I have recently set up an ADFS 2016 server and restored an export from a previous ADFS 2.0 on Windows 2008 R2. Passed the new configuration through MS' analyzer with no issues (except for using a wildcard cert which seems to confuse it).
Using Chrome on the ADFS server, when I surf to the service: (fqdn = adfs.corp.mydomain.com = federation service name)
- http://fqdn –> default IIS page
- https://fqdn –> cannot be reached
- http://localhost/adfs/fs/federationserverservice.asmx –> 503
- https://localhost/adfs/fs/federationserverservice.asmx –> XML
- http://fqdn/adfs/fs/federationserverservice.asmx –> 503
- https://fqdn/adfs/fs/federationserverservice.asmx –> cannot be reached
So, according to the first and fourth responses, I can viably reach the service and it responds with XML. But, I'm not sure why I can't get the response when using the full domain name and path in the last URL? How do I diagnose this?
Best Answer
What about the normal metadata endpoint:
https://myserver.domain.com/FederationMetadata/2007-06/FederationMetadata.xml
ADFS only answers to https and in 2016 does not use IIS.