0

I'm looking for how to add hostname bindings to ADFS like you would add additional hostname bindings for a website in IIS. e.g. adfs.mydomain.com is the domain used for ADFS. In addition I'd like to add server1.adfs.mydomain.com. This has nothing to do with SSL certs. I know this can be done as I did it on the ADFS server I'm retiring.

For those who ask why I want to do this. There is a farm of ADFS servers behind a load balancer all using adfs.mydomain.com hostname. I'd like specific bindings for each server e.g. server1.adfs.mydomain.com so I can probe the service on a specific server from our monitoring system to verify the ADFS service is online.

The old ADFS server is whatever role service comes with Win2k16. The new ADFS server is the role service on Win2k22. This used the be easier to find searching google, but now adfs related postings have become littered with references to Azure and O365 implementations. Anyone know how to add the additional binding? I feel like previously it was powershell or netsh command, but I could be wrong.

gilm0079
  • 595
  • 1
  • 4
  • 18

1 Answers1

0

• Since, the ADFS servers in your ADFS farm are behind a load balancer which has a hostname of ‘adfs.mydomain.com’, the ADFS servers in the farm also are domain joined servers with their DNS records hosted in your environment’s local DNS server. Thus, to identify those ADFS servers with additional hostnames other than that assigned them during domain joining, you need to add these additional hostnames in the local hosts file of the ADFS servers serviced by the load balancer as shown below: -

Go to the path, ‘C:\Windows\System32\drivers\etc\hosts’ and open the hosts file with notepad and add the IP address of the respective ADFS Server as shown below in the screenshot: -

Location of lmhosts file

Thus, in this way, the monitoring server will be able to find out the ADFS server and query the ADFS service for its proper functioning. Also, it will be able to resolve them through the load balancer if it has to pass through them for service availability.

IP Address addition in lmhosts file

Kartik Bhiwapurkar
  • 4,550
  • 2
  • 4
  • 9
  • Thanks, but this is not a DNS resolution issue. I don't have to go though the load balancer to contact the ADFS servers. They already have DNS records for their respective servers e.g. server1.adfs.mydomain.com. The problem seems to be the integrated http hosting service that ADFS listens with needs specific hostnames for bindings just like you would find in IIS. – gilm0079 Oct 14 '21 at 13:08
  • Can you please check the bindings in IIS for the ADFS application pool whether what is the federation site name used for 443 port? If it is the same as specified in the SSL certificate, then you can add more bindings to it, thus giving you an option to assign multiple discoverable site names as well ADFS service hostnames. – Kartik Bhiwapurkar Nov 03 '21 at 07:29
  • ADFS is not in IIS. It is a self hosted service. – gilm0079 Nov 04 '21 at 00:37