today I faced the issue, that when I tried to install my Web Application Proxy for ADFS, it permanently fails with the Event ID 422:
Unable to retrieve proxy configuration data from the Federation Service.
Trust Certificate Thumbprint:
System.Net.WebException: The remote server returned an error: (401) Unauthorized.
—- End Snip—
I was quite sure, that I had everything quite well configured, and that I was using the correct certificate.
With the Error (401) Unauthorized, I thought it might be an issue with the account required to connect to the ADFS Farm, but this wasn’t the case. I found this Blog that tells to check and Enable Device Registration Service in some circumstances, but I had this feature already activated.
So, time to shine, because I had this Installation already up and running, and was wondering why I could not create the Trust between the Web Application Proxy and the AD FS Farm.
I then checked the ADFS Service properties and recognized, that there was an http address used:
So port 80 would be required to open to the Farm from the Proxy Servers.
After I have added this rule to the Firewall, the WAP could be federated easily and worked afterwards as expected. I still wonder why this worked before, or if I have changed something on the Firewall in advance of this issue.
Hope this helps someone else