Hello,
Let me know if there is a better place to post this question...
I have a new install of ADFS that isn't working. I've been using the technet article labled "Checklist: Use AD FS to implement and manage single sign-on"as a guideline. I have gotten to the point where I have dual federation servers with the roles installed on dedicated servers, and NLB installed on each as well. As well, I'm using a wild card cert for my domain.
What is working... I can visit these pages locally on each server:
https://localhost/federationmetadata/2007-06/federationmetadata.xml https://localhost/adfs/ls/idpinitiatedsignon.htm
But, I cannot visit the same URL using the FQDN of my NLB cluster name (it is pingable):
https://adfs.myDomain.com/adfs/ls/idpinitiatedsignon.htm
I know my NLB is working properly, for example, I can RDP to each federation server (say "FED01.myDomain.com" and "FED02.myDomain.com"). And I can RDP to "ADFS.myDomain.com" - I get redirected to the primary. If in NLB I stop the primary, when I RDP to ADFS.myDomain.com again I get directed to the 2nd server. So thats good.
When I do I a packet capture from my PC to ADFS.myDomain.com (in the LAN), I see the HTTPS traffic going back and forth, but ultimately ending in a reset (I don't know how to full understand the communication shown in a packet capture)
16806 8.649136 10.26.151.150 10.26.100.106 TCP 54 https > 49632 [RST, ACK] Seq=1 Ack=127 Win=0 Len=0
(server = 10.26.151.150, PC 10.26.100.106)
Any tips on troubleshooting?