0

We run a AWS ELB for two AD FS Proxy servers (also hosted in AWS). For some reason, when I set it up as HTTPS mode it doesn't work. When I set it up as TCP mode, it works with no issues, however it can't determine downtimes. Whenever I set the link to check adfs in HTTPS mode, it reports instances unavailable. I can hit each server by putting the IP and address into my Hosts file. For some reason the https simply does not work. Any ideas on how to make HTTPS mode work?

David Eisen
  • 643
  • 5
  • 21
  • Did you verify the health checks being received on the AD FS servers? Are you forwarding or offloading SSL at the ELB? If you are using HTTPS checking, how are you able to use the IP and not the domain name? – Jedi Jul 01 '16 at 20:29

1 Answers1

1

The issue is that when the ELB is connecting to the host using HTTPS it isn't connecting to a particular hostname but instead is using the IP. The AD FS Proxy is only responding to connections to that hostname.

For the ELB to monitor the health of the AD FS Proxies you need to install IIS on the AD FS Proxy servers.

  1. Install IIS
  2. Configure with an SSL Certificate (Self signed is fine here as ELB's don't check the SSL certificate validity)
  3. Configure the Default website to listen on port 443 with the SSL certificate you configured.

You should now find that the HTTPS health check works correctly.

This also applies to AD FS Servers behind an ELB.

Garth McCormack
  • 36
  • 1