locked
ADFS Proxy and Barracuda LoadBalancer Event 224 RRS feed

  • Question

  • I have 2 ADFS servers and 2 ADFS Proxy Servers. I had everything up and running and the proxies trusted, I am now trying to add a Barracuda LoadBalancer to it as per the deployment diagram with a VIP and LoadBalancer in front of the ADFS, and another in front of the proxies. Now I am getting event 224 on the Proxy Servers.

    "The Federation Server Proxy Configuration could not be updated with the latest configuration on the Federation Service. 

    Error:

    Retrieval of the proxy configuration data from the Federation Server using Trust Certificate with the thumbprint 'xxxxxxx' failed with status code 'Unauthorized', The remote server returned an error: (401) Unauthorized. 

    My guess is this is because the loadbalancer is only expecting the Public SSL from a trusted CA that is configured for the farm, and if the WAP server is trying or looking for this other Trusted Cert, it is messing it up. I can tell by the thumprint it is not the public SSL that it is trying with. 

    Thank You in advance for any input.

     
    • Edited by woolvertonc Wednesday, July 26, 2017 8:46 PM
    Wednesday, July 26, 2017 8:46 PM

All replies

  • Hi Woolvertonc,

    Can you link to the deployment diagram you are referring to?

    If you are installing the load balancer between the WAP and the ADFS server, ensure that you are not offloading SSL connections at the load balancer. ADFS Proxies (WAP) use certificate authentication to verify connectivity to the ADFS server, and using SSL offload will block this authentication.

    A quick way to test if this is the problem would be to create a hosts file entry on the WAP and ensure your adfs.contoso.com name points directly to the ADFS server and not the Virtual IP..

    Good Luck!

    Shane

    Monday, August 7, 2017 9:15 PM