showing posts tagged with 'adfs'
by lunarg on August 24th 2015, at 16:20
Occasionally (usually once a year), you may have to renew your SSL certificate of your Active Directory Federation Services server, used for your Office 365 Single Sign-On setup. In past versions, this was done quite easily through IIS. However, since 2012 R2 (a.k.a. ADFS 3.0), ADFS no longer uses IIS and it gets a little bit more complicated.

Outlined in this short article are the steps you need to do in order to renew or replace your SSL certificate on a Windows 2012 R2 server, running ADFS 3.0.

First, renew or request a new SSL certificate through your Certificate Authority (such as GoDaddy, Enom, etc.). How to do this depends greatly on the CA. As ADFS on 2012 R2 no longer uses IIS, yo  ...
by lunarg on August 24th 2015, at 16:09
Certain Certificate Authority providers, such as GoDaddy allow you to renew an SSL certificate using the same CSR and private key. This greatly simplifies the procedure to renew a certificate, but this can also complicate things if you don't have your private key readily available.

On a server running ADFS 3.0 for instance, you do not have IIS available to allow an easy SSL certificate renewal (or even a request). Or perhaps, you lost the current private key, or it is located somewhere where it's not easily accessible.

Luckily, there's a fairly easy way to extract the private key from the previous SSL certificate on your Windows server. By using the Windows Certificate store functionality   ...
by lunarg on June 26th 2015, at 14:50

Microsoft has released the Azure Active Directory Connect to the general public. Azure AD Connect replaces (although "incorporates" is a better word) DirSync as the new tool to set up synchronization between your on-premise Active Directory and Azure Active Directory, including Office 365.

The current version of Azure AD Connect is only the beginning. Microsoft has announced a lot more features, which will be made available in the next versions.

More information and installation resources:

by lunarg on March 24th 2015, at 12:12

As you probably already have noticed, does Outlook prompt for credentials when configuring Outlook for use with a federated Office 365 account, regardless of whether you've set up your intranet zoning for your ADFS server in Internet Explorer options.

Apparently, this is unresolveable as Outlook (2013 and earlier) simply does not support SSO. It is currently unknown whether a subsequent version of Outlook will have this feature.


Oddly enough, Lync does support SSO.

by lunarg on August 25th 2014, at 12:30
When running ADFS 3.0 On a Windows 2012 R2 domain controller, on a reboot, the Active Directory Federation Services service may not start up properly, and may not subsequently not service requests. The Services management snap-in shows the service with a status of Starting.

The reason for this is an error during the deployment of ADFS where a dependent service, the Microsoft Key Distribution Service, is not set to start automatically, causing ADFS not to start up properly until that particular service is also started.

The solution is quite simple: in the Services management snap-in, find the service called Microsoft Key Distribution Service, and set its startup type to Automatic.

After th  ...
showing posts tagged with 'adfs'
« June 2017»
« Have you tried restarting your computer, Sir? »
first answer of any tech support