question

Patrick-2449 avatar image
0 Votes"
Patrick-2449 asked MarileeTurscak-MSFT commented

Azure AD Connect - Failed to Connect to the Primary AD FS Server

Trying to set up Azure AD connect with my home lab AD FS....i have a WAP set up and can sign into my ADFS server with a domain account from the internet...so im sure the WAP and Federation Server are configured properly...the WAP is running on a child domain controller in a vmware vm on one machine...the ADFS server is setup on the root forest domain controller on another machine...not sure if its a port forwarding issue, i did run the Diagnostics Analyzer and all it came up with is that the time is not synced between WAP and FS server, which is incorrect. - apologies if this seems vague...but i've done so much i dont know where to start.

azure-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MarileeTurscak-MSFT avatar image
1 Vote"
MarileeTurscak-MSFT answered

If you are seeing issues with time differences, you can run:

Set-ADFSRelyingPartyTrust -TargetName <trustname> -NotBeforeSkew <time_in_minutes>

https://docs.microsoft.com/en-us/powershell/module/adfs/set-adfsrelyingpartytrust?view=win10-ps

Have you checked the troubleshooting guide for this error?

https://support.microsoft.com/en-us/help/3018485/failed-to-connect-to-active-directory-federation-services-2-0-on-the-l

PROBLEM

When you run the Convert-MsolDomainToStandard cmdlet to convert a domain from federated to managed, you receive the following error message:

Failed to connect to Active Directory Federation Services 2.0 on the local machine.
Please try running Set-MsolADFSContect before running this command again.

CAUSE

This problem occurs if the server on which you're running the Convert-MsolDomainToStandard cmdlet is not running Active Directory Federation Services (AD FS).

SOLUTION

Do one of the following, as appropriate for your situation:
If AD FS is still running, use the Set-MsolADFSContext cmdlet to specify the server on which AD FS is running.

For example:

 Set-MsolADFSContext –Computer <ServerName>  

For more information about the Set-MsolADFSContext cmdlet, see Set-MsolADFSContext.
If AD FS is not running, use the Set-MsolDomainAuthentication cmdlet to change the domain to a managed domain.

For example:

 Set-MsolDomainAuthentication -DomainName <DomainName> -Authentication Managed

For more info about the Set-MsolDomainAuthentication cmdlet, see Set-MsolDomainAuthentication.



Also, make sure the file and print sharing is open and the VMs can ping each other.








5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Patrick-2449 avatar image
1 Vote"
Patrick-2449 answered MarileeTurscak-MSFT commented

Hello Marilee,

Thank you for your reply, I switched to pass-through authentication and it seems to be working fine. My AD users are able to login to myapps.microsoft.com with domain creds, which is what i was shooting for. i will definitely try your suggestions next time i decide to use ADFS and run into the same problem.

Regards

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@Patrick-2449 Thanks for following up! Glad pass-through authentication worked out fine.

0 Votes 0 ·