ADFS 2.0 configuration with internal non routable domains.

-

dear all,

i have planned deploy ad fs 2.0 in organization but do not have knowledge impliment internal non routeable domains. scenerio is with following specifications.

1)    2 seprate forests

2)    abc.local in forest a  , zyz.local in forest b

3)    have external routeable domains names     cde.com , fgh.com

4)    web server claim aware application in xyz.local domain 

i want install ad federation server in each abc.local , xyz.local domains. dont know how configure external domains settings in federations server ad fs 2.0 settings want use internal ca's certificates. please me resolve issue have never seen any deployment scenerio along non routeable internal domain routable external domains. 

please me in detail configuration of ad fs 2.0 , how certificates internal ca's deployment of above mentioned scenerio.

regads,

nadeem


hi,

as always, recommend following starting point.  it’s filled lots of great content ad fs 2.0:

ad fs 2.0 content map:

http://social.technet.microsoft.com/wiki/contents/articles/2735.aspx

 

this setup should straight forward, glitch name resolution once it’s mapped out, it’s not terribly difficult:

- server names sts_host.abc.local or sts_host.xyz.local

- need create cde.com , fgh.com zones on internal dns servers of abc , xyz, respectively

- federation server names external dns names , registered internal cde.com , fgh.com zones:

- sts.cde.com

- sts.fgh.com

                - externally, names sts.cde.com , sts.fgh.com should resolve ad fs proxy names in dmz

- proxy servers use host file resolve internal ip address of sts.cde.com , sts.fgh.com

 

your ssl certificates subject match federation service names:

- sts.cde.local

- sts.fgh.local

 

if you're using farm implementation, sure spns registered correctly :

- setspn -a host/sts.cde.com abc\{service_account}

- setspn -a host/sts.fgh.com xyz\{service_account}

 

ad fs 2.0: how configure spn (serviceprincipalname) service account

http://social.technet.microsoft.com/wiki/contents/articles/ad-fs-2-0-how-to-configure-the-spn-serviceprincipalname-for-the-service-account.aspx

 

hope helps!

best regards,

yan li

please remember mark replies answers if , unmark them if provide no help.


Windows Server  >  Windows Server General Forum



Comments

Post a Comment

Popular posts from this blog

Group Policy Event ID 1058 Error Code 1326 (The user name or password is incorrect)

-
i seeing odd error on 1 of our domain controllers. have dealt event id 1058 errors whereby policy (or policies) not replicating, receiving error along error code 1326 on server, , apparently happening default domain policy: log name:      system source:        microsoft-windows-grouppolicy date:          8/10/2015 3:09:54 pm event id:      1058 task category: none level:         error keywords:      user:          s-1-5-21-1484152634-2550175353-3916092219-3287 computer:      <dc name>.<domainname> description: processing of group policy failed. windows attempted read file http://schemas.microsoft.com/win/2004/08/events/event ">   <system>     <provi...
Read more

Suspicious event log Event ID: 4905

-
hi thr, could please me understand causing such event logs generate ? as  i understand, vssvc.exe pertains volume shadow copy used backup purpose.  we have third party application used taking backup of servers. the event longs generated following messages: 1) attempt made unregister security event source. 2) attempt made register security event source. these events not regular generated on random days. standard fields: date:               2013/10/19 time:               02:32:19 importance:         critical rule name:          security event monitored machine:  <domain controller> log format:         windows log name:           security event id:           4905 in work hours:      yes dynamic fields: internal timestamp: 2013/10/19 ...
Read more

DCOM received error "2147746132" from...

-
hi everybody, i have dc (my windows essentials 2012 server) , windows 2012 server in network.  the windows server 2012 inside domain. on server, got "non stopping" error says in event logs : ===> dcom received error "2147746132" fromd computer xxxx(my dc computer) while server trying activation : {6df8cb71-153b-4c66-8fc4-e59301b8011b} it never stops, got 11000+ new events :s i found : http://support.microsoft.com/kb/971153/fr i'm not sure should ? does got idea ? matthieu. hi, please try solution mentioned in below link: http://www.eventid.net/display-eventid-10006-source-dcom-eventno-272-phase-1.htm regards, cicely Windows Server  >  Windows Server 2012 General ...
Read more