This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 0%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDH%3C/text%3E%3C/svg%3E)
I'm getting this error when the WAP tries to connect to the ADFS server when installing the Certificate.
when I run get-Webapplicationproxyapplicaition command I get Web Application Proxy could not connect to the AD FS configuration storage and could not load the configuration Make sure that the Web Application Proxy server can connect to the AD FS server if not run Install-WebApplicationProxy.
Run Install-WebApplicaitionProxy get this error An error occurred when attempting to establish a trust relationship with the federation service. The underlying connection was closed. Could not establish a trust relationship. The WAP server can resolve the ADFS server.
How can I fix this issue?
ADFS 3 on server2012 R2. Yes I am using the FQDN of the farm
I did some endpoint tests to see if the WAP server could reach the endpoint, like the metadata. The thing I notice is it's saying the certificate has expired. When I look at the certificate on the WAP server, it tells me the certificate has expired or is valid. But it has not expired and is valid. When accessing the site on other computers on our network shows it's valid and not expired.
Oh, is that a duplicated post with https://learn.microsoft.com/en-us/answers/questions/749961/adfs-wap-connection-issue-to-adfs-server.html ? Well this one has slighly more information.
It could be an issue with the TLS crypto suite, with SNI, with firewall doing inspection etc... Hard to say for now.
What version of AD FS are you using?
Also, you need to use the FQDN of the farm to join the WAP (not the FQDN o the server). Are you doing that?
ADFS 3 on server2012 R2. Yes I am using the FQDN of the farm.
Then check the other points. Make sure they use the safe TLS/SSL cipher on both side: https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs make sure you enable SchUseStrongCrypto on both. Have disable the legacy stuff on both etc...
And make sure you can reach the revocation endpoints of your ADFS TLS certificates from your WAP Server.