Skip to content

Tag: ADFS

KB4077525 caused some issues with my ADFS servers (Updated)

And here is a small update on that:
Because others seem to have the same issue that I had, I cannot recommend to installation of KB4077525 on any ADFS Server! It looks like. that the problem occurs mostly with ADFS Server Farms that use WID as a backend. However, I cannot guarantee that it works better with a “real” SQL Server backend instead of WID.

If you want to give it a try, do yourself a big favour and use the AD FS Rapid Restore Tool to create a backup before. And maybe you should do a Backup of your OS before (Or a Snapshot if you have a Hypervisor, like I do).

Original article content:
Microsoft released the KB4077525 (OS Build 14393.2097) Fix, this fix contains some Active Directory Federation Services (ADFS) related bugfixes.

ADFS related Fixes in KB4077525
ADFS related Fixes in KB4077525

In my case, this one was the reason why I immediately applied it:

Addresses issue where AD FS incorrectly displays the Home Realm Discovery (HRD) page when an identity provider (IDP) is associated with a relying party (RP) in an OAuth Group. Unless multiple IDPs are associated with the RP in the OAuth Group, the user will not be shown the HRD page. Instead, the user will go directly to the associated IDP for authentication.

KB4077525
KB4077525

Right after applying the system asked for a reboot…

And then my headache started! The Active Directory Federation Services (ADFS) didn’t start. Lots of Error 102,220, and 352 in the Eventlog!

Microsoft AD FS behind a Load Balancer

This content is older than 2 years. It might be outdated.

A friend called me today with a urgent question: Why did our Load Balancer shows all Nodes in our AD FS Farm as down?

The answer is a bit complicated: AD FS (Active Directory Federation Services) doesn’t answer correct to the bind/probe and therefore, the Load Balancer marks the Server(s) as down. The Problem is Layer 6/7 and based on how Microsft handles SSL for SNI (Server Name Indication) within AD FS. WAP (Web Application Proxy) handles that, but most load balancers have an issue with that.

Copyright © 2018 by Joerg Hochwald. All rights reserved. ● Site is powered by Author