Installing ADFS Proxy on Server 2016

Posted: January 4, 2017 in Windows Server

To enable  AD FS for accessibility from outside the corporate network,we can deploy one or more web application proxies for AD FS. From Windows Server 2012 the role of a federation server proxy is handled by a new Remote Access role service called Web Application Proxy

Installing wildcard certificate

Web Application Proxy requres SAN SSL certificate,in this example i used wilcard certificate

SAN certificate allows for multiple domain names to be protected with a single certificate. For example, we install certificate for test.com, and then add more SAN values to have the same certificate protect test.org, test.net

Wildcard certificate allows for unlimited subdomains to be protected with a single certificate.We can use a wildcard certificate for the domain name test.com and that cert would also work for mail.test.com, ftp.test.com and any other subdomain.

On server which will be Web Application proxy open MMC console-add Certificates snap-in-Local computer

10.png

 

 

11

Expand Personal folder-right click Certificates folder-All tasks-Advanced operations-create custom request

2-1

Proceed with enrollment policy

2-2.png]

Choose (No Template) Legacy key

2-3.png

Expand Details and click Properties

2-4.png

On general tab set domain name

untitled

Then click Subject tab and fill the following:

CN-common name

C-Country

L-Locality

OU-Organizational Unit

O-Organization

Untitled.png

Private Key tab:

Key options-Key Size 4096,check Make private key exportable

Key type:Exchange

7-2.PNG

Save the request file

8

Browse to your internal CA web enrollment pages and click Request a certificate

9.png

Click advanced certificate request

10

Select the Submit a certificate request link

11.png

Open the previously created request file in notepad and copy all the data in it to clipboard.

Past the clipboard into the Saved Request box

Select the web server template

Click submit

Untitled.png

Download certificate

12.PNG

Go back to MMC snap-in,Right click the Certificates folder in the personal folder store and select import

Untitled.png

Browse for location of downloaded file,select Personal as Certificate Store

12-3.PNG

13

Installing Web Applicaton Proxy role

In Roles check Remote Access:

5.PNG

Check Web Application Proxy

6.PNG

PowerShell:

Install-WindowsFeature Web-Application-Proxy -IncludeManagementTools

Configuring Web Application Proxy:

17

Enter ADFS server and local admin credentials

18.PNG

Select certificate

19.png

PowerShell:

Get SSL certificate thumbrint

dir Cert:\LocalMachine\My

20

Install-WebApplicationProxy -FederationServiceTrustCredential System.Management.Automation.PSCredential -CertificateThumbprint 'BD064CDA8DCB3FC62A907D550D0298A757760769' -FederationServiceName 'fs.test.com'

 

21.PNG

Also check Application and Services Logs-AD FS-Admin and look for EventID 396

 

Untitled.png

Advertisements
Comments

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s