locked
AD FS Proxy Server Locates Federation Server only at old IP address RRS feed

  • Question

  • Greetings,

    This weekend we migrated our Server 2012R2 federation servers (an AD FS server and a AD FS Proxy) to a new virtual server infrastructure and network. This required a re-IP'ing of both the internal and external addresses. We've made the changes in DNS (internal and on the internet) and everything seemed to be working (that is, users could get mail from our Office 365 email service, access SharePoint, etc.). A day later (today) my proxy server can't connect to the federation server. Error ID 422 "Unable to retrieve proxy configuration data". In the eventlog message I see that it's trying to reach the federation server at the old IP address. Yet when I do an nslookup from the server and the proxy, both lookups resolve to the new IP. It's only the proxy server which seems to try to locate the service there. And naturally the Web Application Proxy Service fails to start. I've confirmed the necessary ports are open (443) between the proxy and the federation server. And a wireshark capture shows the proxy still attempting to reach the federation server at it's old IP address. Both machines have been rebooted at least a few times since the migration.

    I've tried to re-establish the connection to the federation server using the Install-WebApplicationProxy cmdlet, which fails with "an error occurred while attempting to establish a trust relationship with the federation service. Error: unable to connect to remote server".

    Does anyone have any suggestions?

    Thanks in advance...


    • Edited by Andy Goldin Saturday, February 2, 2019 9:48 PM Updated withe rror msg
    Saturday, February 2, 2019 9:44 PM

Answers

  • Issue was caused by an outdated host record (%windir%\system32\drivers\etc) for the federation server. Previous server admin set up a static host file because he was concerned about name resolution. That is no longer an issue. I commented out the record in the host file and used the Install-WebApplicationProxy command to re-initialize communication between the two servers. Problem solved.
    • Marked as answer by Andy Goldin Sunday, February 3, 2019 2:16 AM
    Sunday, February 3, 2019 2:16 AM