We rely on AD FS to perform authentication for Office 365.
To guard against local network outages we built an ADFS stack in Azure that includes load balanced edge servers, load balanced ADFS hosts and a domain controller (full DC, *not* a RODC).
We experienced a network outage to our corporate data canter and expected the Azure installation to handle authentication. The Azure based servers were unable to perform the authentication returning an event 342, "There are currently no logon servers available to service the logon request."
It appears that the ADFS hosts were not using the local domain controller and were attempting to authenticate with a domain controller at corporate which was unreachable due to the network outage. When the network service was restore these hosts were able to authenticate.
How do I configure these ADFS hosts to use the Domain Controller on their subnet?
We have set AD up so that the Azure site and servers are on their own "site".
I checked %logonserver% on the adfs hosts and each pointed to the local DC, not one at corporate.
TIA for any help!