Hi,
We have a configuration with 2 ADFS 3.0 servers configured in NLB + 2 external ADFS Proxies (WAP) also in NLB.
When we try to configure the second ADFS Proxy using PowerShell we receive the folioing error:
"
Install-WebApplicationProxy : An error occurred when attempting to establish a trust relationship with the federation
service. Error: Unauthorized. Verify that the service account has administrative access on the target Federation
Server.
At line:1 char:1
+ Install-WebApplicationProxy -CertificateThumbprint xxxxxxxxxxxxxxxxxx ...+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Install-WebApplicationProxy], ProxyTrustException
+ FullyQualifiedErrorId : DeploymentTask,Microsoft.IdentityServer.Management.Proxy.Commands.InstallProxyCommand
"
The powershell command is:
Install-WebApplicationProxy -CertificateThumbprint xxxxxxxxxx -FederationServiceName sts.xxxxxxx.com
The credentials that we enter are 100% valid, domain admin account.
Also the certificate thumbprint is valid, the certificate itself is also compliant, generated using Verisign services.
Everytime we enter the command specified above, ADFS Proxy generates a self signed certificate, using SubjectName = <computername>.
We found that a workaround will be to add in hosts file the FederationServiceName sts.xxxxxxx.com to point to ADFS1 server IP.
After couple of days of investigating, we did't find any solution for our problem.
We tried:
Checking the certificates on ADFS and ADFS proxies (nets http show sslcert) and matching the results with: http://blogs.technet.com/b/applicationproxyblog/archive/2014/05/28/understanding-and-fixing-proxy-trust-ctl-issues-with-ad-fs-2012-r2-and-web-application-proxy.aspx
Everything looks perfect.
Reinstalling ADFS, WAP.
Please help.
Regards,
Andrei