Hi experts,
I'm not that familiar with ADFS complex configuration. Hope someone can point me in the right direction.
So we have DOMAIN and DOMAINDEV domains.
I have configured ADFS for my SP2013. ADFS and SP sit in DOMAINDEV and I can login using my DOMAINDEV account.
when trying to login using my DOMAIN account, the ADFS throws error:
--- the error in the event viewer: The Federation Service encountered an error while connecting to a global catalog server at domain.com.au. Additional Data Domain Name: domain.com.au Global Catalog hostname (if available): Error from server (if available): Exception Details: The LDAP server is unavailable. User Action Troubleshoot the network connectivity to the global catalog server. Also, verify that the global catalog server is configured properly. followed by The Federation Service encountered an error while processing the WS-Trust request. Request type: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue Additional Data Exception details: Microsoft.IdentityServer.ClaimsPolicy.Language.PolicyEvaluationException: POLICY0018: Query ';sAMAccountName,tokenGroups,userPrincipalName,mail;{0}' to attribute store 'Active Directory' failed: 'Exception of type 'Microsoft.IdentityServer.ClaimsPolicy.Engine.AttributeStore.Ldap.LdapServerUnavailableException' was thrown.'. ---> ---any idea how I can allow login through my DOMAIN account as well?
I have confirmed the ADFS can connect to the DC DOMAIN 389 (telnet)
Thanks,
Andreas
- Edited by crsnt Thursday, October 31, 2013 7:22 AM