Clik here to view.
Deploying a federation server with a SQL database
This post is as much for me as anyone else (because I’ve done and forgotten how to do this three times thus I am writing it down). If you want to stand up a new Active Directory Federation Services (AD...
View ArticleClik here to view.
Active Directory Federation Services (AD FS) 2.0 and multiple AD DS forests
Something that wasn’t immediately clear (from the UX) or easily obtainable (via Internet search) was information on what configuration, if any, is required in Active Directory Federation Services 2.0...
View ArticleClik here to view.
Update Rollup 1 for Active Directory Federation Services (AD FS) 2.0
Yesterday Microsoft released Update Rollup 1 for Active Directory Federation Services (AD FS) 2.0. The update includes hotfixes and updates that fix seven (7) product issues and add four (4) new...
View ArticleClik here to view.
Update Rollup 2 for Active Directory Federation Services (AD FS) 2.0
Yesterday Microsoft released Update Rollup 2 for Active Directory Federation Services (AD FS) 2.0. This update rollup includes hotfixes and updates that fix four (4) product issues and add one (1) new...
View ArticleClik here to view.
AD FS 2.0 Issuance Authorization Rules
I had to create a couple of issuance authorization rules in my last engagement and it took me a little longer than it should have to get the syntax correct so I thought I’d post a couple of examples...
View ArticleClik here to view.
Uninstalling AD FS 2.0 (and deleting the databases)
I’ve been working on an installation guide for AD FS 2.0 and have needed to uninstall and reinstall several times. When you uninstall AD FS the database isn’t deleted. The IIS applications aren’t...
View ArticleClik here to view.
The service did not respond to the start or control request in a timely fashion.
When creating a new FS farm or joining a new node to an existing farm, i.e. running FSCONFIG.EXE or FSCONFIGWIZARD.EXE, or configuring an FS-P, i.e. running FSPCONFIGWIZARD.EXE, the process might fail...
View ArticleClik here to view.
AD FS 329: The certificate that is identified by thumbprint ‘’ could not be...
Scenario The Active Directory Federation Services (AD FS) 2.x service ADFSSRV will not start. Event ID 329 is logged in the AD FS 2.0/Admin event log. The pertinent text from event 329 is as follows:...
View ArticleClik here to view.
AD FS 2.0 Issuance Authorization Rules: ensure two attributes match
I previously posted a couple of examples of AD FS 2.0 Issuance Authorization (AuthZ) Rules that I’ve used. Troy posted a comment asking whether or not there is a way to ensure that two attributes...
View ArticleClik here to view.
Update Rollup 3 for Active Directory Federation Services (AD FS) 2.0
Yesterday Microsoft released Update Rollup 3 for Active Directory Federation Services (AD FS) 2.0. This update includes five (5) hotfixes, summarised below. The update is cumulative which means it...
View ArticleClik here to view.
Uninstalling AD FS in Windows Server 2012
In my post Uninstalling AD FS 2.0 (and deleting the databases) I described how to uninstall AD FS 2.0 from Windows Server 2008 or 2008 R2. While the process is fundamentally the same there are some...
View ArticleClik here to view.
Workplace Join failed 0x10dd (a.k.a. how to properly change/set your #ADFS...
This post is really a simple layer-8 issue, but I thought it justified a post as there’s a nuance or two that are worth discussing. I’m in the process of designing yet another Active Directory...
View ArticleClik here to view.
AD FS, Enhanced Protection for Authentication (EPA), Chrome and Integrated...
Something that I’ve had the misfortune of working on to look into recently was the user experience when accessing federated business apps using a browser that isn’t Internet Explorer. Suffice to say,...
View ArticleClik here to view.
AD FS 2.0 Issuance Authorization Rules
I had to create a couple of issuance authorization rules in my last engagement and it took me a little longer than it should have to get the syntax correct so I thought I’d post a couple of examples...
View ArticleClik here to view.
Uninstalling AD FS 2.0 (and deleting the databases)
**This post was written for AD FS 2.0 running on Windows Server 2008 or Windows Server 2008 R2. For information on uninstalling and cleaning up AD FS 2.1 on Windows Server 2012 please see the post...
View ArticleClik here to view.
The service did not respond to the start or control request in a timely fashion.
When creating a new FS farm or joining a new node to an existing farm, i.e. running FSCONFIG.EXE or FSCONFIGWIZARD.EXE, or configuring an FS-P, i.e. running FSPCONFIGWIZARD.EXE, the process might fail...
View ArticleClik here to view.
AD FS 329: The certificate that is identified by thumbprint ‘’ could not be...
Scenario The Active Directory Federation Services (AD FS) 2.x service ADFSSRV will not start. Event ID 329 is logged in the AD FS 2.0/Admin event log. The pertinent text from event 329 is as follows:...
View ArticleClik here to view.
AD FS 2.0 Issuance Authorization Rules: ensure two attributes match
I previously posted a couple of examples of AD FS 2.0 Issuance Authorization (AuthZ) Rules that I’ve used. Troy posted a comment asking whether or not there is a way to ensure that two attributes...
View ArticleClik here to view.
Update Rollup 3 for Active Directory Federation Services (AD FS) 2.0
Yesterday Microsoft released Update Rollup 3 for Active Directory Federation Services (AD FS) 2.0. This update includes five (5) hotfixes, summarised below. The update is cumulative which means it...
View ArticleClik here to view.
Uninstalling AD FS in Windows Server 2012
In my post Uninstalling AD FS 2.0 (and deleting the databases) I described how to uninstall AD FS 2.0 from Windows Server 2008 or 2008 R2. While the process is fundamentally the same there are some...
View Article