Can't Reach ADFS SignOn Page Externally Through WAP Server (Both Server 2016 Datacenter)

B

BigPlayfromMD

I'm trying to implement my first ADFS implementation and everything went well with the ADFS role install and config, as well as for the WAP server install and config. I can browse to the metadata file as well as successfully login via the ADFS Single Sign on page (https://servvice name.domain.com/adfs/ls/IdpInitiatedSignon.aspx) from any computer within my domain, including the WAP server that sits in the DMZ. I have also published the adfs service trough the WAP console. All DNS records are in place internally and externally and resolvable by all machines. Host file edits are in place for the WAP server. WAP Server console shows everything green.

Problem is when I try to browse to the url mentioned above or the metadata url I receive "HTTP Error 503. The service is unavailable." When I browse to w/out the sub directories to the signon page I receive the "404 resource not found" error, which I suspect to be correct since that top level url will only reach the WAP server. My questions are:


  • I should be able to reach the adfs signon page externally correct?
  • What exactly (besides Windows Authentication) should I have configured in IIS?
  • Should I still be using url rewrites in IIS even if the WAP console has published the adfs service?
  • Does the WAP server have to be added as a relying party on the adfs server?
  • Is there a link somewhere that has detailed laymens terms step-by-step instructions of how to integrate a WAP server with ADFS? (all the links I see only show the basic Wizard configurations and that's it, which I have done.)
  • The service name is rgfs.domain.com, there's nothing requiring the service name to be the regular adfs.domain.com or sts.domain.com is it?

My setup is:

  • Single ADFS Server 2016
  • Single WAP Server 2016
  • Firewall Port Rules are open for 443 to WAP server
  • Using wildcard certificate

My plan is to integrate this with Office365 so that I can setup a fully hybrid setup for Exchange.

Trying to get a hold of Microsoft support during this pandemic has prooved to be a undertaking in itself and STILL haven't got a call back. That being said I'm hoping someone has in depth knowledge/experience of WAP server configuration because I've done everything including full role reinstalls and same result, everything works inside but not reachable through WAP. Thankx in advance.


Continue reading...
 
Back
Top Bottom