locked
Error ID 144 WAP vs ADFS 3.0 RRS feed

  • Question

  • hello,

    I get the same issue in the same situation  than this old post :

    https://social.msdn.microsoft.com/Forums/vstudio/en-US/c3f229b6-3d64-481c-9388-19d062e135f0/can-i-connect-directly-to-web-app-proxy?forum=Geneva

    the answer was "You can use a hosts file to workaround it." .

    So could you say me exactly what i must do in the Host file to resolve my problem?

    Thank you so much!

    S.G.

    Wednesday, June 7, 2017 3:14 PM

All replies

  • You cannot use the actual name of the server in the URL as it is using SNI. But if you really want to simulate that you are going to a specific WAP node, you can make your ADFS FQDN point to the IP of that node in your HOSTS file.

    So let's say you have 2 ADFS server in your adfs.contoso.com farm: ADFS01 [10.0.0.1] and ADFS02 [10.0.0.2] and a load balancer on the front of it with a VIP [10.0.0.3] and 2 WAPs: WAP01 [20.0.0.1] and WAP [20.0.0.2] and a load balancer with a VIP on the front [20.0.0.3]. Based on DNS, the internal clients will resolve adfs.contoso.com to 10.0.0.3 and the external clients (using the public DNS) will resolve it to 20.0.0.3. But on your machine, you can create an entry on your HOSTS file to make adfs.contoso.com point to 20.0.0.2 (for example, really you can make it point to whatever you like). Then you close all your browsers, clear the DNS cache (ipconfig /flushdns) and try to connect to adfs.contoso.com, you will now use only the WAP02 node.


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Wednesday, June 7, 2017 3:27 PM
  • thank you for your answer but it's not excatly my case :

    for resume :

    my internals users use an internal URL

    there is an entry xxx.local on my local DNS to resolve my VIP adfs Farm.

    It's work.

    my external users use an external URL :

    there is an entry xxx.com on my public DNS to resolve my adfs WAP.

    it's doesn't work. I get the event Id 144 in event log on my WAP.

    The Federation Service Proxy blocked an illegitimate request made
    by a client, as there was no matching endpoint registered at the proxy.

    If I do the same with one of my ADFS servers directly I get the login
    page and can sign in. I'm testing my ADFS WAP server and thought I
    should be able to do thing.

    In addition, i don't have the same URL External and internal (one .FR and other .COM) . It seems to have two differents URLs is a problem ... how can i manage this ?

    thank you

    • Edited by Sebastiàn Thursday, June 8, 2017 12:02 PM
    Thursday, June 8, 2017 11:22 AM
  • The URL for the ADFS logon has to be the same internally and externally.

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Thursday, June 8, 2017 1:00 PM