Can log into ADFS internally but not externally

Brandon Fogliano 136 Reputation points
2022-05-31T20:06:49.043+00:00

Hi Everyone,

I have an ADFS server built internal to my environment, it federates to a SaaS platform that we use for CRM. When on internal do our domain the federation works fine, but when outside of the domain there is no response from the server. Interestingly, when outside of the domain I can ping both the IP and the DNS name of the ADFS server and I can telnet to the server on 443 and 80. But when I try to access the URL to the SaaS or to our DNS name it times out. We do not use a DMZ and internally I modify the hosts file on each machine so that they don't try to resolve externally first. Any thoughts here.

Thanks,

Brandon

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,292 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Mark Morowczynski 251 Reputation points Microsoft Employee
    2023-01-22T14:43:39.8333333+00:00

  2. Sreejith Reghunathan Pillai 20 Reputation points
    2023-01-31T13:57:59.4333333+00:00

    First, I would suggest running a packet capture from the internal network and from the external network to see if there is a difference in the traffic being sent. This will help you identify if there is a firewall rule or routing issue that may be preventing the traffic from reaching the ADFS server. If there is no difference in the traffic, then it could be an issue with the ADFS server itself. I would suggest checking the event logs on the ADFS server to see if there are any errors that could be related to the issue. Additionally, you may want to check to make sure that the SSL certificate is configured correctly and that the DNS entries for the ADFS server are properly configured.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.