locked
Exchange 2013 with ADFS RRS feed

  • Question

  • Hello

    I have exchange 2013, it was working fine, from internal and external network, I installed AD FS and now I can't access owa from external network, I added A record that points on adfs, what should I miss?


    Shota Tadumadze

    Thursday, September 8, 2016 7:15 AM

Answers

  • hi there

    that might be why as you cannot get to your ADFS login page. yes you can try the forwarding and see if it works.


    Microsoft PFE

    Thursday, September 8, 2016 9:53 AM
  • Hi,

    Correctly, since all client authentication against ADFS, we need publish it or use port forwarding as you mentioned above.

    Please also note install IIS in ADFS, import correctly certificate and binding 443 port.
    More details about it, for your reference: https://blogs.technet.microsoft.com/platformspfe/2014/03/12/configuring-exchange-2013-sp1-to-accept-ad-fs-claims/


    Allen Wang
    TechNet Community Support


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Allen_WangJF Monday, September 19, 2016 2:26 PM
    • Marked as answer by shototadumadze Tuesday, September 20, 2016 12:13 PM
    Friday, September 9, 2016 10:08 AM
  • Hi,

    Do you have firewall between ADFS(Exchange) and Internet?

    You can use port forward 443 from Internet to ADFS or from external interface on the firewall to ADFS, its base on your expectation and the latter is recommend.


    Allen Wang
    TechNet Community Support


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Allen_WangJF Monday, September 19, 2016 2:26 PM
    • Marked as answer by shototadumadze Tuesday, September 20, 2016 12:13 PM
    Tuesday, September 13, 2016 2:58 AM

All replies

  • Hi

    Did you create you url in your web application proxy to use your owa url and use ADFS authentication? can you access your ADFS login page from external?


    Microsoft PFE

    Thursday, September 8, 2016 8:33 AM
  • Hello edward,

    I'm, running exchange in test environment, I didn't install WAP, I used this blog for ADFS, there is written that WAP is optional, I'm using port forwarding, port 443 is forwarded to exchange and problem is that  I can't access adfs login page, should I forward port 443 to ADFS?

    https://technet.microsoft.com/en-us/library/dn635116%28v=exchg.150%29.aspx?f=255&MSPPError=-2147217396


    Shota Tadumadze

    Thursday, September 8, 2016 9:49 AM
  • hi there

    that might be why as you cannot get to your ADFS login page. yes you can try the forwarding and see if it works.


    Microsoft PFE

    Thursday, September 8, 2016 9:53 AM
  • Hi,

    Correctly, since all client authentication against ADFS, we need publish it or use port forwarding as you mentioned above.

    Please also note install IIS in ADFS, import correctly certificate and binding 443 port.
    More details about it, for your reference: https://blogs.technet.microsoft.com/platformspfe/2014/03/12/configuring-exchange-2013-sp1-to-accept-ad-fs-claims/


    Allen Wang
    TechNet Community Support


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Allen_WangJF Monday, September 19, 2016 2:26 PM
    • Marked as answer by shototadumadze Tuesday, September 20, 2016 12:13 PM
    Friday, September 9, 2016 10:08 AM
  • Hello

    what does mean "since all client authentication against ADFS" ? port forwarding either to AD FS or Exchange server doesn't work, IIS is installed and bindings are ok, also I set owa/ecp virtualdirectory internal and external AuthenticationMethods to adfs, AD FS is installed on DC, adfs is resolveble from external network, any other thoughts


    Shota Tadumadze

    Friday, September 9, 2016 11:38 AM
  • Hi,

    Do you have firewall between ADFS(Exchange) and Internet?

    You can use port forward 443 from Internet to ADFS or from external interface on the firewall to ADFS, its base on your expectation and the latter is recommend.


    Allen Wang
    TechNet Community Support


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Allen_WangJF Monday, September 19, 2016 2:26 PM
    • Marked as answer by shototadumadze Tuesday, September 20, 2016 12:13 PM
    Tuesday, September 13, 2016 2:58 AM