locked
Re-deploy ADFS in parallel with existing deployment RRS feed

  • Question

  • Our ADFS server stops authenticating requests daily and the service must be restarted.  We would like to a deploy a new server that does not use the existing configuration.  We previously added a server to the existing farm and made it primary, but the same issue occurred - thus the desire to start over.

    Can we deploy a new ADFS server in parallel to the current server with identical service name, service account, etc..without affecting the current server?  For migrations I know this is the usual method, but since this is using the same version, I wanted to check.

    Thank you.



    Monday, January 16, 2017 3:08 PM

All replies

  • You can deploy a new AD FS server in parallel to the current server with identical service name, service account etc. BUT the token signing and encryption certificates for the new server will be different, meaning your relying parties will need to be setup again (you can export the P12 of the service communications certificate from your old server) .. only when you migrate DNS RRs to point to your new server will it be visible to clients.. What version of AD FS are you running btw? Depending on version, it may be possible to export the existing configuration...

    http://blog.auth360.net

    Tuesday, January 17, 2017 6:40 PM
  • Hi Mylo, thanks for responding.

    We're moving from 2012 R2 to 2012 R2 - no version change.  

    Tuesday, January 17, 2017 10:03 PM
  • Does the eventlog say anything special?
    How is the connection with the domain controllers?
    Are you using a regular user account or gMSA?

    Now when it seems that you have a ADFS-farm, have you tried to reinstall one of the servers?

    Monday, January 23, 2017 5:00 PM
  • What the status on this?

    If you have an issue adding a node to the farm, we should work on fixing the issue as opposed as deploying a parallel farm.

    Tell us more about the error message.


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Friday, February 3, 2017 12:30 AM