ADFS WAP Proxy – An error occurred when attempting to establish a trust relationship with the federation service.

Environment

  • Windows 2012 R2 server on the LAN with the Active Directory Federation Service Role installed
  • Windows 2012 R2 server in the DMZ with the Remote Access role and the Web Application Proxy (WAP) feature installed

Problem

Getting the following error running the Web Application Proxy Configuration Wizard

“An error occurred when attempting to establish a trust relationship with the federation service. Error:  The request was aborted:  Could not create SSL/TLS secure channel”

Event ID 393 was written to the event log read more

Can’t login to Office365 using Single Sign-On if UPN uses sub-domain

Scenario:

You have federated your domain with Office 365 to provide Single Sign-On for your users

Problem

Some or all of your users cannot sign into Office 365.  Users are presented with the following error:

SSO1

Looking closer at the description you see the following:

AADSTS50107: Requested federation realm object ‘http://subdomain.domain.com/adfs/services/trust/’ does not exist. read more

Azure AD Connect – How to verify password synchronization is working

If you have installed Azure AD Connect with Password Synchronization

  • (which you should even if you are using ADFS – see this blog for reason why)

ADConnectPasswordSync

And you have forced a Full Password Synchronization (e.g. by using a script as described here )

How do you verify if the Password Synchronization is working?

Open the application log in event viewer

  1.  Look for Event ID 656 “Password Change Request”

EventID656

2.  Look for Event ID 657 “Password Change Result: Success” read more

Azure AD Connect – PowerShell Script to trigger a full password sync

If you’re using the Azure AD Connect tool (or Azure AD Sync Service) to synchronize you’re on premise Active Directory with the Azure Active Directory, you can use this script from TechNet to trigger a full password synchronization

PasswordSynchronizationScript

You need to replace the following

  • fabrikam.com
  • aaddocteam.onmicrosoft.com – AAD

with the names of the connectors in your own environment.  This can be found in the Synchronization Service Manager (installed when you install Azure AD Connect) read more

Active Directory Federation Service (ADFS) Design Considerations and Deployment Options

Lately I have been working more and more with ADFS, mainly because of the Office 365 / Exchange Hybrid / Exchange Online deployments I have been doing.

So I thought I share my experiences, what I have learned and resources I’ve used.  In this blog post I’ll be covering the following:

  1. Overview of ADFS
  2. ADFS Deployment Steps
  3. ADFS Sizing
  4. Publishing ADFS externally (ADFS Proxy)
  5. High Availability
  6. Disaster Recovery
  7. ADFS Configuration Database – WID or SQL?
  8. Using ADFS for Conditional Access
  9. How to migrate ADFS from one server / farm to another
  10. Switching Office 365 Identity Model from Cloud Only to Federated (ADFS)
  11. ADFS Backup
  12. Troubleshooting ADFS
  13. What if ADFS can’t be recovered?

You can also download this full article from the Technet Gallery here read more