Time out error after redirection (ADFS-Office 365 SSO)

Hi everyone,

 I've been having a problem with configuring ADFS and Office 365 SSO. So Everything is setup and signing into office 365 from the internal network works perfectly but when trying to access from the external network I get timed out. A brief overview of my setup:

-------------------------------------------------------------

LAN------>Firewall---------->Firewall------>Internet

                   |

                 DMZ

-------------------------------------------------------

LAN network: 192.168.50.0/24

DC-DNS, RODC-DNS, ADFS1-ADFS2 (NLB), DIRSYNC.

--------------------------------------------------------

DMZ: 172.16.50.0/24

ADFS Proxy1-ADFS Proxy 2 (NLB) (NLB IP: 172.16.50.225)

--------------------------------------------------------

Firewall-Firewall: 10.10.10.0/24

Internal Firewall: Inside: 192.168.50.254/Outside: 10.10.10.2

External Firewall: Inside: 10.10.10.1/Outside: 172.31.130.83 (working in a class lab with my universities private network)

----------------------------------------------------------

Our network engineering department has its own firewall, I was given a Public IP address of 199.50.X.X that port forwards both port 80 and 443 to the outside interface of the external firewall (172.31.130.83)

The internal firewall allows outgoing and incoming connections from anywhere for troubleshooting the issue. The External Firewall has been configured portforward both port 80 and 443 to the adfs proxy NLB address.

Other firewall configurations such as NAT and static routes have been configured correctly.

I've updated the public DNS records, the A record for my ADFS from the public IP address godaddy assigned to my public domain to the public IP given to me (199.50.X.X). I added the adfs server internal IP and name to the adfs proxy host files and DNS resolution is working both internal and externally.

---------------------------------------------------------------------------------------------------------------------------

Using a domain-joined computer and user I am able to sign into office 365 with no problems. The problem starts when I try to access from an external device. When entering a domain user email at the office portal, it tries to redirect me to my adfs proxy but after a minute or so it fails to load my internal adfs login page and using google chrome I see a timeout error.

Checked event viewer on both adfs and adfs proxy servers and nothing is showing up, checked my firewalls and everything seems to be working fine, I also confirmed that the faculty's firewall is receiving and forwarding correctly through ports 443 and 80 (my external firewall also shows the same results).

Any help would appreciated, been troubleshooting for more than  week and pretty much out of options other than starting over.

Thank you.

Moe.


  • Edited by mjomha87 5 hours 20 minutes ago title changed
March 23rd, 2015 9:43pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics