We have a configuration with ADFS (3.0) setup across two Datacenters. We have two NLB clusters, each containing 2 ADFS servers, in each datacenter. We have one Proxy server operating in the DMZ at one datacenter, and are attempting to get a second Proxy server running at the second datacenter.
We have tried using a different local user account on the second Proxy server, no luck.
We have tried installing the Token-signing certificate from the ADFS farm, on the second Proxy server, no luck.
We just get an error message that says the account used does not have permissions.
The error message is: "An error occurred when attempting to establish a trust relationship with the federation service. Error: Unauthorized. Verify that the service account has administrative access on the target federation server."
We have attempted with an Enterprise Admin account, a Domain Admin account, and an account specifically placed in the local administrator group on the Master ADFS server.
We can see the request in the event log on the Master ADFS server, and it is listed as a successful login.