locked
Migration to ADFS 3.0 from existing 2.0 farm RRS feed

  • Question

  • Good Morning, 

    I am have been working on a ADFS 3.0 migration from an existing 2.0 environment. I followed the steps in the article below. 

    https://blogs.technet.microsoft.com/canitpro/2015/02/17/step-by-step-migrating-ad-fs-2-0-to-ad-fs-3-0-for-office365-single-sign-on/

    Our only difference is we are not using ADFS for Office365 but we do use for about 6 other applications. Everything worked well but I cannot get the test IDP signon.aspx page the load. 

    The error is Err_Connection_Reset. 

    I have checked my certs, everything looks fine, but I suspect this is a cert issue. I captured some wireshark packets and it looks like my client successfully connects and negotiates SSL/TLS. Then the server RST the connection. 

    I have checked all local and domain firewalls and everything looks ok. Has anyone else seen this issue? Where else could I check. 

    Thanks!

    Friday, November 11, 2016 2:00 PM

Answers

  • **Update

    It was a cert issue, even though everything looked OK, Used powershell in rip the cert out and reinstall it. Restarted the service and everything is OK. 

    Friday, November 11, 2016 3:09 PM

All replies

  • ADFS on Windows Server 2012 R2 uses the SNI extension of SSL. This means that you have to reach the IdpInitiatedSignon.aspx page with the exact URL of the ADFS farm. So if your ADFS server is ADFS01.contoso.com with the IP address 1.2.3.4 and the name of the farm is adfs.ontoso.com, the following apply:


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Friday, November 11, 2016 2:41 PM
  • **Update

    It was a cert issue, even though everything looked OK, Used powershell in rip the cert out and reinstall it. Restarted the service and everything is OK. 

    Friday, November 11, 2016 3:09 PM
  • Thanks for sharing.

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Friday, November 11, 2016 3:27 PM