locked
WAP server migration RRS feed

  • Question

  • I have a federation service with one internal ADFS-server and one external WAP-server, both running Windows Server 2012R2 OS.  I'm now about to migrate this federation service to servers running 2016 OS and have installed ADFS on a 2016 server and joined that server to the existing ADFS-farm (with the 2012R2 server). 

    The 2012R2 server is still the primary computer for ADFS in the WID-cluster.

    Now I want to deploy a new WAP-server running on a server with  2016 OS, but when I try to install the WAP role and add it to the existing ADFS-farm it just throws an error:

    An error occurd when attempting to establish a trust relationship with the federation service. Error: Unauthorized. Verify that the service account has administrative access on the target Federation Server.

    I have tried to join a new 2012R2 WAP server to the ADFS-server running 2016 as well, but it fails with the exact same error message. 

    The new WAP-servers I've tried with are both only pointing to the new ADFS-server running on 2016 OS which is "SecondaryComputer".
    Can that be an issue so the WAP-servers must talk to the ADFS-server having the role "PrimaryComputer" ?


    • Edited by Jorrk Tuesday, November 27, 2018 8:28 AM
    Tuesday, November 27, 2018 8:27 AM

Answers

  • The solution was to point the new WAP-server to the primary ADFS-server within the federation.

    After I did that the installation went by without any issue.

    I found a similar issue described here:
    https://social.technet.microsoft.com/Forums/lync/en-US/47c63a58-0cc5-4823-8419-e0ab38ed8e8f/attempting-to-add-a-second-adfs-proxy-server?forum=winserverDS

    • Edited by Jorrk Tuesday, December 4, 2018 6:05 PM
    • Marked as answer by Jorrk Tuesday, December 4, 2018 6:05 PM
    Tuesday, December 4, 2018 6:04 PM

All replies