none
ADFS Web Application Proxy Event ID 224 & 394

    Question

  • I'm using ADFS as an enterprise login solution for ArcGIS portal. Internally, it's working perfectly.

    I set up a web application proxy server in the DMZ for authentication outside the local network. Login attempts there result in a 503 error. Looking at the event log on the WAP server, I see this:

    The federation server proxy configuration could not be updated with the latest configuration on the federation service. 
    
    Additional Data 
    Error:  
    Retrieval of proxy configuration data from the Federation Server using trust certificate with thumbprint '<thumbprint>' failed with status code 'InternalServerError'. 

    The thumbprint shown is for the ADFS ProxyTrust certificate.

    I'm also getting eventID 394:

    The federation server proxy could not renew its trust with the Federation Service.  
    
    Additional Data 
    Exception details: 
    An error occurred when attempting to establish a trust relationship with the federation service. Error: The underlying connection was closed: An unexpected error occurred on a send. 
    
    User Action 
    Ensure that the federation server proxy is trusted by the Federation Service. If the trust does not exist or has been revoked, establish a trust between the proxy and the Federation Service using the Federation Service Proxy Configuration Wizard by logging on to the proxy computer.

    I've attempted to reestablish a trust relationship w/ the install-webapplicationproxy commandlet, but if fails, just telling me "the underlying connection was closed: an unexpected error occurred on a send."

    Friday, February 8, 2019 2:47 PM

All replies

  • Hello Carl,

    On the WAP server, browse to the host file C:\Windows\System32\Drivers\etc\ and add the ip address of the adfs primary server with the corresponding fqdn of the federation service name. also make sure that port 443 is opened between your dmz an the adfs servers.

    Hope that helps,


    Isaac Oben MCITP:EA, MCSE,MCC <a href="https://www.mcpvirtualbusinesscard.com/VBCServer/4a046848-4b33-4a28-b254-e5b01e29693e/interactivecard"> View my MCP Certifications</a>

    Monday, February 11, 2019 6:22 AM
  • Thanks for the reply. I set both those when installing the system originally. Firewall logs are all clean, and it the WAP server resolves it properly. 
    Monday, February 11, 2019 6:24 PM