ADFS 3.0, connecting MS Web Application Proxys to Load-Balanced ADFS 3.0 Servers

Hello everyone,

I am completely stuck on figuring this one out. As we all know, ADFS 3.0 uses SNI, for testing I am using the basic tcp monitor to bring my nodes up on the pool. My nodes are two adfs 3.0 servers, tstadfs1/2. I also have two proxys, tstpx1/2. I have followed the instructions (part 1 and 5) here: https://devcentral.f5.com/articles/big-ip-and-adfs-part-5-working-with-adfs-30-and-sni with no luck.

When I try to connect the proxy to my ADFS farm, it sits there and spins, and I only get this in event viewer:

Unable to retrieve proxy configuration data from the Federation Service.

Additional Data

Trust Certificate Thumbprint: 25CC757E17BABF671434D5276AE5BEF6471C9180

Status Code: Unauthorized

Exception details: System.Net.WebException: The remote server returned an error: (401) Unauthorized. at System.Net.HttpWebRequest.GetResponse() at Microsoft.IdentityServer.Management.Proxy.StsConfigurationProvider.GetStsProxyConfiguration()

I have configured the Server SSL Profile in the Advanced settings to have my FQDN of my Federation Service Name. which in this case is: "tstadfs.test.domain.com". I am able to connect the Proxys to the ADFS nodes directly bypassing the pool, so ADFS is set up properly. I can't possibly see where I'm going wrong here.

The ADFS VS is only doing Auto Map for source address translation. I'm using the SSL Tunneling method from part 1 in the link above. Can anyone send me screenshots of their VS + Server SSL Profile configuration that has this working? Any advice is appreciated.