locked
Extranet user required to confirm certificate for OWA logon, when certificate logon not required RRS feed

  • Question

  • hello. From time to time non-domain OWA browser users from Internet got an Windows security dialog: Confirm certificate - site adfs.mydomain.com needs your credentials.

    User can select some cert, or can click cancel, and proceed to normal sign-in dialog with user name|password or MFA.

    I never configured certificate logon for ADFS. Please point me in right direction how to remove this initial cert request.

    Details: Windows 2019 ADFS (on DC), domain server 2019 with WAP. ADFS was upgraded from 2012R2 to 2019 version.

    Intranet logins are fine, no issue at all. No problems with Office 365 logins from Intranet|Extranet also.

    Extranet|Internet logins to OWA are works, with exception of mentioned extranet certificate request on connect to WAP.

    Again, this is not a request from ADFS for user certificate. It looks like IIS are asking for user cert to connect to website, only we all know, what ADFS WAP does not use IIS.

    We publish Exchange 2013 with WAP, MS Office 365 federation.

    Tuesday, August 13, 2019 7:46 AM

Answers

  • Problem was solved with clean install of ADFS and WAP on servers 2019. Migration from 2012R2 ADFS to 2019 are bugged.

    P.S. Device registration status after migration was - You need to update ADFS database. So clean install and manual config was the answer.

    Thursday, August 15, 2019 1:25 PM