Hello all,
I've implemented an ADFS server at our organisation and the primary usage of this server is to authenticate users of our organisation whenever internet access is requested via our internet scanning server provider.
Our internet scanning service (zscaler) uses SAML to authenticate users. When a user makes a query, zscaler checks for a SAML token, if it doesn't find one it directs users to my box which then uses windows authentication to provide them with authentication against active directory. This token is then provided back to zscaler and access is granted.
The whole system is working great, EXCEPT I cannot get internet access on the ADFS box itself. When I log on as an administrator domain account (which works on every other box) and attempt to browse internet, it redirects me back to the ADFS box (itself) and pops up an authentication prompt. Correct credentials do nothing and after 5 or so tries I get and access declined/wrong password and a 401.1 error from the ADFS page.
I've configured failed tracing on the IIS box and only come back with
and this just generally tells me that windows authentication is failing for this one user account.
I assume this is perhaps doing something with kerberos instead of NTLM authentication or something, but at this point I'm lost and need help! Windows updates are also failing on this box due to the issue.
