Working with an Office 365 tenant where the authentication was configured with on-prem ADFS servers and all users were getting the following error:
The event logs showed the following two errors:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
Source: AD FS Date: 4/23/2018 10:49:13 AM Event ID: 276 Task Category: None Level: Error Keywords: AD FS Description: The federation server proxy was not able to authenticate to the Federation Service. User Action Ensure that the proxy is trusted by the Federation Service. To do this, log on to the proxy computer with the host name that is identified in the certificate subject name and re-establish trust between the proxy and the Federation Service using the Install-WebApplicationProxy cmdlet. |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
Source: AD FS Date: 4/23/2018 10:49:33 AM Event ID: 422 Task Category: None Level: Error Keywords: AD FS User: NETWORK SERVICE Description: Unable to retrieve proxy configuration data from the Federation Service. Additional Data Trust Certificate Thumbprint: 0ED6xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Status Code: Unauthorized |
To correct the certificate issue I ran the following:
|
1 |
Install-WebApplicationProxy -CertificateThumbprint de49xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx -FederationServiceName sts.<domainname.com> |
The event logs now showed:
|
1 2 3 4 5 6 7 8 9 |
Log Name: AD FS/Admin Source: AD FS Date: 4/23/2018 11:24:08 AM Event ID: 391 Task Category: None Level: Information Keywords: AD FS Description: The federation server proxy was able to successfully establish a trust with the Federation Service. |
The WAP server is now showing healthy:
