Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

ADFS WAP servers failed to establish trust with ADFS 2019 servers using internal vip

raydakis
Altostratus
Altostratus

Hello guys,

We are in ADFS 2019 environnment.
I have 2 ADFS servers internally and 2 WAP servers in DMZ.
I have 1 vs(ssl bridging on F5 DMZ) to loadblalance WAP servers for external users
and another vs (ssl bridging on internal F5) to loadblalance ADFS servers for internal users.
The WAPs goes through the internal vip which load balanced internal ADFS servers.
The problem seems to be with the Trust with the Primary ADFS servers (using powershell command line "Install-WebApplicationProxy).
The WAP servers are not able to reestablish trust.
But the trust work when WAP servers point directly to internal ADFS server

Please advise how can i fix this.

Thanks,

1 ACCEPTED SOLUTION

Michael_Saleem
Cirrocumulus
Cirrocumulus

Is it possible to try the following:

VS #1 (traffic between external users and WAP servers) - Configure SSL bridging
VS #2 (traffic between WAP servers and ADFS servers) - Configure SSL pass-through

I believe the reason for the trust failing is due to there being SSL client authentication between the WAP servers and ADFS servers. So therefore on VS #2, you can only have SSL pass-through, otherwise it will break this client authentication.

View solution in original post

2 REPLIES 2

Michael_Saleem
Cirrocumulus
Cirrocumulus

Is it possible to try the following:

VS #1 (traffic between external users and WAP servers) - Configure SSL bridging
VS #2 (traffic between WAP servers and ADFS servers) - Configure SSL pass-through

I believe the reason for the trust failing is due to there being SSL client authentication between the WAP servers and ADFS servers. So therefore on VS #2, you can only have SSL pass-through, otherwise it will break this client authentication.

Hello Michael,

 I'll try It.

Many thanks,