ADFS – Install Web Application Proxy fails with 401: Unauthorized

Hi,

today I faced the issue, that when I tried to install my Web Application Proxy for ADFS, it permanently fails with the Event ID 422:
AD FS Event ID 422
With Text:
‎Unable to retrieve proxy configuration data from the Federation Service.
Additional Data
Trust Certificate Thumbprint:
3CD8F7C4697ED510546F74C25B4FD4F8C183CE34

Status Code:
Unauthorized
Exception details:
System.Net.WebException: The remote server returned an error: (401) Unauthorized.
at System.Net.HttpWebRequest.GetResponse()
at Microsoft.IdentityServer.Management.Proxy.StsConfigurationProvider.GetStsProxyConfiguration()
—- End Snip—
I was quite sure, that I had everything quite well configured, and that I was using the correct certificate.

With the Error (401) Unauthorized, I thought it might be an issue with the account required to connect to the ADFS Farm, but this wasn’t the case. I found this Blog that tells to check and Enable Device Registration Service in some circumstances, but I had this feature already activated.
So, time to shine, because I had this Installation already up and running, and was wondering why I could not create the Trust between the Web Application Proxy and the AD FS Farm.
I then checked the ADFS Service properties and recognized, that there was an http address used:
Fedration Service Identifier HTTP
So port 80 would be required to open to the Farm from the Proxy Servers.
After I have added this rule to the Firewall, the WAP could be federated easily and worked afterwards as expected. I still wonder why this worked before, or if I have changed something on the Firewall in advance of this issue.

Hope this helps someone else

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s