Problem with WAP 2022 - ADFS 2022 communication

Richard Mlynka 21 Reputation points
2021-10-03T13:25:20.913+00:00

Hi,

I have working ADFS, WAP both on Windows server 2019.
I added ADFS, WAP both on Windows server 2022.

WAP 2019 is working with ADFS 2019 and also with ADFS 2022.
WAP 2022 is only working with ADFS 2019.

When trying to refresh ADFS configuration on WAP 2022 against ADFS 2022 I receive error:

Description:
The federation server proxy was not able to authenticate to the Federation Service.

User Action
Ensure that the proxy is trusted by the Federation Service. To do this, log on to the proxy computer with the host name that is identified in the certificate subject name and re-establish trust between the proxy and the Federation Service using the Install-WebApplicationProxy cmdlet.

Additional Data

Certificate details:

Subject Name:
<null>

Thumbprint:
<null>

NotBefore Time:
<null>

NotAfter Time:
<null>

Install-WebApplicationProxy is not helping. Certificate (wildcard) is the same on all servers - triple checked.

Anybody with working WAP 2022 against ADFS 2022?

Thank you
Richard

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,599 questions
Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,222 questions
0 comments No comments
{count} votes

Accepted answer
  1. Pierre Audonnet - MSFT 10,171 Reputation points Microsoft Employee
    2021-10-07T01:37:08.41+00:00

    Can you try to disable TLS1.3 on your WAP and or ADFS 2022 to test and try to repro?

    3 people found this answer helpful.

3 additional answers

Sort by: Most helpful
  1. Limitless Technology 39,501 Reputation points
    2021-10-06T09:06:21.157+00:00

    Hello RichardMlynka,

    From my experience 3 factors can produce the issue:
    a) the certificate thumbprint is not the same ( you have discarded this)
    b) the problematic WAP server has been more than 2 weeks disconnected from the environment, as the proxy trust certificate is a rolling certificate valid for 2 weeks and periodically updated. (being a new installation I would not suspect of it)
    c) for some reason the 2022 version is not able to properly update the registry key corresponding to proxy configuration

    In this case you can check the next key in the problematic server. Ensure that the value is set to 1, and then re-run the post-install config from the Management console.

    HKLM\Software\Microsoft\ADFS

    ProxyConfigurationStatus

    1 (not configured)
    2 (Web Application Proxy is configured)


    --If the reply is helpful, please Upvote and Accept as answer--

    1 person found this answer helpful.

  2. Sascha Bless 6 Reputation points
    2021-11-13T22:36:12.49+00:00

    Thank you very much! Works like a charm now.

    1 person found this answer helpful.
    0 comments No comments

  3. Chinmoy Joshi 6 Reputation points Microsoft Employee
    2022-04-12T11:26:26.63+00:00

    thanks @Pierre Audonnet - MSFT disabling the 1.3 tls on wap 2022 helped me as well. I'm using 2022 servers both for adfs and WAP.

    Cheers,
    Chinmoy

    1 person found this answer helpful.
    0 comments No comments