ADFS 2.0 – Unable to Establish a Trust between Proxy and Federation Service


I recently was asked to help troubleshoot an issue where the client was unable to add the ADFS proxy server despite the fact that they can successfully contact the service.


 

Unable to establish a trust between the federation server proxy and the Federation Service. Ensure that the provided credentials are valid credentials for establishing a trust or ensure that the Federation Service address is correct, and then try again

Going through the normal process of adding an ADFS proxy, the Test Connection was successful

  1. Contact the Federation Service was successful

     

  2. But you get a credential prompt

     

  3. Then the error appears

     

  4. Eventlog event that is logged from the error.

After troubleshooting this error I came to realize that the certificate that was used was not correct. The client had a multi-name certificate and the SPN on the certificate did not match the ADFS Farm name.

Resolution was to get a new public certificate with a single name and match the SPN to the ADFS Farm Name

 

http://blogs.technet.com/b/adfs/archive/2007/07/23/adfs-certificates-ssl-token-signing-and-client-authentication-certs.aspx

Thanks for visiting and reading my posts. I am always looking for more ideas. Please comment or email me with what you would like to see.

Kelsey Epps

Office 365 MVP

Email Me Follow me on Twitter Connect with me on LinkedIN Facebook Me

2 thoughts on “ADFS 2.0 – Unable to Establish a Trust between Proxy and Federation Service

  1. Andrew Roe

    I had this issue but in my case the common name WAS the same as my federated services name. In my case I could tell from the event ID which certificate was having an issue (it listed the thumbprint for my decrypt certificate and my event message was different it stated that the private key was not accessible) I checked the cert and it said the private key was available so I ended up generating a new CSR for my decrypt certificate and going to my 3rd party CA and re-issuing (revoke and replace with Symantec) using the new CSR stating new Key pair for reason I installed the new certificate set the ADFS service account to have read rights to the newly installed certificate exported the certificate with private key, installed it on my other ADFS servers and my ADFS Proxy servers and then re-ran the proxy configuration wizard this time it went through without a hitch.

    Reply
  2. Pingback: Fix Adfs Spn Error Windows XP, Vista, 7, 8 [Solved]

Leave a Reply