Web Application Proxy fail to connect to ADFS with 407 Error

Howdy,

Recently, i was working on one of the Web Application Proxy connectivity issues with the backend ADFS Server and I just wanted to share this information to give a general idea of what all can go wrong.

So, this is what we heard when we asked what is the issue:

The WAP was configured earlier with ADFS and everything was working as expected and suddenly, the Web Application Proxy does not connect to the backend ADFS anymore.

We started looking at the Events to understand what has happened and Interestingly, we found this

This is usually, thrown by a Proxy server and not the ADFS,  Reference: https://msdn.microsoft.com/en-us/library/windows/desktop/aa383887%28v=vs.85%29.aspx

Just to see what happens, we ran the Install-WebApplicationproxy command and we found the similar error as below

 

So, why are we going through a Proxy server when connecting to the ADFS and why was this working before?

The answer was the GPO Setting that was enabled on the WAP Server that had Proxy configured. Please take a look at this article to understand how can that be done

https://blogs.msdn.com/b/asiatech/archive/2014/05/12/how-to-apply-the-content-of-ie-settings-in-gpo-which-used-iem-ie-maintenance-before-ie10-to-ie10-version-since-iem-has-been-deprecated-begin-from-ie10.aspx

We had to remove this GPO from the computer in order to fix the error.

You may also encounter similar issues if you have a proxy and are trying to Configure the WAP over GUI. Here is an example:

 

I hope that helps

 

Shashanka Haritsa

Technical Lead

CSS Security