AD Troubleshooting

AD and Domain-related issues and troubleshooting methods for Active Directory.

Browse by Tags

Related Posts
  • Blog Post: Upgrading from ADFS 2.0 to ADFS 2.1

    [ Note: this is a shortcut variation on the steps in the Technet article on http://technet.microsoft.com/en-us/library/jj134039.aspx and should for now only be used in lab scenarios as it hasn't been officially tested by the PG's] The short version; Add the AD FS role on Windows Server 2012...
  • Blog Post: ADFS Event ID 364 on ADFS 2.0 proxy

    Problem: The following is logged in the event log on an ADFS Proxy or ADFS Server: Log Name: AD FS 2.0/Admin Source: AD FS 2.0 Date: 15.09.2011 14:28:16 Event ID: 364 Task Category: None Level: Error Keywords: AD FS User: NETWORK SERVICE Computer: ADFSProxy01 Description: Encountered error during...
  • Blog Post: Setting up your first ADFS POC

    Here are the steps for setting up a POC for ADFS: First of all, you need to decide on what your federation server farm will be called on the Internet. In the drawing below I've chosen the name fs.contoso.com - this will be registered in DNS as follows: in external DNS to point to the external...
  • Blog Post: Fiddling with ADFS - end the infinite authentication loop

    While working at a customer site the other day I was reminded of an article by Eric Lawrence on why you sometimes start seeing endless pop-up windows asking for credentials when using Fiddler to decrypt HTTPS traffic during troubleshooting. In short; If the web server has Extended Protection for Authentication...
  • Blog Post: ADFS case sensitivity

    ADFS is case-sensitive for the most part - but there are some sections of ADFS 2.0 where you might not need an exact match. In general you should however still try to make sure you both compy with the standard format for public attributes and settings and maintain consistency when referring to internal...
  • Blog Post: Installing ADFS 2.1 on Windows Server 2012 with Windows Internal Database fails if local GPO granting User Rights is overwritten at the Domain or OU-level

    During the installation of ADFS 2.1 on Windows Server 2012 the Add-Role wizard grants the local virtual account NT SERVICE\MSSQL$MICROSOFT##WID that runs the WID service ' Log on as a service ' user rights via the Local Group policy. If the Local Group Policy that grants the user rights is overwritten...
  • Blog Post: Setting up ADFS 2.0 as an IDP for Visma Proceedo

    I've put together a Word document with the details on how to set up a federation trust between Visma Proceedo acting as a Relying Partner (RP) and ADFS 2.0 acting as the Identity Provider (IDP). The document can be downloaded on http://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components...
  • Blog Post: ADFS, Antivirus and Backup and Monitoring

    What do I need to do a Disaster Recovery of ADFS? What exclusions should I configure for my ADFS Server? There’s a really good Wiki article on backing up ADFS on http://social.technet.microsoft.com/wiki/contents/articles/ad-fs-2-0-how-to-back-up-the-federation-service.aspx that is a must-read...
  • Blog Post: Using Wevtutil to capture and view the ADFS Debug log

    When troubleshooting ADFS server-side issues it can be useful to turn on ADFS Debug logging on the server. To enable the ADFS debug event log: wevtutil sl "AD FS 2.0 Tracing/Debug" /E:true Running the same command with /E:False disables the debug logging again. After you have enabled it,...