Share via

AD FS Logon Page Graphics

Two Planker 111 Reputation points
2021-10-13T20:20:22.99+00:00

Greetings,

I've deployed an AD FS server successfully in an isolated environment (no Internet). When I get to the AD FS logon page, there are no graphics, just text and related fields. I'm not having any luck finding a resolution. The system works properly otherwise.

Has anyone experienced this?

Thanks,

Chris

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,410 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,430 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,101 questions
0 comments
Accepted answer
  1. Two Planker 111 Reputation points
    2021-11-16T17:07:03.313+00:00

    Sikumars,

    after breaking and troubleshooting ADFS after a backup, uninstall, re-install and restore, I have found a workaround here:

    https://social.technet.microsoft.com/Forums/Lync/en-US/2df3ef95-b0e1-4a89-96ce-3fd4edd7a7f9/failed-to-start-endpoint-https49443adfsportal?forum=ADFS

    I've added my Group Managed Service Account to the local admins group and now the graphics on the logon page appear. I've also tried the "fix" described by one of the users yet it does not work. Only adding the gmsa to the admins group allows the site to present normally.

    I may not be applying the fix properly as I don't quite understand all that he is referring to. I tried modifying the url acl permission for https://+:443/adfs by deleting the existing perms for User: NT SERVICE\adfssrv and adding my gmsa service account yet there was no change after restarting services.

    Does this make sense to you?

    I apologize if I don't reply to any responses as I'm leaving town for about a week.

    Thanks for the help,

    TP

    1 person found this answer helpful.

10 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Two Planker 111 Reputation points
    2021-10-27T13:16:25.123+00:00

    Thanks vipulsparsh-MSFT,
    I'm referring to out-of-the-box default theme or otherwise. Currently targeting the default theme. I'm assuming it should resemble one of the attached. Ran the command as requested with no change. 144233-adfsdefault.png144251-adfsdefault2.png

  2. Two Planker 111 Reputation points
    2021-11-04T16:25:35.257+00:00

    Update,
    Using browser development tools, I'm finding that any content at the location "https://<adfsservername>.domain/adfs/portal/..." can't be found and each item returns "503 service unavailable". My understanding is that the source of the adfs pages is in http.sys. I'm told there is no physical directory for the site. Content located at "https://<adfsservername>.domain/adfs/ls/..." is, however, returned successfully by the browser.

    How do I resolve this?

    Thanks,

    TP

    0 comments
  3. Siva-kumar-selvaraj 15,576 Reputation points
    2021-11-15T16:32:53.237+00:00

    Hello @Two Planker ,

    I have been working on this thread with Vipul to replicate a few instances in my lab, and I would like to double-check the following points to ensure you observe something similar in your ADFS environment.

    As you mentioned ADFS endpoints are built on http.sys engine, so there's no physical directory. To isolate the issue, try to restarting the ADFS service to ensure you see success event shown below for the https://+:443/adfs/portal/ endpoint.

    149299-image.png

    If you see success, then try accessing below /adfs/portal/ endpoint on the ADFS server to ensure the "illustration" image and style.css file are displayed on browser.

    https://<adfsservername>.domain/adfs/portal/illustration/illustration.png
    https://<adfsservername>.domain/adfs/portal/css/style.css

    If you receive "HTTP 503 - The service is unavailable", then use localhost instead of <adfsservername>.domain name in the URL as shown below, by this way to ensure ADFS requests are served by same. When using localhost, you may receive a certificate warning, as shown below, but if you ignore the warning, the illustration image should load successfully.

    https://localhost/adfs/portal/illustration/illustration.png
    https://localhost/adfs/portal/css/style.css

    149481-image.png

    For example, if you have more than one ADFS instance in the farm, there is a chance that a request will be routed to any instance in the farm when you have a load balancer in place so to isolate the issue, try adding the IP address of a federation server to the hosts file as explained here and try reproducing the issue after restarting ADFS service and share screenshot of ADFS page outcome.

    Hope this helps.

    149430-image.png

    ------
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments
  4. Two Planker 111 Reputation points
    2021-11-15T19:45:00.837+00:00

    Thanks Sikumars,

    when I restart the AD FS services, I get no entries of any kind in that log although it appears such an entry was logged when the feature was first enabled. Also, when I try to access the two URL's, whether using the IP or localhost, I get the 503 service unavailable error. Note the deployment consists of only one server.

    TP