Error to ADD ADFS Server

[jredondo18]

Hi!

I am trying to add an ADFS. I have already registered the primary ADFS. When I run x, I get the following error in the powershell console:

Computer SERVERTEST NOT Added/Updated to MFA configuration

The following error appears in the event viewer:

Do you know what can be the cause?

Thank you,

Thanks.

[redhook62]

Hi, @jredondo18

Below are the steps you must follow to add a new ADFS server to your farm.

• Add the ADFS server to your farm (Microsoft procedure), respecting all the prerequisites required by Microsoft.

For the MFA

• Install on this new server, the adfsmfa.msi solution, the prerequisites are exactly the same as for your main server.
• Add the new server to the MFA configuration. https://github.com/neos-sdi/adfsmfa/wiki/01-Installation#add-an-adfs-server
• Open windows firewall rules on servers https://github.com/neos-sdi/adfsmfa/wiki/01-Installation#configure-windows-firewall-rules
• Check that the ports are open between the different farm servers. from each server in PowerShell Admin :
  Test-NetConnection -Computername otheradfsserver -Port 5987
• To make it simple then, restart the machines.

regards

[jredondo18]

HI @redhook62,

Thank you for your response,

I have followed all the steps and have verified port 5987 on each server. On both servers they are open and there is connection.

I have also restarted the machines, but I still get the same error.

Is there anything else I can check? The servers are Windows 2012R2

I have followed all the steps and have verified port 5987 on each server. On both servers they are open and there is connection.

I have also restarted the machines, but I still get the same error.

Regards.

[redhook62]

No, there is no problem with 2012r2.

As stated in the documentation: https://github.com/neos-sdi/adfsmfa/wiki/01-Installation#summary
Your ADFS account must be Local Administrator, this is not mandatory for newer versions.

Servers must be added with their name as FQDN. Eg: server2.domain.local

In powershell on the main server:
(Get-MFAFarmInformation).Servers

post us the screenshot

regards

[jredondo18]

Hi!

I attach a screenshot where I try to add a second ADFS and it shows the information from the command (Get-MFAFarmInformation).Servers.

I also attach the connectivity to port 5987 with the second ADFS.

Note: The second ADFS is in a different domain. Both have the inter-domain trust relationship established.

[redhook62]

No, using the same name for servers that are not in the same domain does not comply with Microsoft's specifications.

Your 2 servers must be in the same domain,
If there have trust relationships, ADFS will be able to authenticate users in the linked domains.
Verify that the ADFS service account is authorized to read the various ADDS attributes to forge its token.
MFA will require read and write rights on the different domain trusts since you are in ADDS mode.
I remind you that all this is clearly indicated in the documentation - installation.
So your ADFS platform is not correct. make sure to upgrade everything, and reinstall the MFA afterwards.

regards