Let me know if there is a better place to post this question...
I have a new install of ADFS that isn't working. I've been using the technet article labled "Checklist: Use AD FS to implement and manage single sign-on" as a guideline. I have gotten to the point where I have dual federation servers with the roles installed on dedicated servers, and NLB installed on each as well. As well, I'm using a wild card cert for my domain.
What is working... I can visit these pages locally on each server:
But, I cannot visit the same URL using the FQDN of my NLB cluster name (it is pingable):
I know my NLB is working properly, for example, I can RDP to each federation server (say "FED01.myDomain.com" and "FED02.myDomain.com"). And I can RDP to "ADFS.myDomain.com" - I get redirected to the primary. If in NLB I stop the primary, when I RDP to ADFS.myDomain.com again I get directed to the 2nd server. So thats good.
When I do I a packet capture from my PC to ADFS.myDomain.com (in the LAN), I see the HTTPS traffic going back and forth, but ultimately ending in a reset (I don't know how to full understand the communication shown in a packet capture)
16806 8.649136 10.26.151.150 10.26.100.106 TCP 54 https > 49632 [RST, ACK] Seq=1 Ack=127 Win=0 Len=0
(server = 10.26.151.150, PC 10.26.100.106)
Any tips on troubleshooting?
In addition, would you please tell us that what’s the error message when you fail to access the URL using the FQDN of your NLB cluster name?
I assume that you have installed NLB feature before you install ADFS on the server, right? If not, then you need to install NLB before ADFS.
Please also make sure that each web server points to the same Federation Service URL.
Here are some references below I suggest you refer to:
Office 365 and ADFS…Active Directory Federation Service Installation
When to create an ADFS-enabled Web server farm
Sequence to setup ADFS farm and NLB (Windows 2008 R2)
Thanks for the response. In regards to the order of install, I followed the article above in my original post as per Microsoft's recommendation.
IE Error:"this page can't be displayed
Chrome:"Oops! Google Chrome could not connect to adfs.myDomain.com
I forgot to mention these are Win2012 R2 servers, not 'web servers' as you mentioned above.
I'll check out those links for any possible tips.
If the issue persists, I suggest you also refer to the following forum to get professional support:
Claims based access platform (CBA), code-named Geneva Forum