Troubleshooting ADFS Problems

Applies To: Windows Server 2003 R2

Active Directory Federation Services (ADFS) scenarios rely on the interactions among several components, all of which must be configured correctly to achieve single sign-on (SSO) for ADFS clients. The components that make up an ADFS deployment include the following:

  • Multiple ADFS components, including:

    • Federation Services

    • ADFS Web Agent

    • ADFS Proxy Server (optional)

  • Internet Information Services (IIS) Web sites

  • Active Directory or Active Directory Application Mode (ADAM) directory store

  • Certificate services

  • Domain Name System (DNS) infrastructure

Troubleshooting content that is included in this guide provides the information that you need to identify and solve problems that occur within and between components in an ADFS deployment. The identified problems and solutions apply to computers that are running the following software versions:

  • IIS servers that are running ADFS servers, including account and resource federation servers and ADFS proxy servers: These IIS servers must be running Windows Server 2003 R2, Enterprise Edition, or Windows Server 2003 R2, Datacenter Edition.

  • Domain controllers: Domain controllers must be running Windows Server 2003 R2, Windows Server 2003, or Windows 2000 Server.

  • IIS servers running ADFS Web Agent: These IIS servers must be running Windows Server 2003 R2, Enterprise Edition; Windows Server 2003 R2, Datacenter Edition; or Windows Server 2003 R2, Standard Edition.

In this section