Step by Step Guide for Installing and Configuring ADFS 3.0 on Windows Server 2012

Step by Step Guide for Installing and Configuring ADFS 3.0 on Windows Server 2012

 

Installation Sequence:

 image

image image

image

image

Configuration Sequence:

 

Welcome to the Active Directory Federation Services Configuration Wizard.

Before you begin configuration, you must have the following:

  • An Active Directory domain administrator account.
  • A publicly trusted certificate for SSL server authentication.

AD FS pre-requisites

image

image

image

 image

image

This server will be configured as the primary server in a new AD FS farm ‘fs.poc.lan’.

AD FS configuration will be stored in Windows Internal Database.

Windows Internal Database feature will be installed on this server if it is not already installed.

All existing configuration in the database will be deleted.

A group Managed Service Account POC\adfs$ will be created if it does not already exist and this host will be added as a member.

Federation service will be configured to run as POC\adfs$.

image

If you click on View Script:

[code language=”powershell”]<br>#<br># Windows PowerShell script for AD FS Deployment<br># <p>Import-Module ADFS <p>Install-AdfsFarm `<br>&nbsp;&nbsp;&nbsp; -CertificateThumbprint:"3923273B4862WEE0CBAF3WEWE99125EDBWEWEWC0C5" `<br>&nbsp;&nbsp;&nbsp; -FederationServiceDisplayName:"ADFS POC" `<br>&nbsp;&nbsp;&nbsp; -FederationServiceName:"fs.poc.lan" `<br>&nbsp;&nbsp;&nbsp; -GroupServiceAccountIdentifier:"POC\adfs`$" `<br>&nbsp;&nbsp;&nbsp; -OverwriteConfiguration:$true <p>[/code]

image

The root key for the group Managed Service Account was created at 6/18/2014 4:16:18 AM. If you have more than one domain controller in your Active Directory forest, the key may not yet have replicated to all domain controllers and therefore the service may not successfully install or start. To avoid service startup problems, wait 10 hours to ensure the key has replicated to all DCs before completing the Active Directory Federation Services Configuration Wizard, executing Install-AdfsFarm or Add-AdfsFarmNode on any other servers in your network, or restarting any AD FS service.

All prerequisite checks passed successfully. Click ‘Configure’ to begin installation.

image

Next steps required for completing your federation service deployment

Verifying that AD FS is working fine:

 

Checkout your IdP Sign-on landing page by navigating to

https://fs.<yourdomain.lan>/adfs/ls/IdpInitiatedSignon.aspx

image

In AD FS Management Console you’ll the Federation Service properties as shown below:

image

 

 

Possible Errors while configuring AD FS:

 

Issue#1: You’ll receive warning “Group Managed Service Accounts are not available because the KDS Root Key has not been set.” as shown below:


Specify Service Account


Group Managed Service Accounts are not available because the KDS Root Key has not been set. Use the following PowerShell command to create the key: “Add-KdsRootKey -EffectiveTime (Get-Date).AddHours(-10)”


OK


image

Fix: Run the suggested PS command as domain administrator.

PS C:\> Add-KdsRootKey -EffectiveTime (Get-Date).AddHours(-10)

Guid


396d333p-0ce6-cb4d-ad45-d9f096734fe02

PS C:\>

Issue#2: You’ll receive Database Overwrite confirmation prompt if you already have had ADFS previously installed on the same server:

image

 

<

p>

One thought on “Step by Step Guide for Installing and Configuring ADFS 3.0 on Windows Server 2012

Leave a Reply

Your email address will not be published. Required fields are marked *