ADFS V1 Configuration Issues

we have been working on setting , have run few issues, dont know sure issues dont follow articles. server 2008 enterprise sp2, adfs proxy server. should showing events when try authenticate server outside in event log, however, still page states server error in adfs application stated in setup guide. however, dont see event id outlines in guide proper working authentication. havent been able find documentation on setup, seeing asp.net errors

event code: 3005
event message: unhandled exception has occurred.
event time: 10/18/2011 2:32:13 pm
event time (utc): 10/18/2011 6:32:13 pm
event id: aa09242fb94a4ab5b216256c460a210b
event sequence: 10
event occurrence: 3
event detail code: 0
application information:
application domain: /lm/w3svc/1/root/adfs-1-129634355378929302
trust level: full
application virtual path: /adfs
application path: c:\windows\systemdata\adfs\sts\
machine name: xxxxxxx
process information:
process id: 2328
process name: w3wp.exe
account name: nt authority\network service
exception information:
exception type: httpunhandledexception
exception message: exception of type 'system.web.httpunhandledexception' thrown.
request information:
request url: https://xx.xx.xx/adfs/ls/clientlogon.aspx
request path: /adfs/ls/clientlogon.aspx
user host address: .....
user:
authenticated: false
authentication type:
thread account name: nt authority\network service
thread information:
thread id: 3
thread account name: nt authority\network service
impersonating: false
stack trace: @ system.web.ui.page.handleerror(exception e)
@ system.web.ui.page.processrequestmain(boolean includestagesbeforeasyncpoint, boolean includestagesafterasyncpoint)
@ system.web.ui.page.processrequest(boolean includestagesbeforeasyncpoint, boolean includestagesafterasyncpoint)
@ system.web.ui.page.pageasyncinfo.callhandlerspossiblyunderlock(boolean onpagethread)
@ system.web.ui.page.pageasyncinfo.callhandlerscancellablecallback(object state)
@ system.web.httpcontext.invokecancellablecallback(waitcallback callback, object state)
@ system.web.ui.page.pageasyncinfo.callhandlers(boolean onpagethread)
 
custom event details:
federation server page should see on internal dns, ideas?

edit: formatted better readability

---

patrick clark

i checked adfs sme, here inputs:

in trying understand configuration, can verify following:
- identity provider ad or other account store configured account partner
- 3rd party vendor app or other fed partner configured resource partner
- inside corporate network, works expected
- when accessing extranet receive .net exception page , 3005
- 3005 event logged on proxy server

from event you've posted, doesn't getting /adfs/ls page start verifying certificate being used, here list of things first:
- extranet, can browse default page of iis server hosting proxy
- ensure external name resolution of federation server name points proxy
- ensure proxy server resolves federation server name internal federation server
- ensure subject proxy ssl cert matches subject of internal federation server
- trace steps of adding client authentication certificate making sure you've added correct certificate proxy config fsp  certificates tab of trust policy properties of federation server (http://social.technet.microsoft.com/wiki/contents/articles/ad-fs-1-0-and-1-1-how-to-replace-the-ssl-token-signing-and-federation-server-proxy-certificates.aspx)

if items above in order, enable capi2 logging on proxy
- event viewer\application , services logs\microsoft\windows\capi2\operational
- make sure certificates in use can verified proxy

let know if still having problems after checking items above

---

sumesh p - microsoft online community support

Windows Server  >  Directory Services