Search This Blog

Saturday, July 4, 2015

Error: Unable to Establish a Trust between Proxy and Federation Service

During setup ADFS & Web Application Proxy, we encounter this error message “Unable to Establish a Trust Between Proxy and Federation Service”.

[ Setup Scenario]

Deploy ADFS 3.0 on Windows Server 2012 R2. Machine is domain joined. We have successful setup ADFS

Deploy Web Application Proxy on Windows Server 2012 R2. Machine is non domain join. Running in workgroup.

Use Azure AD Connect to configure federation

[ Resolution ]

  • Make sure enable powershell remoting on ADFS, Domain Controller, AD Connect Server and Web Application Proxy. To do, execute the following in elevated Powershell
Enable-PSRemoting
  • Create a record on Host File (C:\Windows\System32\driver\etc\Hosts and enter

- Web Application proxy ip and server name (on ADFS Server)

- ADFS ip and server name (on Web Application Server)

  • On ADFS Server, in elevated powershell session, enter
Set-Item Wsman:\localhost\Client\TrustedHosts –Value (web application proxy server name) –Force –Concatenate

connect1

  • Use Server Manager to add Web Application proxy into All Server. Remember to select DNS tab and add Web Application Proxy Server

connect2

  • After add, right click Web Application Proxy and select Manage As and enter credential.

Now you can proceed to use Azure AD Connect to add Web Application Proxy and complete the federation configuration.

connect4

3 comments: