{"id":1252,"date":"2017-05-11T10:29:55","date_gmt":"2017-05-11T08:29:55","guid":{"rendered":"http:\/\/svobodma.cz\/?p=1252"},"modified":"2018-06-15T09:28:50","modified_gmt":"2018-06-15T07:28:50","slug":"how-to-reconfigure-adfs-proxy-server","status":"publish","type":"post","link":"https:\/\/svobodma.cz\/?p=1252","title":{"rendered":"How to re-configure ADFS Proxy Server which reports problems"},"content":{"rendered":"

How fix the problem in the picture ?\u00a0 Affected server was\u00a0 Sxxxxxxx.<\/strong><\/p>\n

 <\/p>\n

Open up\u00a0Remote Access management console and You see\u00a0red. The red color is nice but in this case it means that something is wrong.<\/p>\n

\"1_LI\"<\/a><\/p>\n

 <\/p>\n

 <\/p>\n

We need to reset WAP configuration, in Registry we have to change value 2 = configured <\/strong>to the Value 1 = not configured<\/strong><\/p>\n

\"2\"<\/a><\/p>\n

 <\/p>\n

 <\/p>\n

Use powershell.exe<\/strong> – \u00a0Install-WebApplicationProxy -CertificateThumbprint \u201cxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\u201d -FederationServiceName \u201cxxxxxx.com\u201d <\/strong>(but it did not work for me same good as GUI for server ADFS 3.0 S2K12 R2 \ud83d\ude41 ….)<\/span><\/span><\/p>\n

or through console Remote Access management we configured WAP again. It requires name of ADFS service \u2013 xxxxxxxxxxx.com<\/strong>, usually service account – axxxxxx<\/strong>\u00a0 and choose the right certificate \u2013 \u00a0right ADFS certificate with name xxxxxxxxxxx.com<\/strong>. Although we did this, the service tried to use different, self-signed certificate , In ADFS event log we could see \u201eUnable to retrieve proxy configuration data from the Federation Service + thumbprint \u00a0of bad certificate not our ADFS certificate \u201c In mmc.exe we could see only the certificate for MS SCOM, xxxxxxxxxxx.com<\/strong> and some expirated self-signed certificates but we could not see the certificate with thumbprint found in event log. By Powershell \u00a0we could list it (example is below), we found bad certificate + others and we removed all certificates self-signed certificate.<\/p>\n

 <\/p>\n

Get-WebApplicationProxySslCertificate,\u00a0Get-ChildItem -Path cert:\\LocalMachine\\My | FL FriendlyName, Thumbprint, Subject, NotBefore, NotAfter<\/p>\n

\"3_LI\"<\/a><\/p>\n

 <\/p>\n

When we removed the self-signed certificates, we tried to complete the wizard again and it was success<\/p>\n

\"4_LI\"<\/a><\/p>\n

 <\/p>\n

 <\/p>\n

Now it is working well. Do not worry that we see server xxxxxx\u00a0twice, we could see it because in my case we configured WAP after the server has been configured with postfix (full computer name), because for MS SCOM monitoring it is require.<\/p>\n

 <\/p>\n

\"5_LI\"<\/a> \"6_LI\"<\/a><\/p>\n

 <\/p>\n

 <\/p>\n

The result of testing availability https:\/\/[name of your ADFS]\/adfs\/ls\/IdpInitiatedSignon.aspx<\/a> from internet. Tested from page – https:\/\/www.site24x7.com\/check-website-availability.html<\/a><\/p>\n

 <\/p>\n

\"7_LI\"<\/a><\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

How fix the problem in the picture ?\u00a0 Affected server was\u00a0 Sxxxxxxx.   Open up\u00a0Remote Access management console and You see\u00a0red. The red color is nice but in this case it means that something is wrong.     We need … Cel\u00fd p\u0159\u00edsp\u011bvek →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25],"tags":[],"class_list":["post-1252","post","type-post","status-publish","format-standard","hentry","category-adfs"],"_links":{"self":[{"href":"https:\/\/svobodma.cz\/index.php?rest_route=\/wp\/v2\/posts\/1252","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/svobodma.cz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/svobodma.cz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/svobodma.cz\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/svobodma.cz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1252"}],"version-history":[{"count":8,"href":"https:\/\/svobodma.cz\/index.php?rest_route=\/wp\/v2\/posts\/1252\/revisions"}],"predecessor-version":[{"id":1304,"href":"https:\/\/svobodma.cz\/index.php?rest_route=\/wp\/v2\/posts\/1252\/revisions\/1304"}],"wp:attachment":[{"href":"https:\/\/svobodma.cz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1252"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/svobodma.cz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1252"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/svobodma.cz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1252"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}