locked
split brain DNS config on ADFS issue RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi All,

    I have a setup when I am try create an adfs connection with a split DNS configuration and I at he point of where I can log into the initiatedsignin page but it then redirects to back to the internal FQDN on my system and as the domain name is not ours it fails.

    so currently the setup is that I have a wild card cert as *.contoso.com and I have an internal FQDN of ADFSServer.DOMAIN2.com

    which is not registered to us as online DNS record.

    I can browse and sign into the signin page: https://signin.contoso.com/adfs/ls/idpinitiatedsignon.aspx

    but after I have signed I am redirected too:https://ADFSServer.domain2.com/adfs/ls/idpinitiatedsignon if I change the FQDN to the singin.contoso.com again, the system registers I have logged in successfully but this is obviously causing problems with my trust.

    any help with this will be greatly appreciated.

    Friday, July 21, 2017 3:45 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    have you created a CName record in DNS?

    Actually you need to create a forward lookup zone o your internal DNS Server and then create A record for sigin.contoso.com and not cname record.

    Saturday, July 22, 2017 10:53 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    What is the FQDN of the farm? (you can see it on the output of Get-ADFSProperties)

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Monday, July 24, 2017 7:37 PM