locked
ADFS login/O365 working only internally and not externally RRS feed

  • Question

  • Hi,

    I'm hoping someone can help us we have ADFS 3.0 set up, and then we have adfs proxys (WAP) servers for external access, on tuesday night our network guys changed some switches from 1Gbit to 10Gbit switches and now users can only log into O365/ADFS Service internally and cannot externally, we all get teh error saying user/password is incorrect.

    On the ADFS Server im getting event id 342 about token validation failed

    On the ADFS Proxy servers im getting event id 222 :

    The federation server proxy was unable to complete a request to the Federation Service at address *** ADFS Usernamemixed address *** because of a time-out. This might mean that the Federation Service is currently unavailable. 

    User Action 
    Verify that the Federation Service is running.

    The service is running.

    Another piece of info that might be useful i can log into the O365 from teh ADFS Proxy server thats in our DMZ but no other external machines can log in.

    When i ran the exrca tool for O365 Single Sign On it fails on the token validation step returning error http 500 or http 503 it varies when i run it.

    Thanks in advance

    Saturday, July 28, 2018 12:44 AM

All replies

  • Hiya,

    A few things to

    1: Was the server rebooted since network outage?

    2: Verify that the trust is in place between WAP and ADFS server. (Should state so from the ADFS logs)

    3: Verify that the endpoint is enabled on Proxy also. on the ADFS server, open the folder Endpoints and check difference between Server and Proxy.

    4: Can you perform an external login using the /adfs/ls/idpinitiatedsignon.aspx page? If that page is not accessible, you might need to enable this in your properties, just for testing purpose.

    Kind Regards

    Jesper

    Monday, July 30, 2018 10:03 AM