locked
ADFS working when one Domain Controllers is down RRS feed

  • Question

  • Hi folks,

    ADFS with SharePoint/O365 use, two Domain Controllers, when one domain controller is down SharePoint or O365 does not work anymore.
    What is the process how ADFS uses Domain Controller and what is the time frame when ADFS server, change connection to the working Domain Controller.

    I found that the lifetime of a default security token for a claims-based authentication deployment using AD FS 2.0 is 60 minutes. If user restart IE session does
    new session start with working domain controller? how can I manually say to ADFS server, please check topology, one Domain Controller is down?

    Br,
    Ari

    Monday, February 1, 2016 10:13 AM

Answers

  • Resolution found

    Customer have SharePoint from domain X and ADFS Domain Y they have forest
    trust between domains. From ADFS domain Y have configured DNS Conditional Forward to
    Domain X. But there was migging IP-address to one Domain Controller. When that missign
    Domain Controller was rebooted or was down ADFS did not work anymore. When adding IP-address to DNS Forward zone ADFS works fine.

    Monday, March 7, 2016 8:34 AM

All replies

  • Are the two domain controllers in the same AD site?

    http://blog.auth360.net

    Tuesday, February 2, 2016 7:27 PM
  • Are you using Extranet Lockout feature? if yes, AD FS read the badPwdCount attribute from the PDC. Therefore if PDC is down, AD FS will not working.
    Wednesday, February 3, 2016 1:33 AM
  • Yes they are
    Thursday, February 4, 2016 2:05 PM
  • Extranet Lockout feature is not in use.
    Thursday, February 4, 2016 2:06 PM
  • Resolution found

    Customer have SharePoint from domain X and ADFS Domain Y they have forest
    trust between domains. From ADFS domain Y have configured DNS Conditional Forward to
    Domain X. But there was migging IP-address to one Domain Controller. When that missign
    Domain Controller was rebooted or was down ADFS did not work anymore. When adding IP-address to DNS Forward zone ADFS works fine.

    Monday, March 7, 2016 8:34 AM
  • Thank you for letting us know!

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Monday, March 7, 2016 12:09 PM