This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 80%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHH%3C/text%3E%3C/svg%3E)
Hello,
I'm migrating our ADFS server from Windows Server 2012 R2 to Windows Server 2019.
I managed to add the new server to the farm and to get it to work, but I'm getting some trouble while accessing the /adfs/ls/Idpinitiatedsignon.aspx page.
The ADFS farm name is adfs1.company.com, access to the URL https://adfs1.company.com/adfs/ls/Idpinitiatedsignon.aspx is working fine, however we need access through https://adfs2.company.com/adfs/ls/Idpinitiatedsignon.aspx URL as well for specific reasons.
The issue I'm facing is that the new server is throwing a HTTP 400 error whenever I try access through adfs2.company.com, and after deeper digging I found that it also throws the same error when I try accessing the URL using the server's IP address instead of the DNS name.
I tried changing netsh http bindings (added a new bind for 0.0.0.0:443) but it doesn't seem to help.
The ADFS URL "/adfs/ls/Idpinitiatedsignon.aspx" is only responding if accessed via localhost, hostname FQDN, or the FQDN of the ADFS farm, otherwise it throws the HTTP error 400.
The weird thing about this is that the old server is responding to all the requests using the ADFS2 alias, server's IP address and even when using 127.0.0.1 when accessing the webpage internally, and never throwing the HTTP 400 error.
I did a side-by-side comparison between configurations of both old and new servers and the config is matching.
Any help would be appreciated. I'm pretty sure it's a missing config in the HTTP service but I can't point my finger to the issue.
Thank you.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 56.00000000000001%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBJ%3C/text%3E%3C/svg%3E)
Hello, Any news ? I have the same problem on Windows Server 2022 if you have any news ;)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 51%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMB%3C/text%3E%3C/svg%3E)
I have the same problem on Windows 2022, is there any workaround if there isn't a solution ?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 75%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
I have the same problem in Windows 2019. However, it work in Windows Server 2016.
The page is disabled by default starting AD FS on Windows Server 2016.
You can enable it with the following command:
Set-ADFSProperties -EnableIdPInitiatedSignonPage:$True
Note that the reason it is disable is because it allows anyone to see the list of SAML-2 enable relying party trust you have in your farm. IDP initiated signin are kinda old school. Do you still have apps requiring it?
Also, you can consider using Azure AD (Entra ID) to publish your application, then no AD FS issues anymore :)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 97%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
No, idpinitiated page is already enabled.
I can see unexpected exception in the trace log of ADFS i.e. the request URL doesnt match the ADFS Hostname.
So question is from where I can disable this check?
That might be an SNI issue then. You need to use the name of the AD FS farm when reaching any HTTPS endpoints of the service. You can change technically configure an SNI "fallback" entry, but that's not really the way to go if you control what you enter in the URL.
Error is after adding the SNI entry using the netsh command.
I am having the same issue. Is there any resolution?