Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
ADFS 2.1 User Certificate Authentication and/or Device Registration Authentication Fails with Server 2012 R2
Problem: Using Certificate Authentication or Device Registration with ADFS on Server 2012 R2 fails when published externally. Internally it works, externally it fails.
Cause: Changes were made in ADFS on Windows Server 2012 R2 to support Device registration. These same changes apply certificate authentication, where the client (machine and / or web browser) initiates a TCP connection to the ADFS or WAP server on destination port 49443. This design change is documented here: https://technet.microsoft.com/en-us/library/dn486819.aspx.
Solution: On your external Firewall, in addition to TCP port 443, publish TCP port 49443 for ADFS or the WAP (preferred method).