We are in ADFS 2019 environnment. I have 2 ADFS servers internally and 2 WAP servers in DMZ. I have 1 vs(ssl bridging on F5 DMZ) to loadblalance WAP servers for external users and another vs (ssl bridging on internal F5) to loadblalance ADFS servers for internal users. The WAPs goes through the internal vip which load balanced internal ADFS servers. The problem seems to be with the Trust with the Primary ADFS servers (using powershell command line "Install-WebApplicationProxy). The WAP servers are not able to reestablish trust. But the trust work when WAP servers point directly to internal ADFS server
VS #1 (traffic between external users and WAP servers) - Configure SSL bridging VS #2 (traffic between WAP servers and ADFS servers) - Configure SSL pass-through
I believe the reason for the trust failing is due to there being SSL client authentication between the WAP servers and ADFS servers. So therefore on VS #2, you can only have SSL pass-through, otherwise it will break this client authentication.
VS #1 (traffic between external users and WAP servers) - Configure SSL bridging VS #2 (traffic between WAP servers and ADFS servers) - Configure SSL pass-through
I believe the reason for the trust failing is due to there being SSL client authentication between the WAP servers and ADFS servers. So therefore on VS #2, you can only have SSL pass-through, otherwise it will break this client authentication.
