This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 60%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETG%3C/text%3E%3C/svg%3E)
Hi,
I am set up ADFS and WAP in test environment, I can reach the ADFS server when i am in the LAN but not externally. My ISP is blocking port 443. S i would like to know if there is a way to change the default port 443 on ADFS and WAP server to something else.
Thanks.
It is very odd to block the port 443. It is usually the only one open even on public kiosk machine or airport WiFi...
In theory you can change the HTTPS port on the ADFS server with Set-AdfsProperties. But it will require to re-configure all applications as in a passive flow, it is the application redirecting the users to the ADFS farm. Also if you change the port to something different than the 443, you might prevent many users to access the application externally for the same reason as you invoke. It is very possible that they might only connect to specific ports and usually the 443 is the one universally white listed.
Thanks for the answer. It is a test environment i just want to make sure i familiar myself with how the configuration works. So can you be more specific about how to change the ports theoretically? Do i have to use the set-adfsproperties command on only the adfs server to change the port ? How do i change it on the WAP server also so that they can still communicate?
Thanks, this is a test environment so its not that important if all users cant access it external. Can you be specific with the commands going to be used? Do i have to change the port on the WAP also ?
If you have ADFS 2012 R2 or lower, you can use Set-ADFSProperties -httpsport.
Starting ADFS 2016, the port has to be 443 for HTTPS on the farm. This is a requirement for Device Registration Service.
Since this is for test purposes, you can workaround this by using a portproxy. Run the following on your ADFS server and WAP:
netsh interface portproxy add v4tov4 listenport=444 connectaddress=<localIP> connectport=443 protocol=tcp
This will redirect all the incoming traffic on the port 444 to the local port 443 (replace LocalIP by the actual IP of the ADFS server when you run it on the ADFS server and of the WAP when running on the WAP). As long as the port is not already in used and that the incoming port port is open (you need an inbound rule to allow it). The WAP will still talk to the ADFS server on port 443 but in your scenario, since the limitation is at the ISP level, you don't really have a problem using the port 443 in between your own servers.
Thanks again. I tried the solution and entered the command on both WAP och the ADFS server and now i cannot even access the ADFS locally in my network. When i go to https://adf.domain/adfs/ls/idpinitiatedsignon.aspx:444 i get the warning bcs of self-signed cert och when i click on continue anyway i get "401 Authorization Required". So now i cant access the ADFS either internally or externally after using the command on both WAP and ADFS server. I have a port forwarding in my router that forwards incoming traffic on port 444 to the WAP ip address and i open inbound rule firewall on both servers.
"now i cannot even access the ADFS locally in my network."
This is not a possible outcome of running these commands. They redirect traffic. You must have done something else than these commands if the service is not working on the original port.
Also, it is not https://adf.domain/adfs/ls/idpinitiatedsignon.aspx:444 but https://<fqdn of the adfs farm>:444/adfs/ls/idpinitiatedsignon.aspx.
Thanks again, i didnt do anything else other than use the command above. But i ill give it a try again, reinstall ADFS and WAP and try again. Right now i have no hope but i appreciate all your effort. Things would have been simpler if ISP do not block the 443 port.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 37%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
i know this is an old thread but its the best out there still. i was able to setup the port proxy and these links work as expected. https://myadfsserver:9443/FederationMetadata/2007-06/FederationMetadata.xml & https://myadfsserver:9443/adfs/ls/IDpInitiatedSignOn.aspx but not the actual url for my app config https://myadfsserver:9443/adfs/ls/. when i dont specify a port(using default 443) single sign on works as expected. any ideas?