hi,
up!
Any suggestion? Any reference documentation?
Thanks,
Jean-Luc
ADFS Site Resilience
Hi,
For a customer, we configured an ADFS farm, with 2 nodes, exposed the Interned with WAP.
On each site, we have one ADFS Server and one WAP.
We used DNS RoundRobin for federation services publication. We plan to use Load balancing.
Each WAP server can contact each ADFS server.
When the primary ADFS server is inaccessible, internal authentication works fine, but external authentication failed (through WAP).
How can I build High Availibility?
Thanks,
Jean-Luc
3 answers
Sort by: Most helpful
-
Jean-Luc Ch 176 Reputation points
2020-07-22T13:34:34.397+00:00 -
9704244848 186 Reputation points
2020-07-22T19:10:51.53+00:00 Hey,
How can I build High Availibility?
I think the problem is DNS Round Robin. Because it randomly reply on every request one ip address. But the dns protocol can not check, if the server or application behind the ip address ist online.
The only safe way for this is to implement a physikal or virtual load balancer in your enviroment. We setuped your szenario for few weeks with a high aviable Load Balancer. AD FS over WAP works in every failure scenario (eg. primary ad fs server ist down).
Regards
-
9704244848 186 Reputation points
2020-07-22T20:15:09.373+00:00 Look first in to the windows event log on the secondary AD FS server. Do you see entries from type error / warning at the timestamp you try the authentication?
Does the authentication work over the secondary inside your trusted network (LAN) without WAP? So we can differentiate whether ADFS or WAP is the problem.