Windows 10: ADFS only Working On Certain IPs

Recently I have been tasked with putting an updated application on our new 2016 virtual server to run our campus. ADFS is already working on major systems. And for this particular new 2016 server, I can navigate from a handful of other computers and browser sign into the adfs site and it returns me back correctly to my application. However, on other computers I can hit the ADFS site, login then it reads that there has been an authentication. What are some possible reasons why ADFS would authenticate and find my login information from one IP and not another, that are on the same network settings except IP address. Additionally, I cannot login successfully when I use the browser from the new server itself, but can from our other webservers.

:)

 

Recommendation: Load balancer for ADFS environment?

We want to put in ADFS for our current network to support about 30K authenticated users, currently to start off just for sharepoint application, but potentially will support other application/ users as well.

Looking for recommendation on whether we should go with virtual or hardware based Load Balancer, and
which vendor of LB that people tend to adopt for their ADFS and WAP servers? Imagine we'll need to get the LB that can support Layer 7

Here is how we are currently spec'ed out so far:

• 2 WAP servers (Win2016) sit behind a LB and all on DMZ
• 2 ADFS servers (Win2016) sit behind another LB and all on Internal network
• DC server is on Internal network as well

----

Can anyone explain how the traffic/federation process goes (step by step) when user access the website from the internet (please include how request is being passed/redirect between webserver, WAP, ADFS, and DC servers)

Thanks!

 

portal.office.com (Office 365) to ADFS then This page can’t be displayed on IE11

I am using Office 365 with ADFS authentication.

When I go to portal.office.com, and the following is true, I get a This page can’t be displayed error just as the browser tries to authenticate against my ADFS server:

• Using IE or Edge in Windows 10 (IE version: 11.103.10586.0)
  
• Computer joined to my domain
• On the WAN whether or not I'm connected to the VPN

It will work if:

• I'm on my corporate LAN
• There is no problem with Windows 8 in the above setup (IE 11.0.9600.12205)
• If I use Firefox (probably chrome too, haven't bothered to test)

Other notes:

I can properly resolve the external address of my adfs server (otherwise Firefox wouldn't work)

If i replace the server address (adfs.domain.com) with the WAN IP, it will authenticate

My ADFS server along with *.microsoftonline.com and *.office.com is in my Local intranet zone.

Enabling or disabling "Display intranet sites in Compatibility View" does not resolve the issue

From what I can tell, IE cannot resolve the address of my adfs server or refuses to talk to it. I don't know how a browser would not be able to resolve an address because I don't believe it's the job of the browser to do name resolution/interpretation
at any level.

This affects all Windows 10 clients.

Before asking me if I have checked TLS settings, etc in IE please remember: I am able to connect to my adfs server if I use the IP address in IE.

Before asking if my DNS settings are setup properly: Firefox works fine without me entering the IP.

I'm stuck and have no idea what to try next.

 

ADFS Integration

Hi omniayehia,

I am Vijay, an Independent Advisor. I am here to work with you on this problem.

ADFS related question is more likely to be answered at Technet. I would suggest that you should post simultaneously (i.e. cross-post) to Technet forum also as this will increase chances of getting the fast answer to this query. So, your question will be on
two forums - This and Technet. Experts on both forums will assist you giving you wider reach.

Technet ADFS Forum -
https://social.technet.microsoft.com/Forums/en-...

Do let me know if you require any further help on this. Will be glad to help you.