250 Hello - AD FS

0

How To Install AD FS 2016 For Office 365 – Part 2

Posted on 10th May 2017 by Rhoderick Milne [MSFT]

This is the second in a series of three posts which will walk you through installing, configuring and connecting AD FS 2016 to Office 365. In part one we installed the AD FS server on our corporate network, and tested that it was working.

In this second post we need to make the AD FS infrastructure available to the Internet in a secure fashion, so that Office 365 will be able to contact AD FS to au… Read the rest “How To Install AD FS 2016 For Office 365 – Part 2”

2

How To Install AD FS 2016 For Office 365

Posted on 28th April 2017 by Rhoderick Milne [MSFT]

This is a step by step guide to installing and configuring Windows Server 2016 Active Directory Federation Services (AD FS) for use with Office 365. If you still wish to deploy the previous version of AD FS (Windows Server 2012 R2 AD FS), then please start with this post. For those with a keen eye, the 2012 R2 post was published exactly three years ago today.

The act of deploying and configuring … Read the rest “How To Install AD FS 2016 For Office 365”

0

Load Balancing WAP In Azure RM

Posted on 10th February 2017 by Rhoderick Milne [MSFT]

In the previous post Load Balancing Azure AD FS Services we looked at using Azure RM to deploy and load balance AD FS services. This is the follow-up post to deploy the Web Application Proxy (WAP) servers and its associated load balancer into the DMZ.

In this post we will focus upon the highlighted area in the below diagram. The additional components were previously deployed, for details please … Read the rest “Load Balancing WAP In Azure RM”

1

Testing AD FS Signon Page – An Error Occurred

Posted on 8th February 2017 by Rhoderick Milne [MSFT]

There are many causes for receiving errors when signing onto AD FS. However some are more genuine than others. This is a quick tip to check that you are on the right track before diving into the details and potentially spending time troubleshooting when in fact nothing is wrong. Just lately, for some reason I’m seeing this more frequently. That has prompted the draft from last October to be fi… Read the rest “Testing AD FS Signon Page – An Error Occurred”

2

Load Balancing AD FS Services In Azure RM

Posted on 7th December 2016 by Rhoderick Milne [MSFT]

As mentioned in this blog's previous posts on deploying AD FS, one option is to deploy all or part of the AD FS solution in Azure. This is very valuable if there is insufficient capacity on-premises or if you only have a single datacentre and wish to increase resiliency.

Deploying the AD FS solution or connecting it to Azure is pretty straight forward. However, if you not correctly plan the Azure… Read the rest “Load Balancing AD FS Services In Azure RM”

0

Change AD FS 2012 R2 Service Account Password

Posted on 6th December 2016 by Rhoderick Milne [MSFT]

One of the added features in AD FS 2012 R2 was the ability to leverage group managed service accounts (gMSA) which obviated the requirement to manually change the password associated with the service account. See Getting Started with Group Managed Service Accounts for some background on gMSA. You may also see the term sMSA which is a standalone managed service account.

Managed service accounts and … Read the rest “Change AD FS 2012 R2 Service Account Password”

4

Web Application Proxy Service Not Starting Due to Malformed Configuration File

Posted on 2nd November 2016 by Rhoderick Milne [MSFT]

The below Web Application Proxy (WAP) server had an unexpected issue. When the machine came back up, it had lost the configuration to allow it to communicate to the AD FS farm. This is not specifically an VM/Hyper-V/Azure issue, it is more of a WAP issue.

Fixing the issue is straight forward, though let’s take a look at the symptoms first.

WAP Server Errors

On the affected WAP server the AD FS serv… Read the rest “Web Application Proxy Service Not Starting Due to Malformed Configuration File”

1

Updating Windows Server 2012 R2 AD FS SSL and Service Certificates

Posted on 21st March 2016 by Rhoderick Milne [MSFT]

The below content is superseded -- for information on updating your certificates please see:

Token signing and decryption
SSL certificate

Active Directory Federation Services (AD FS) heavily leverages X.509 certificates to allow the solution to function securely. As with all of the other certificates that you deploy within your enterprise, there must be a process to manage and renew certifica… Read the rest “Updating Windows Server 2012 R2 AD FS SSL and Service Certificates”

8

AD FS 2012 R2 Web Application Proxy – Re-Establish Proxy Trust

Posted on 20th April 2015 by Rhoderick Milne [MSFT]

In the Tailspintoys environment, the administrator (moi) was a bit slack. They let the AD FS 2012 R2 proxy get into a bad state. The AD FS Proxy was not contacting the AD FS server on the internal network, and this allowed the short lived authentication certificate to expire. At this point the AD FS Proxy was “dead to me” as far as the AD FS server was concerned. The internal AD FS server was … Read the rest “AD FS 2012 R2 Web Application Proxy – Re-Establish Proxy Trust”

0

AD FS 2012 R2 – An Error Occurs When BadPwdCount Not Set

Posted on 16th July 2014 by Rhoderick Milne [MSFT]

AD FS 2012 R2 provides an interesting feature called Extranet Lockout Protection, where the intent is to protect AD accounts from malicious lockout from external access attempts. Previous versions of AD FS had no native mechanism to protect AD from such hammering attempts. For details on the feature please review this post.

One issue that can occur when extranet lockout pro… Read the rest “AD FS 2012 R2 – An Error Occurs When BadPwdCount Not Set”