An error occured executing Update ADFS Federated AAD Trust task in Entra Connect

Allan Stark 501 Reputation points
2024-11-14T18:54:29.85+00:00

Hello MS Q&A Community,

I encountered a strange problem when trying to federate one of our domains with Entra ID in Entra Connect.

Our ADFS service is located on a separate Windows 2016 server, has a public name like adfs.domain.com and internal adfs.domain.local, has a valid LetsEncrypt certificate for public name and can be properly resolved on public and AD DNS, is published externally with ports 443 and 49443 and is accessible externally on these ports, as well as via the standard link: https://adfs.domain.com/adfs/ls/idpinitiatedSignOn

Entra Connect is installed on one of the domain controllers, updated to the latest version 2.4.21.0 and worked fine in password hash mode.

TLS1.2 is enabled on ADFS and DC (with Entra Connect) servers.

The ADFS service was configured without problems using Entra Connect wizard (and yes, I know about the problem of missing ADFS PS module, I've installed but not configured ADFS role on that DC server for this), but when trying to federate a domain, it gives a strange error:

Update ADFS Federated AAD Trust
The communication object, System.ServiceModel.Channels.ServiceChannel, cannot be used for communication because it is in the Faulted state.

1

I found similar errors only in topics about developing services for Azure or dedicated to .Net.

This is quite strange, since I once configured AD FS in a similar scenario and then everything worked immediately and without problems.

I have even reinstalled the AD FS server and returned the Entra Connect settings to the original ones (password hash sync) in order to try to set up domain federation again.

I am attaching screenshots of Entra Connect Sync and its log.

1.png 2.png 3.png

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,282 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,649 questions
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.