Hi everyone,

 I've been having a problem with configuring ADFS and Office 365 SSO. So Everything is setup and signing into office 365 from the internal network works perfectly but when trying to access from the external network I get timed out. A brief overview of my setup:

-------------------------------------------------------------

LAN------>Firewall---------->Firewall------>Internet

                   |

                 DMZ

-------------------------------------------------------

LAN network: 192.168.50.0/24

DC-DNS, RODC-DNS, ADFS1-ADFS2 (NLB), DIRSYNC.

--------------------------------------------------------

DMZ: 172.16.50.0/24

ADFS Proxy1-ADFS Proxy 2 (NLB) (NLB IP: 172.16.50.225)

--------------------------------------------------------

Firewall-Firewall: 10.10.10.0/24

Internal Firewall: Inside: 192.168.50.254/Outside: 10.10.10.2

External Firewall: Inside: 10.10.10.1/Outside: 172.31.130.83 (working in a class lab with my universities private network)

----------------------------------------------------------

Our network engineering department has its own firewall, I was given a Public IP address of 199.50.X.X that port forwards both port 80 and 443 to the outside interface of the external firewall (172.31.130.83)

The internal firewall allows outgoing and incoming connections from anywhere for troubleshooting the issue. The External Firewall has been configured portforward both port 80 and 443 to the adfs proxy NLB address.

Other firewall configurations such as NAT and static routes have been configured correctly.

I've updated the public DNS records, the A record for my ADFS from the public IP address godaddy assigned to my public domain to the public IP given to me (199.50.X.X). I added the adfs server internal IP and name to the adfs proxy host files and DNS resolution is working both internal and externally.

---------------------------------------------------------------------------------------------------------------------------

Using a domain-joined computer and user I am able to sign into office 365 with no problems. The problem starts when I try to access from an external device. When entering a domain user email at the office portal, it tries to redirect me to my adfs proxy but after a minute or so it fails to load my internal adfs login page and using google chrome I see a timeout error.

Checked event viewer on both adfs and adfs proxy servers and nothing is showing up, checked my firewalls and everything seems to be working fine, I also confirmed that the faculty's firewall is receiving and forwarding correctly through ports 443 and 80 (my external firewall also shows the same results).

Any help would appreciated, been troubleshooting for more than  week and pretty much out of options other than starting over.

Thank you.

Moe.

• Edited by mjomha87 Tuesday, March 24, 2015 1:41 AM title changed

Hi Moe,

Regarding specific ADFS query, I suggest you refer to experts from the following forum to get professional support:

Claims based access platform (CBA), code-named Geneva Forum

http://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=Geneva

Thank you for your understanding and support.

Best Regards,

Amy

Thank you Amy, realized I posted in the wrong section.

With regards to my issue I found the problem which was related to my firewall (Cisco ASA5505), apparently it had a basic license which limited the number hosts connected to it.

• Marked as answer by Amy Wang_Microsoft contingent staff, Moderator 5 hours 42 minutes ago

Hi,

Glad to hear that you have found the cause, and thank you for sharing with us!

Please feel free to let us know if there are any further requirements in the future.

Best Regards,

Amy