Hello @Patrick-350 , possibilities are that the Kemp (LB) is a culprit or the proxy trust is broken. Does it work when bypassing the Kemp from WAP to ADFS?
ADFS Migration 2016 => 2019 - new WAP servers not communicating with new ADFS servers
I have a problem with ADFS migration, especially the WAP servers are making problems.
ADFS-DB on SQL Server
2* Windows Server 2016 with ADFS role (LB with KEMP)
2* Windows Server 2016 with WAP role (LB with KEMP)
New (so far):
2* Windows Server 2019 with ADFS role (also in the ADFS farm, working fine)
2* Windows Server 2019 with WAP role (this is where the problem starts)
Initial WAP configuration was fine, when LB points internal still to 2016 ADFS servers.
The communication of the new Sever 2019 WAP servers is problematic as soon as I point the internal load balancer to the new 2019 ADFS servers. After one minute errors 224 and 394 occurs and I am also not able to reestablish the trust.
The federation server proxy configuration could not be updated with the latest configuration on the federation service.
Retrieval of proxy configuration data from the Federation Server using trust certificate with thumbprint '<thumbprint>' failed with status code 'InternalServerError'.
New WAPs against old ADFS servers = Working
Old WAPs against new ADFS servers = Working
New WAPs against new ADFS servers = Broken
Also tested it without KEMP LB, same results.
I searched a lot and found solutions pointing to primary ADFS server but in this environment we have SQL DB so in my understanding there is no primary ADFS server.
Any ideas? Any kind of hardening is not in place (SSL/TLS settings).
Sign in to comment
Sort by: Most helpful