1,204 questions with Active Directory Federation Services tags
windows hello for business On-Premises deployment error event
I try to deploy the on-prem HfB. We are running at domain function level of 2012R2. The single AD FS server runs 2019. I followed exactly the microsoft guide. But when I start my domain PC, the enroll process never happen. Here is the event 1021 messge…
Issue connecting Azure Windows Server VM to Blob Storage File Share
I am having trouble connecting my Azure Windows Server VM to a Blob Storage File Share, where 25 users have been assigned permission. I have been troubleshooting this issue for the past 5 days and cannot seem to resolve it. Can anyone help me with this…
Password hash synchronization is not working
I am switching from ADFS authentication to Password Hash Synchronization. I have enable the PHS successfully on AAD Connect sync and it was successful. I have changed the authentication method to PHS. However, when I tried to login to M365 portal, I get…
Configure federation between Google Workspace and Microsoft Entra ID error AADSTS51004
Hello, After follow the steps of this guide https://learn.microsoft.com/en-us/education/windows/configure-aad-google-trust I'm testing the login. I am getting the redirect to google when try to sign in but after that I get this error: Request Id:…
ADFS integration with AWS loadbalancers
Hi, i am trying to integrate ADFS server behind AWS load balancers. Proxy server behind application load balancer and ADFs farm server behind network load balancer however i am getting a 502 bad gateway error. Any suggestions?
Azure hybrid domain join
Hi, If I enable azure hybrid azure AD join from configuration device tasks in AD connector, does the end user of these existing AD only domain joined machines experience any prompts/ issues? Thanks
Azure connector
Hi, my org has set a service account up for using azure connector, it has now come to light that the password is no where to be seen. if this password is reset, is it a case that ad sync is stopped until the new password is updated in sync settings? It…
How to check if any application uses the IDP-initiated login endpoint in ADFS
Hello everyone, for security reasons, I want to disable the https://domain.com/adfs/ls/idpinitiatedsignon.aspx endpoint in the ADFS proxy servers. However, I need to make sure that no application is using IDP-initiated logins from the external network…
Failed to create AzureadKerberos (Cloud Kerberos Trust)
We are trying to establish cloud Kerberos trust to enable WHFB in our environment. However, it is giving below error. It gives error at command Set-AzureADKerberosServer. Any advise and suggestion will be highly appreciated. We have followed below…
Azure Active Directory (AAD) authentication or aad B2C authentication within a PHP application
My PHP application, which is built on WordPress, currently utilizes WordPress AAD authentication with client ID and client secrets. However, I am looking to discontinue the use of client secrets. Presently, I am using the functionality available on…
Work Folders with AD FS and Web Application Proxy (WAP) - ERROR-ID 0x80072efe
DC, WF, ADFS, WAP - Win Std. 2022 The configuration does not work with an MS WAP. --> https://learn.microsoft.com/en-us/windows-server/storage/work-folders/deploy-work-folders-adfs-overview I get the following error after successfully logging in. It…
Work Folders with AD FS and Web Application Proxy (WAP) - ERROR-ID 0x80072efe
DC, WF, ADFS, WAP - Win Std. 2022 The configuration does not work with an MS WAP. --> https://learn.microsoft.com/en-us/windows-server/storage/work-folders/deploy-work-folders-adfs-overview I get the following error after successfully logging in. It…
Issue with locating templates on CAserver
I am running Windows Server 2012 R2 and trying to access the webpage http://localhost/certsrv/certrqxt.asp to request a certificate. However, when I try to select a certificate template, I get an error message saying that the CAserver cannot find any…
Enquiry on ADFS event ID MSIS8022 and Using DUO Authenticator for primary authentication
Hi all, We are trying to use DUO Authenticator for primary authentication as we would try using it to replace traditional form based authentication (Passwordless). We have tried testing it with our Shibboleth service provider through SAML2…
SMTP AUTHentication is not working after federation of domain configured
after the federation of my domain, the users, who were able to send mail before the federation via SMTP AUTHENTICATION like printers, and firewalls etc, CAN't send emails anymore. the error is: 535 5.7.139 Authentication unsuccessful, the user…
can we migrate unregistered active directory domains(.local) to azure entra id
I want to migrate .local domain which is not registered to azure entra id
ADFS Custom Primary Authenticator triggers MSIS8022 when user input invalid username
We are developing a custom authenticator for ADFS 2019 and intend to make it work as primary authentication method in Paginated theme. We found that when user input an invalid upn as username and choose our custom authenticator, an error message…
What ports are require to open between ADFS and WAP
I am going to implement new Azure AD tenant. My primary authentication method will be ADFS and PHS as backup method. For example, the servers name are as below ADFS name- ADFS01 WAP name- WAP01 Connect sync name- AADC01 Please can you help provide me…
ADFS WAP Redirects to Backend URL on Successful Logon
I have a domain mydomain.local and an ADFS Server adfs.mydomain.local. I've published by ADFS directly and also using WAP with external URL adfs.mydomain.com and backend URL adfs.mydomain.local. When I access the application, I get ADFS Web Form…
How to migrate a Relying Party Trust in ADFS for Office 365 (EntryID) to a new Forest
We need to migrate ADFS (>5 years old) from an old AD forest to the new Forest. We use ADFS, among other things, for SSO with custom domains for EntraID. For federation and creating the relying party with EntraID (Office 365 / Microsoft 365) I used to…