I was installing a new ADFS environment on Windows 2022 and the Web Application Proxy Configuration Wizard failed with the following error message:
Retrieval of proxy configuration data from the Federation Server using trust certificate with thumbprint <thumbprint> failed with status code ‘InternalServerError’
The certificate as mentioned the wizard is available on the WAP server. You can check this using the following command in PowerShell:
PS C:\> Dir CERT:\LocalMachine\My
For some reason, the WAP server is having difficulties contacting the internal ADFS server which is also running on Windows 2022. Name resolution works fine and credentials of the local administrator were ok.
One of the new features of Windows 2022 is support for TLS 1.3 and here’s the culprit. It seems like ADFS is not working correctly with TLS 1.3.
To disable TLS 1.3 on the WAP server, add the following registry keys:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client] "DisabledByDefault"=dword:00000001 "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server]
As shown in the following screenshot:
After adding these registry keys, the WAP Proxy configuration wizard finished successfully.
3 thoughts on “ADFS Web Application Proxy Configuration Wizard fails with trust certificate error”
Thank you very much 🙂
Thanks a lot! You saved my life!
It’s remarkable that you figured this out. Thank you – excellent post.
In our case the error was that the WAP was unable to retried the proxy configuration data.