What do I need to do a Disaster Recovery of ADFS? What exclusions should I configure for my ADFS Server? There’s a really good Wiki article on backing up ADFS on http://social.technet.microsoft.com/wiki/contents/articles/ad-fs-2-0-how-to-back-up-the-federation-service.aspx that is a must-read...

During the installation of ADFS 2.1 on Windows Server 2012 the Add-Role wizard grants the local virtual account NT SERVICE\MSSQL$MICROSOFT##WID that runs the WID service ' Log on as a service ' user rights via the Local Group policy. If the Local Group Policy that grants the user rights is overwritten...

The short version; Add the AD FS role on Windows Server 2012, choose to a dd it to an existing farm. Make the new ADFS 2.1 server the primary (set-adfssyncproperties -role PrimaryComputer). Make the original ADFS server secondary (set-adfssyncproperties -role SecondaryComputer -PrimaryComputerName...

While working at a customer site the other day I was reminded of an article by Eric Lawrence on why you sometimes start seeing endless pop-up windows asking for credentials when using Fiddler to decrypt HTTPS traffic during troubleshooting. In short; If the web server has Extended Protection for Authentication...

Here are the steps for setting up a POC for ADFS: First of all, you need to decide on what your federation server farm will be called on the Internet. In the drawing below I've chosen the name fs.contoso.com - this will be registered in DNS as follows: in external DNS to point to the external...

ADFS is case-sensitive for the most part - but there are some sections of ADFS 2.0 where you might not need an exact match. In general you should however still try to make sure you both compy with the standard format for public attributes and settings and maintain consistency when referring to internal...

When troubleshooting ADFS server-side issues it can be useful to turn on ADFS Debug logging on the server. To enable the ADFS debug event log: wevtutil sl "AD FS 2.0 Tracing/Debug" /E:true Running the same command with /E:False disables the debug logging again. After you have enabled it,...

Problem: The following is logged in the event log on an ADFS Proxy or ADFS Server: Log Name: AD FS 2.0/Admin Source: AD FS 2.0 Date: 15.09.2011 14:28:16 Event ID: 364 Task Category: None Level: Error Keywords: AD FS User: NETWORK SERVICE Computer: ADFSProxy01 Description: Encountered error during...

I've put together a Word document with the details on how to set up a federation trust between Visma Proceedo acting as a Relying Partner (RP) and ADFS 2.0 acting as the Identity Provider (IDP). The document can be downloaded on http://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components...