ADFS NLB with WAP NLB. Can't configure second WAP because it connects to secondary (read-only) ADFS server. RRS feed

  • Question

  • I've configured ADFS with NLB and a WID so the secondary ADFS server has a read only copy of the database.

    When adding my second WAP server in a NLB cluster, it fails to add with an error that an error occurred and the trust relationship failed.

    I've done troubleshooting and it looks like the second WAP is connecting to the second ADFS server which has a read only database.

    Removing the secondary ADFS server from the NLB results in success.

    Removing the primary ADFS server results in the same error.

    Changing the primary ADFS server to the second server results in success.

    Is this normal behavior?

    Will this cause problems in a month when the trust relationship is renewed?

    Thursday, June 20, 2019 10:58 PM

All replies

  • You can make it point to the primary to make the Install-WebApplicationProxy cmdlet faster. It should work either way but it might time out with the secondary (it is creating things in the primary database and then the database sync back etc...).

    This should not cause any issue ongoing as the certificates used for authentication with the WAP are renewed before they expired (making this timeout very improbable). 

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Friday, June 21, 2019 3:19 PM