When you use ADFS for Work Folders user authentication, the sync server needs to take the user token and validate against the AD FS server. If the two servers are not in the same site and the network traffic needs to go through a proxy server, you need to configure the sync server service to use the proxy configuration.

 

The sync server has a special service called SyncShareTTSvc that runs under the LocalSystem account. It is responsible for handling the token verification with the AD FS server. To enable the service communication channel in this case, you need to configure the proxy information for the Local system account.

 

This KB article http://support.microsoft.com/kb/819961 shows you how to configure proxy information for a particular user account - you need to configure the proxy information with the local system account whose security identifier (SID) is S-1-5-18.

 

More specifically, you will need to open regedit, and navigate to this key:

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings

 

And add the following information under the key:

"MigrateProxy"=dword:00000001

"ProxyEnable"=dword:00000001

"ProxyHttp1.1"=dword:00000000

"ProxyServer"="http://ProxyServername:<port>"

"ProxyOverride"="<local>"

where ProxyServername is the name of your proxy server.