locked
Change WAP different Farm RRS feed

  • Question

  • I'm testing moving a WAP to a different farm and can't seem to get it to work.

    I've attempted to remove the WAP service from the server and add it back and still have issues.  The wizard completes with error messages.  Mostly related to certs and http.sys.  I'm guessing there are entries in there for WAP.

    Does anyone have a procedure for rebuilding a WAP or do I need to reinstall the OS?


    David Jenkins

    Monday, July 29, 2019 3:25 PM

All replies

  • I'm thinking this is saying fresh install.

    https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/migrate-fed-server-proxy-r2

    If you want to configure AD FS in a Windows Server 2012 R2 migrated farm for extranet access, you must perform a fresh deployment of one or more Web Application Proxy computers as part of your AD FS infrastructure.


    David Jenkins

    Monday, July 29, 2019 3:27 PM
  • WAP servers do not store their config. They retrieve it from their ADFS farm. So you can just reconfigure the service (Install-WebApplicationProxy again but pointing to a different farm).

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Monday, July 29, 2019 5:37 PM
  • I’ve tried. It refuses to take the new settings.

    David Jenkins

    Monday, July 29, 2019 5:41 PM
  • Can you clarify what "Refuse" means in that context? Like error message? Event ID? etc...

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Tuesday, July 30, 2019 4:32 PM
  • In the lab I have two ADFS farms.  [adfs.lab.local] and [sts.lab.local]

    I have LABWAP01 joined to LABADFS01.[adfs.lab.local]
    I have LABWAP02 joined to LABADFS02.[sts.lab.local]

    I want to make LABWAP02 join the [adfs.lab.local] farm.

    I run the command.

    Install-WebApplicationProxy -FederationServiceTrustCredential $credentials -CertificateThumbprint '9812CC976479B0389B5C128895182572F237C472' -FederationServiceName 'adfs.lab.local'
    

    This is the error I find in event logs.

    AD FS proxy service failed to start a listener for the endpoint 'Endpoint details:
      Prefix : /.well-known/webfinger
      PortType : HttpsDevicePort
      ClientCertificateQueryMode : None
      CertificateValidation : None
      AuthenticationSchemes : Anonymous
      ServicePath : /.well-known/webfinger
      ServicePortType : HttpsDevicePort
      SupportsNtlm : False
    ' 
    Exceptiondetails: 
    System.Net.HttpListenerException (0x80004005): Access is denied
       at System.Net.HttpListener.AddAllPrefixes()
       at System.Net.HttpListener.Start()
       at Microsoft.IdentityServer.WebHost.HttpListenerBase.Start(UInt32 contextPoolSize)
       at Microsoft.IdentityServer.ProxyService.ProxyHttpListener.Start()
       at Microsoft.IdentityServer.ProxyService.EndpointManager.ApplyConfiguration(ProxyEndpointConfiguration proxyEndpointConfiguration) 
    
    User action: Ensure that no conflicting SSL bindings are configured for the specified endpoint.
    


    David Jenkins

    Tuesday, July 30, 2019 4:47 PM