Share via

Azure AD Connect - Failed to Connect to the Primary AD FS Server

Patrick 26 Reputation points
2020-05-01T19:26:54.237+00:00

Trying to set up Azure AD connect with my home lab AD FS....i have a WAP set up and can sign into my ADFS server with a domain account from the internet...so im sure the WAP and Federation Server are configured properly...the WAP is running on a child domain controller in a vmware vm on one machine...the ADFS server is setup on the root forest domain controller on another machine...not sure if its a port forwarding issue, i did run the Diagnostics Analyzer and all it came up with is that the time is not synced between WAP and FS server, which is incorrect. - apologies if this seems vague...but i've done so much i dont know where to start.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments
Answer accepted by question author
  1. Marilee Turscak-MSFT 37,271 Reputation points Microsoft Employee Moderator
    2020-05-07T00:05:46.153+00:00

    If you are seeing issues with time differences, you can run:

    Set-ADFSRelyingPartyTrust -TargetName <trustname> -NotBeforeSkew <time_in_minutes>

    https://dori-uw-1.kuma-moon.com/en-us/powershell/module/adfs/set-adfsrelyingpartytrust?view=win10-ps

    Have you checked the troubleshooting guide for this error?

    https://support.microsoft.com/en-us/help/3018485/failed-to-connect-to-active-directory-federation-services-2-0-on-the-l

    PROBLEM

    When you run the Convert-MsolDomainToStandard cmdlet to convert a domain from federated to managed, you receive the following error message:

    Failed to connect to Active Directory Federation Services 2.0 on the local machine.
    Please try running Set-MsolADFSContect before running this command again.

    CAUSE

    This problem occurs if the server on which you're running the Convert-MsolDomainToStandard cmdlet is not running Active Directory Federation Services (AD FS).

    SOLUTION

    Do one of the following, as appropriate for your situation:
    If AD FS is still running, use the Set-MsolADFSContext cmdlet to specify the server on which AD FS is running.

    For example: 

    Set-MsolADFSContext –Computer <ServerName>

    For more information about the Set-MsolADFSContext cmdlet, see Set-MsolADFSContext.
    If AD FS is not running, use the Set-MsolDomainAuthentication cmdlet to change the domain to a managed domain.

    For example: 

    Set-MsolDomainAuthentication -DomainName <DomainName> -Authentication Managed

    For more info about the Set-MsolDomainAuthentication cmdlet, see Set-MsolDomainAuthentication.

    Also, make sure the file and print sharing is open and the VMs can ping each other.

    1 person found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Patrick 26 Reputation points
    2020-05-07T11:03:57.18+00:00

    Hello Marilee,

    Thank you for your reply, I switched to pass-through authentication and it seems to be working fine. My AD users are able to login to myapps.microsoft.com with domain creds, which is what i was shooting for. i will definitely try your suggestions next time i decide to use ADFS and run into the same problem.

    Regards

    1 person found this answer helpful.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.