AD FS Monitor

Question

I am currently setting up an AD FS farm, load balanced by the BigIP. Going off of some recommended configurations, I set up a custom https monitor. I;m having issues with the VS actually showing that the server is up based on the send string.&nbsp;
Send String
GET /adfs/fs/federationserverservice.asmx HTTP/1.1
Host: sts1.example.com
Connection: Close
&nbsp;
Receive String
200 OK&nbsp;
where sts1.example.com is the common name of the cert being presented at the ADFS server and the A record for the VS on the BigIP. With that configured, the VS shows the child pool members are unreachable. Has anyone else seen this?&nbsp;
Thinking more about it, it was recommended that we do SSL tunneling so the SSL connection is being terminated on the ADFS server. How would this work with multiple AD FS farm servers? Would each farm server then have to share the same cert and keypair since the common name would have to remain the same?&nbsp;
Thanks in advance.&nbsp;
-GR&nbsp;

gbbaus_104974 · Answer

Hi&nbsp;
Did you fix this. &nbsp;
Take a look at: http://support.f5.com/kb/en-us/solutions/public/2000/100/sol2167.html&nbsp;
and try a double carriage return, line feed &nbsp;
"GET /index.html HTTP/1.1
Host: host.domain.com
Connection: Close

"&nbsp;

Forum Discussion

AD FS Monitor

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

2026 301a exam

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

VIP in https that redirect to another vip in https

F5OS login with admin/root failed via console

UCS Encryption Question

Related Content

Microsoft Active Directory Federation Services (AD FS) iApp Template

Lightboard Lessons: Microsoft AD FS Web Application Proxy Using F5 BIG-IP

adding pool members in cli

Simplifying Application Health Monitoring with F5 BIG-IP

External Monitor Information and Templates

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS