locked
2016 WAP with 2012 R2 ADFS? RRS feed

  • Question

  • Hello,

    I am trying to find confirmation for the title scenario: Is it ok to use Windows Server 2016 WAP as a proxy for 2012 R2 ADFS? If someone can link me to documentation I'd be very grateful, for some reason I could not find it myself.

    Thanks, Vesa

    Wednesday, December 7, 2016 8:11 AM

All replies

  • Best practice is to use like with like e.g. 2016 WAP with 2016 ADFS.

    The reverse situation is not allowed AD FS Requirements.

    "AD FS 2016 requires Web Application Proxy servers on Windows Server 2016. "

    I suspect that the 2016 WAP requires features in ADFS that won't be there and also this is probably not a supported scenario.

    Also ADFS 2016 requires a 2016 DC so this may be another issue.

    Wednesday, December 7, 2016 7:37 PM
  • Hello, Thank you for answering. I know that reverse situation is not allowed, but I could not find any info about subject's scenario. I know best practice, but somehow I'm figuring this scenario should work: How else would you be able to upgrade a 2012 R2 ADFS farm to 2016 one server at a time, just wondering. Since we are not able to use 2016 version of ADFS server (I tried, it was denied, multiple times. Don't ask.), I wanted to use at least Wap 2016, since it has some features like http to https redirection. Otherwise we have to use all 2012 R2 versions. Thanks, Vesa
    Wednesday, December 7, 2016 8:25 PM
  • To upgrade 2012 R2 to 2016 ADFS, you install 2016 ADFS but it looks like 2012 R2.

    Once all installed and tested, you delete all the original 2012 R2 ones and then upgrade the farm behavior level.

    Refer: Upgrading to AD FS in Windows Server 2016.

    Wednesday, December 7, 2016 11:53 PM
  • Very old Question but wanted to answer:

    The answer is  "its ok, but supported as a transitional stage" 

    https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-faq

    Is using Windows 2016 WAP Servers to publish the AD FS farm to the internet without upgrading the back-end AD FS farm supported?

    Yes, this configuration is supported, however no new AD FS 2016 features would be supported in this configuration. This configuration is meant to be temporary during the migration phase from AD FS 2012 R2 to AD FS 2016 and should not be deployed for long periods of time.



    • Edited by Graham_84 Friday, June 22, 2018 12:34 PM
    Friday, June 22, 2018 12:33 PM