L
LilHammer
We've had Windows Server 2012 R2 setup with ADFS 3.0 and a Server 2012 R2 WAP for a couple months now, all working fine for single sign-on to on-premises CRM and federation with our Office 365 tenancy. We recently updated the certificate on the ADFS 3.0 server and WAP server but have run into an interesting problem.
When I first used the Get-WebApplicationProxySSLCertificate command to check the current certificate thumbprint, there were two hostname entries for our ADFS service (sso.domainname.com) - one for port 443 and the other for port 49443. However, after I updated the certificate with the Set-WebApplicationProxySSLCertificate newcertthumbprinthere command and verified the new cert was applied with the get command again, the hostname entry for port 443 is gone. Only the hostname entry for port 49443 remains. Now when Office 365 tries to redirect to sso.domainname.com we get "Page cannot be displayed". Single sign-on for CRM and Office 365 works just fine internally.
No firewall changes on either ADFS server or our perimeter Cisco ASA have been made and I can verify this by a telnet session to port 443 for the service url IP address externally.
So little ADFS troubleshooting information... Any help is appreciated!
Continue reading...
When I first used the Get-WebApplicationProxySSLCertificate command to check the current certificate thumbprint, there were two hostname entries for our ADFS service (sso.domainname.com) - one for port 443 and the other for port 49443. However, after I updated the certificate with the Set-WebApplicationProxySSLCertificate newcertthumbprinthere command and verified the new cert was applied with the get command again, the hostname entry for port 443 is gone. Only the hostname entry for port 49443 remains. Now when Office 365 tries to redirect to sso.domainname.com we get "Page cannot be displayed". Single sign-on for CRM and Office 365 works just fine internally.
No firewall changes on either ADFS server or our perimeter Cisco ASA have been made and I can verify this by a telnet session to port 443 for the service url IP address externally.
So little ADFS troubleshooting information... Any help is appreciated!
Continue reading...
