question

MattH6935-9335 avatar image
0 Votes"
MattH6935-9335 asked JerryXu-MSFT commented

certauth.adfs.mydomain unexpectedly closed connection

Hello everyone...fairly new to adfs, but I have setup a Sharepoint/ADFS environment currently working using claims based authentication supported by forms authentication. My next task is switch this over to certificate authentication. The WAP server has been created and is publishing the Relying Party (Sharepoint) and I have setup AlternateTLSBinding for the certauth.adfs.mydomain. I believe all certificates are in place.

As of right now when I type the address to my sharepoint site, I am redirected to the adfs login page, where I can either type in my username/password (which works) OR click login with certificate. When I click the login with certificate link I am brought to the next screen which talks about selecting the certificate then I am forwarded to the certauth.adfs.mydomain and receive a unexpected closed the connection error.

I am at a loss, I dont know what else to check anymore...

PS> firewall is wide open for testing on this.
PS>my external dns entries have adfs pointing to adfs server and certauth.afds pointing to WAP server as I have read in multiple place.

Thanks for the help!

office-sharepoint-server-administrationadfs
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I am curious where you read the following: "my external dns entries have adfs pointing to adfs server and certauth.adfs pointing to WAP server as I have read in multiple place."

0 Votes 0 ·

1 Answer

JerryXu-MSFT avatar image
0 Votes"
JerryXu-MSFT answered JerryXu-MSFT commented

Hi, @MattH6935-9335 ,

Have you checked ULS log and event viewer? There may be related error messages which contain more information.


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

So I was able to get past the error I was describing above by setting the Global Authentication Policy on the WAP server. Now when I select login with certificate on the ADFS page, I get an error stating:

MSIS7121: The request did not contain a valid client certificate that can be used for authentication. This is occurs if there are no valid certificates on the client computer, for example if all certificates have expired or been revoked. Error Code: 0x490

Problem is, I am never prompted to select a certificate.

0 Votes 0 ·

Hi, @MattH6935-9335 ,

Sorry for the late reply. I cannot reproduce your issue in my end. It may better to open a support ticket about it.

0 Votes 0 ·

Thanks for looking into it! I just may have to do that!

0 Votes 0 ·
Show more comments