Forum Discussion
ADFS WAP servers failed to establish trust with ADFS 2019 servers using internal vip
Hello guys,
We are in ADFS 2019 environnment.
I have 2 ADFS servers internally and 2 WAP servers in DMZ.
I have 1 vs(ssl bridging on F5 DMZ) to loadblalance WAP servers for external users
and another vs (ssl bridging on internal F5) to loadblalance ADFS servers for internal users.
The WAPs goes through the internal vip which load balanced internal ADFS servers.
The problem seems to be with the Trust with the Primary ADFS servers (using powershell command line "Install-WebApplicationProxy).
The WAP servers are not able to reestablish trust.
But the trust work when WAP servers point directly to internal ADFS server
Please advise how can i fix this.
Thanks,
Is it possible to try the following:
VS #1 (traffic between external users and WAP servers) - Configure SSL bridging
VS #2 (traffic between WAP servers and ADFS servers) - Configure SSL pass-through
I believe the reason for the trust failing is due to there being SSL client authentication between the WAP servers and ADFS servers. So therefore on VS #2, you can only have SSL pass-through, otherwise it will break this client authentication.
Is it possible to try the following:
VS #1 (traffic between external users and WAP servers) - Configure SSL bridging
VS #2 (traffic between WAP servers and ADFS servers) - Configure SSL pass-through
I believe the reason for the trust failing is due to there being SSL client authentication between the WAP servers and ADFS servers. So therefore on VS #2, you can only have SSL pass-through, otherwise it will break this client authentication.- raydakisAltocumulus
Hello Michael,
I'll try It.
Many thanks,
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com