This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 28.999999999999996%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECV%3C/text%3E%3C/svg%3E)
I have two ADFS 3.0 servers and two ADFSproxy servers(DMZ). All located in Azure. The machines all or load balanced.
Now i try to add a windows 2016 server (ADFS 4.0) on a different VNET but peer with the old VNET.
When i try to add the ADFS 4.0 (windows 2016 machine) I get this error.
Unable to retrieve configuration from the primary server. The specified DNS name of the primary federation server could not be resolved. Verify that the DNS name is correct, and that the AD FS service is running on the primary federation server and try again.
Did you validate that DNS resolution of the primary FQDN from the ADFS 4 was working?
Also that you can reach the port 80 from this new machine?
Fixed the problem. I was adding the farm name and thats was only reachable from outside. So it landed on the WAP. But the question was. What is your Primary server in the farm.
But i have a question if I add the windows 2016 (ADFS4.0) machine to the farm. Does it take all Replying party trusts. Even if i gone raise the farm level.
Yes, the entire configuration is in the database.
Also do you need to update the office365 sign-in rely party trust. I saw on a website that you need to add some registry keys.
Nope. The trust stays as-is.
Do you have references for the registry thing?
Oh I see. That's not specific to the Azure AD trust. It is a TLS thing, so rather an OS thing. In this Azure AD trust situation, it is used only for trust monitoring, which is not a mandatory feature at all. You should disable old ciphers and old version of SSL/TLS regardless of your servers' roles.
Transport Layer Security (TLS) registry settings: https://learn.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings
I need todo this update because i need sso with wvd.
https://www.powershellgallery.com/packages/ConfigureWVDSSO/1.0.0.0/Content/ConfigureWVDSSO.ps1
When migrating does it also migrate your customize logon page?
When i open the port 80 on the adfsproxy server. i get another error:
The HTTP service located at http://****************/adfs/services/policystoretransfer is unavailable. This could be because the service is too busy or because no endpoint was found listening at the specified address. Please ensure that the address is correct and try accessing the service again later.
The port 80 on the WAP server is useful only for: