Testing AD FS Signon Page – An Error Occurred

There are many causes for receiving errors when signing onto AD FS.  However some are more genuine than others.  This is a quick tip to check that you are on the right track before diving into the details and potentially spending time troubleshooting when in fact nothing is wrong.  Just lately, for some reason I’m…

2

Load Balancing AD FS Services In Azure RM

As mentioned in this blog’s previous posts on deploying AD FS, one option is to deploy all or part of the AD FS solution in Azure.  This is very valuable if there is insufficient capacity on-premises or if you only have a single datacentre and wish to increase resiliency. Deploying the AD FS solution or…

0

Change AD FS 2012 R2 Service Account Password

One of the added features in AD FS 2012 R2 was the ability to leverage group managed service accounts (gMSA) which obviated the requirement to manually change the password associated with the service account.  See Getting Started with Group Managed Service Accounts for some background on gMSA.  You may also see the term sMSA which…

0

Web Application Proxy Service Not Starting Due to Malformed Configuration File

The below Web Application Proxy (WAP) server had an unexpected issue.  When the machine came back up, it had lost the configuration to allow it to communicate to the AD FS farm.  This is not specifically an VM/Hyper-V/Azure issue, it is more of a WAP issue. Fixing the issue is straight forward, though let’s take…

1

Updating Windows Server 2012 R2 AD FS SSL and Service Certificates

Active Directory Federation Services (AD FS) heavily leverages X.509 certificates to allow the solution to function securely.  As with all of the other certificates that you deploy within your enterprise, there must be a process to manage and renew certificates prior to them expiring.  If a certificate expires this can be summarised quite simply as…

1

AD FS 2012 R2 Web Application Proxy – Re-Establish Proxy Trust

In the Tailspintoys environment, the administrator (moi) was a bit slack.  They let the AD FS 2012 R2 proxy get into a bad state.  The AD FS Proxy was not contacting the AD FS server on the internal network, and this allowed the short lived authentication certificate to expire.  At this point the AD FS…

33

AD FS 2012 R2 – An Error Occurs When BadPwdCount Not Set

AD FS 2012 R2 provides an interesting feature called Extranet Lockout Protection, where the intent is to protect AD accounts from malicious lockout from external access attempts.  Previous versions of AD FS had no native mechanism to protect AD from such hammering attempts.  For details on the feature please review this post.   One issue that…

4

How To Request Certificate Without Using IIS or Exchange

The blog post on how to integrate Office 365 with Windows 2012 R2 AD FS raised an interesting question from a reader (Hi Eric!) on how should he request a certificate for the AD FS instance since there is no longer an IIS dependency.  This means that there is no longer an IIS console to…

12

Enabling AD FS 2012 R2 Extranet Lockout Protection

Security is an integral aspect of running modern IT operations.  There is a clear understanding that we need to protect our IT assets, company data and personal identifiable information.  So when we discuss a migration to Office 365, security is an inevitable topic.  One aspect that we need to discuss is around account lockout, and…

46

How To Install AD FS 2012 R2 For Office 365–Part 3

Well then, here we are in part three already!  Previously we: Installed AD FS 2012 R2 For Office 365 in part 1 Installed AD FS 2012 R2 Proxy For Office 365 in Part 2 Now we want to change the Office 365 domain to be a federated domain.  As discussed in part 1, this means…

39