rest “Unable to Edit WAP Published Application in Mixed Mode Farm”

2

Unable To Access WAP AD FS Proxy Instance Externally

Posted on 25th May 2020 by Rhoderick Milne [MSFT]

When deploying AD FS and Web Application Proxy it is common to run into some networking issues. Normally this is due to firewall rules not being set correctly.

However we need to be aware of the default behaviour of WAP and factor that into our deployment.

When WAP is installed, it will write additional firewall rules into the Windows firewall. However, the default rules do not cover all monitorin… Read the rest “Unable To Access WAP AD FS Proxy Instance Externally”

2

Get-AdfsProperties Error ADMIN0120

Posted on 20th July 2018 by Rhoderick Milne [MSFT]

The below is an issue which caused this week’s customer a little stress. They wanted to review the current AD FS configuration, but were not able to successfully run the Get-AdfsPropeties cmdlet.

The Get-AdfsProperties cmdlet would generate the error below.

For make most glorious benefit of search engines:
Get-AdfsProperties : ADMIN0120: The client is not authorized to access the endpoint net.tcp://… Read the rest “Get-AdfsProperties Error ADMIN0120”

0

Connect to AD FS 2016 WID Using SQL Server Management Studio

Posted on 12th July 2018 by Rhoderick Milne [MSFT]

As part of troubleshooting a recent Windows Server 2016 AD FS issue, I wanted to take a look at the database using SQL Server Management Studio (SSMS). In order to successfully connect there are a couple of gotchas to note as the database used was the Windows Internal Database (WID). This is the default AD FS 2012 R2 and 2016 deployments. There is no SQL management interface and the correct con… Read the rest “Connect to AD FS 2016 WID Using SQL Server Management Studio”

7

Easy Way To Retrieve Certificate Thumbprint Using PowerShell

Posted on 14th May 2018 by Rhoderick Milne [MSFT]

Since many certificate operations involve knowing the certificate’s thumbprint, it is always useful to to have an easy way to get this information. In some of the online documentation it mentions you can copy the thumbprint out of the Certificate MMC snap-in and then manually delete the spaces between the data. No thanks.

However, if you *really* want to do that, or a quick and easy way to launch… Read the rest “Easy Way To Retrieve Certificate Thumbprint Using PowerShell”

2

Renewing AD FS Certificates – Updated Guidance

Posted on 15th March 2018 by Rhoderick Milne [MSFT]

TLS certificates come and go. By their nature they have a set life span and then they must be renewed. While this is nothing new, I’ve being doing this since the 1990s, the process may become a little more frequent for some customers as the industry is eliminating three year certificates see 3-Year Certificates to Be Eliminated in Industry-Wide Change for example.

In the posts for deploying AD FS … Read the rest “Renewing AD FS Certificates – Updated Guidance”

1

Update WAP Published Application Certificate

Posted on 11th December 2017 by Rhoderick Milne [MSFT]

A base Web Application Proxy (WAP) provides AD FS proxy capability in addition to also publishing on-premises web applications to the Internet. This can be used to publish services such as Exchange OWA and Autodiscover.

Publish Applications using AD FS Preauthentication can used in certain situations to pre-authenticate the incoming request before it is passed onto the internal server. Alternative… Read the rest “Update WAP Published Application Certificate”

1

WAP 2016 Published Application Not Working – HTTP Error 503

Posted on 19th July 2017 by Rhoderick Milne [MSFT]

Imagine the situation. You just finished deploying AD FS 2016 and Web Application Proxy (WAP) servers in a highly available environment with the AD FS namespace load balanced internally and externally. There are multiple AD FS servers and WAP servers. This is an interesting deployment project and all is going well. After verifying that core AD FS and WAP functionality works as expected you th… Read the rest “WAP 2016 Published Application Not Working – HTTP Error 503”

4

How to Enable IdpInitiatedSignon Page In AD FS 2016

Posted on 20th June 2017 by Rhoderick Milne [MSFT]

One of the deployment validation and testing tools which was also present in earlier AD FS releases is the /IdpInitiatedSignon.htm page. This page is available by default in the AD FS 2012 R2 and earlier versions. Though it should be noted this page is disabled by default in AD FS 2016.

From the system you wish to test from, navigate to the AD FS namespace's idpinitiatedsignonpage. This will be i… Read the rest “How to Enable IdpInitiatedSignon Page In AD FS 2016”

3

PSRemoting for Office 365 AD FS Configuration

Posted on 26th May 2017 by Rhoderick Milne [MSFT]

When configuring AD FS for Office 365, one of the final steps is to link Azure AD with the on-premises AD FS deployment. This should occur only after AD FS and WAP servers have been fully deployed, verified and tested.

When linking the AD FS infrastructure with Office 365, we must use the Azure AD PowerShell module. We need to point the module at the primary AD FS server using the Set-MsolADFSCon… Read the rest “PSRemoting for Office 365 AD FS Configuration”