none
Federation Services - Initial Configuration Help

    Question

  • Hello,

    Let me know if there is a better place to post this question...

    I have a new install of ADFS that isn't working.  I've been using the technet article labled "Checklist: Use AD FS to implement and manage single sign-on" as a guideline.  I have gotten to the point where I have dual federation servers with the roles installed on dedicated servers, and NLB installed on each as well.  As well, I'm using a wild card cert for my domain.

    What is working... I can visit these pages locally on each server:

    https://localhost/federationmetadata/2007-06/federationmetadata.xml
    https://localhost/adfs/ls/idpinitiatedsignon.htm

    But, I cannot visit the same URL using the FQDN of my NLB cluster name (it is pingable):

    https://adfs.myDomain.com/adfs/ls/idpinitiatedsignon.htm

    I know my NLB is working properly, for example, I can RDP to each federation server (say "FED01.myDomain.com" and "FED02.myDomain.com").  And I can RDP to "ADFS.myDomain.com" - I get redirected to the primary.  If in NLB I stop the primary, when I RDP to ADFS.myDomain.com again I get directed to the 2nd server.  So thats good.

    When I do I a packet capture from my PC to ADFS.myDomain.com (in the LAN), I see the HTTPS traffic going back and forth, but ultimately ending in a reset (I don't know how to full understand the communication shown in a packet capture)

    16806 8.649136 10.26.151.150 10.26.100.106 TCP 54 https > 49632 [RST, ACK] Seq=1 Ack=127 Win=0 Len=0

    (server = 10.26.151.150, PC 10.26.100.106)

    Any tips on troubleshooting?


    Friday, April 25, 2014 12:13 AM

Answers

  • I re-installed all four servers and the issue went away.  I think the problem was related to a service account permissions which accessed the local WID DB
    • Marked as answer by Drew.Prince Friday, May 09, 2014 12:44 PM
    Friday, May 09, 2014 12:44 PM

All replies