This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 52%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
Hi,
I have working ADFS, WAP both on Windows server 2019.
I added ADFS, WAP both on Windows server 2022.
WAP 2019 is working with ADFS 2019 and also with ADFS 2022.
WAP 2022 is only working with ADFS 2019.
When trying to refresh ADFS configuration on WAP 2022 against ADFS 2022 I receive error:
Description:
The federation server proxy was not able to authenticate to the Federation Service.
User Action
Ensure that the proxy is trusted by the Federation Service. To do this, log on to the proxy computer with the host name that is identified in the certificate subject name and re-establish trust between the proxy and the Federation Service using the Install-WebApplicationProxy cmdlet.
Additional Data
Certificate details:
Subject Name:
<null>
Thumbprint:
<null>
NotBefore Time:
<null>
NotAfter Time:
<null>
Install-WebApplicationProxy is not helping. Certificate (wildcard) is the same on all servers - triple checked.
Anybody with working WAP 2022 against ADFS 2022?
Thank you
Richard
Can you try to disable TLS1.3 on your WAP and or ADFS 2022 to test and try to repro?
Hello piaudonn,
you nailed it.
Everything is working after disabling TLS1.3 for client on WAP2022.
I checked it back and forth. Enabled, disabled, enabled, disabled, ...
These are winning settings for WAP2022:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000
Only side effect (looks harmless to me) is event id 36871 in system eventlog during startup.
Thank you,
Richard
Cool, that was the suggestion of one of my colleague actaully. But I am glad it worked :)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 46%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFA%3C/text%3E%3C/svg%3E)
I ran into this issue myself when setting up a WAP server running on Windows Server 2022. Thank you for the fix!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 84%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Bonjour,
Je suis tombé sur votre solution suite à ma tentative d'installation d'un serveur wap 2022. Ma clé "Protocols" ne contient aucune information en aval. Malgré que j'ai créé ces clé cela ne marche pas...
Auriez vous fait autre chose?
Dans ce cas il ne s'agit pas du meme probleme. Je suggere de creer un nouveau post ou vous pouvez poster votre scenario.
Hello RichardMlynka,
From my experience 3 factors can produce the issue:
a) the certificate thumbprint is not the same ( you have discarded this)
b) the problematic WAP server has been more than 2 weeks disconnected from the environment, as the proxy trust certificate is a rolling certificate valid for 2 weeks and periodically updated. (being a new installation I would not suspect of it)
c) for some reason the 2022 version is not able to properly update the registry key corresponding to proxy configuration
In this case you can check the next key in the problematic server. Ensure that the value is set to 1, and then re-run the post-install config from the Management console.
HKLM\Software\Microsoft\ADFS
ProxyConfigurationStatus
1 (not configured)
2 (Web Application Proxy is configured)
--If the reply is helpful, please Upvote and Accept as answer--
Hello LimitlessTechnology,
a) checked, same
b) always online, only a few days old
c) as expected; install config doesn't finish - reason is probably TLS1.3 as noted by piaudonn below
Thank you,
Richard
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 85%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESB%3C/text%3E%3C/svg%3E)
Thank you very much! Works like a charm now.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 85%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECJ%3C/text%3E%3C/svg%3E)
thanks @Pierre Audonnet - MSFT disabling the 1.3 tls on wap 2022 helped me as well. I'm using 2022 servers both for adfs and WAP.
Cheers,
Chinmoy