Windows 10: ADFS Support for Trusted Domains?

We manage a forest / domain domain1.com that has a two way trust with a company we recently merged with domain2.com. ADFS is on-premises and resides in domain1.com User's in domain1 have not issues logging on, user's in domain2 are experiencing authentication issues. Does ADFS support multiple domains? Any configured required with ADFS to enable the support? If you look at the event viewer, the following event is generated: An account failed to log on. Subject: Security ID: NULL SID Account Name: - Ac

:)

 

Recommendation: Load balancer for ADFS environment?

We want to put in ADFS for our current network to support about 30K authenticated users, currently to start off just for sharepoint application, but potentially will support other application/ users as well.

Looking for recommendation on whether we should go with virtual or hardware based Load Balancer, and
which vendor of LB that people tend to adopt for their ADFS and WAP servers? Imagine we'll need to get the LB that can support Layer 7

Here is how we are currently spec'ed out so far:

• 2 WAP servers (Win2016) sit behind a LB and all on DMZ
• 2 ADFS servers (Win2016) sit behind another LB and all on Internal network
• DC server is on Internal network as well

----

Can anyone explain how the traffic/federation process goes (step by step) when user access the website from the internet (please include how request is being passed/redirect between webserver, WAP, ADFS, and DC servers)

Thanks!

 

ADFS SAML setup

Hello,

I have questions regarding ADFS SAML configuration.

I have been charged with setting up ADFS SAML and connecting our system with clarity safetyzone.

I am using Using windows serv 2019 platform for the servers. I have created a test environment that has a domain controller, server with ADCS, and another server with ADFS. I have a certificate created within the ADCS server and I installed ADFS on the
respective server. I verified after installation of the role and configuring an adfs administrator that the adfs administrator can sign into the https://sts.contoso.com/adfs/ls/idpinitiatedsignon.aspx, I created a windows test account and logged into the
adfs server for testing purposes and when navigating to the https://sts.contoso.com/adfs/ls/ and attempting to sign in with that user, I get an error:

An error occurred
An error occurred. Contact your administrator for more information.
Error details
Activity ID: f68cc99a-b6e5-40dc-1a00-0080000000e5Error details: MSIS7065: There are no registered protocol handlers on path /adfs/ls/ to process the incoming request.Node name: 85253664-435b-4d04-8775-d4b96854cb12Error time: Mon, 02 Nov 2020 20:11:16 GMTCookie:
enabledUser agent string: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36

I have everyone permitted for intranet access in the Access Control Policies.
Am i missing something? Once i can verify that a standard user can login, then i can move on to the step of setting up the appropriate claims/trusts.

Does anyone have experience with this and maybe even experience with the Clarity Safety Zone platform?

 

ADFS and change of domain controller

Hello there

Hoping you can help. We have ADFS installed on a member server (NON domain controller). We also have 4 DC's (2 x 2008R2 and 2 2012R2) and have started a project to replace all the current dc's with 2 x 2016 DC's.

I've had a look on our member server where ADFS is installed and cant see anything that shouts at me regarding our current DC's and I'm just a bit concerend that when we do the switchover something will break.

I was hoping someone might have gone through something similar and might have some pointers on where to look and what to look for?

Many thanks