This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 57.00000000000001%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Hello,
I work with environment where I have really old setup. I tried to perform not recommended in-place upgrade, it succeed on a few common machines but it's different with AD DC... Due to complication I decided to create new DC and migrate overtime all roles from the DC01.
Machine is correctly configured and domain joined, it was promoted to DC02, replication works correctly.
At this moment there it looks like this:
Problem I have right now is to install and authorize AD FS on WS2019(DC02). Configuration Wizard is failing due to pre-requisites check:
So far I managed to:
Could you please give me any hints, advises, what could be yet wrong?
I am doing this first time and it's really confusing especially in the old setup.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 68%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAG%3C/text%3E%3C/svg%3E)
Hi I am facing same issue with ADFS, can you please let me know if you were to fix this issue?
Hi, I have created new server in environment with OS that meets the compatibility requirements regarding the ADFS version (in my case Windows Server 2019). Then I joined the server as the ADFS farm, when replication done the job, I migrated over this server to promote it as main ADFS server, then I detached old server from ADFS. In my case it was the best and quickest solution due to some complications with old versioning in environment full of shenanigans. I recommend YouTube tutorials, most of the scenarios are nicely recorded there.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 80%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
Hi @Shu
You should start by checking the SPN configuration set on the old service account.
Can you share with us the result of this command:
setspn -l Domain\adfs-service-account-used-by-DC0
Please don't forget to mak helpful anser as accepted*
HTTP/DC02
HTTP/DC01
DC02/DC02.domain.com
https/DC02.domain.com
http/DC02.domain.com
http/DC01.domain.com
https/DC01.domain.com
DC01/DC01.domain.com
This is output for setspn -l Domain\adfs-service-account-used-by-DC01
DC01 run AD FS service.
This is output for setspn -l Domain\adfs-service-account-used-by-DC01
DC01 is primary AD FS server.
HTTP/DC02
HTTP/DC01
DC02/DC02.domain.com
https/DC02.domain.com
http/DC02.domain.com
http/DC01.domain.com
https/DC01.domain.com
DC01/DC01.domain.com
You should not be putting ADFS on a DC. We have a free workshop next week on how to migrate from ADFS to Azure AD. I cannot stress enough you attend and retire that ADFS instance https://techcommunity.microsoft.com/t5/community-events-list/microsoft-workshops-how-to-successfully-migrate-away-from-ad-fs/m-p/3668480
I can't migrate now, but I will keep that information in mind for the future, thank you for that.
What is preventing you from migrating?
Old configuration with complex environment that is hard to migrate.