I am trying to setup ADFS authentication for a website(https://applicationname.com/) currently working in passthrough using a web application proxy server.
The ADFS site itself is currently published on the WAP in passthrough mode but when I attempt to load https://adfs.domainname.com/adfs/ls/ from an external PC I get an ERR_CONNECTION_CLOSED error in the browser.
Loading https://adfs.domainname.com/adfs/ls/ from a PC within my corp network, or from the WAP itself works perfectly fine.
When I try loading https://applicationname.com/ from a PC external to my corporate network, the request hits the WAP which then redirects the browser session to https://adfs.domainname.com/adfs/ls/ for authentication and again produces an ERR_CONNECTION_CLOSED error.
I have multiple other applications in passthrough mode on the WAP, all of which are still working.
Checking my Firewall logs shows that external traffic to https://adfs.domainname.com/adfs/ls/ is being passed through to the WAP which is in a DMZ however I it is never passed back to the firewall to be transferred to the CORP network, there is no deny entry in the logs indicating it has hit the firewall again at all. For the working published sites and when loading https://adfs.domainname.com/adfs/ls/ locally on the WAP, I can see the 443 request hitting the firewall and being moved from the DMZ to the CORP network.
I have also noticed when trying to load https://adfs.domainname.com/adfs/ls/ nothing shows up in the web application proxy session log in event viewer at all. When loading the working applications, several events show up for each request.
My first thought was an issue with the Windows Firewall on the WP server, but disabling the FW entirely shows the same results.
I tried deleting and re-publishing the adfs application and got the following error:
Web Application Proxy could not bind the SSL server certificate.
Error: Cannot create a file when that file already exists.
(0x800700b7)
All other configuration settings were applied.
Details:
Certificate thumbprint: XXXXXXXXXXXXXXXXXXXXXXXXXXX
Host name: adfs.domainname.com
Is this something to do with the published adfs application and the adfs farm sharing the same FQDN? My understanding was that publishing the application under another domainname will caused issues with ADFS.