I was running a DC with server 2012 and ADFS 2.1 (server 2012) had an ADFS 2.1 Proxy

I published ADFS external via TMG with a web publishing rule, this worked great (no preauth by TMG).

Now i have a 2nd DC with server 2012 r2 and installed ADFS 2.2 (server 2012 r2) on it.
Now in the TMG adfs publishing rule i change the TO field to the ip of  the 2nd DC.

Now when i run the TEST RULE i get "64 - the specified network name is no longer available"

• Edited by dirkverhagen123 Monday, December 16, 2013 3:09 PM

Hi,

Actually we do not suggest you only modify the IP to meet this environment. Since both internal site name and certificate need to be changed. So please try to create a new publish rule step by step:

http://social.technet.microsoft.com/wiki/contents/articles/11185.adfs-publishing-rule-in-tmg.aspx

For the error 64. Please refer to the articles below:

http://blogs.technet.com/b/isablog/archive/2013/05/29/error-64-the-specified-network-name-is-no-longer-available-while-accessing-a-https-site-through-isa-2006.aspx

http://blogs.technet.com/b/keithab/archive/2011/05/04/tmg-2010-is-logging-an-error-quot-failed-connection-attempt-quot-status-64-the-specified-network-name-is-no-longer-available-quot-in-live-logging.aspx

Best Regards

Quan Gu 

Hi,

I deleted the old rule and created a new rule as your first link but that didnt work. If i add /adfs/* on the paths tab i get error "503 service unavailable"

But i found something strange when digging around.

I run split DNS and ADFS external url is same as internal.
So when i create the publishing rule as per your link and don't fill in the "computername or ip address" on the To tab i get an other error "404 not found". Strange i can browse to the site from TMG and nslookup shows the correct ip of the adfs server.

When i enter the ip address of the adfs server in the "computername or ip address" field on the To tab i get the error "64 network name no longer available"

I think it has something to do with being it a server 2012r2 server and new ADFS 3.0 that don't uses IIS anymore but cant find out what

any suggestions? 

Hi,

Do you configure the DNS sever on both internal and external NIC?

I think there must be something wrong with your web listener since you can access the site from TMG server.

Best Regards

Quan Gu

Hi, dns is configured only on internal nic. Internal nic is on top in the binding order.
Listener is configured as in your link above.

fyi, the same rule and listener work to an server 2012 (non r2) adfs server.

I am seeing the same thing in my environment, and I think you are right; this has to do with the fact that ADFS is no longer dependent on IIS in Windows Server 2012 R2: http://technet.microsoft.com/en-us/library/hh831502.aspx.

But, what I am wondering is, is it only the "Test Rule" functionality in TMG that is broken, or does ADFS not work in general?

• Marked as answer by Quan GuMicrosoft contingent staff, Moderator Tuesday, December 24, 2013 6:35 AM

I can confirm that I can successfully authenticate to my O365 tenant using ADFS installed on Windows Server 2012 R2, and published through TMG. It seems its only the "Test Rule" functionality on the publishing rule that's broken, due to the fact that ADFS on Windows Server 2012 R2 no longer relies on IIS.

• Marked as answer by Quan GuMicrosoft contingent staff, Moderator Tuesday, December 24, 2013 6:35 AM

i also can confirm the test rule doesnt work but adfs itself does work

unfortunately the test rule also doesnt work for  publish "web application proxy" BUT then it does not work AT ALL.

• Marked as answer by dirkverhagen123 Tuesday, December 24, 2013 1:22 PM

Having just gone through the pain of trying to get ADFS on Server 2012 R2 published with TMG 2010, I will tell you how I got it to work. You have to use a non webserver publishing rule and simply publish port 443 inbound and outbound to the internal server. Once I got away from the web server rules it worked perfectly. I hope this helps anyone else out there having the Error 64 issues with this.

Tks pgibbons! Helped a lot!

It worked for me.

HI All,

   I have create the TMG  non webserver publishing rule and cannot test the  url  https://sts.domain.com.au/adfs/ls/idpinitiatedsignon.htm from the external or DMZ Server ?

Cansome one help me to ctrate this connectivity to ADFS 2012 R2 Internal Server.

 Certificate: *.domain.com   ( use fro few application) 

 Internal Federation Identifier: sts.domain.com

 TMG server in DMZ with two Nics.

 What do i need to do to allow communication?

I got following error from externally

The page cannot be displayed  

Explanation: There is a problem with the page you are trying to reach and it cannot be displayed. 


Try the following:
Refresh page: Search for the page again by clicking the Refresh button. The timeout may have occurred due to Internet congestion. 
Check spelling: Check that you typed the Web page address correctly. The address may have been mistyped. 
Access from a link: If there is a link to the page you are looking for, try accessing the page from that link. 


Technical Information (for support personnel)
Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202) 
 

AS

 

• Edited by AUSSUPPORT Wednesday, July 16, 2014 6:06 AM

Hi All,

  With Web Publishing I got error 64. and cannot test the https://sts.domain.com/adfs/ls/idpinitiatedsignon.htm  ?

  any other way to test this functionality?

As

 

Were you able to resolve this?

HI ,

  Not with ADFS 3.0. i saw your post but i cannot use non publishing rule due to i'm using 443 for other servers. and single IP. (External)

Description: The server publishing rule ADFS Proxy, which maps x.x.x.x:443:TCP to y.y.y.15:443 for the protocol HTTPS Server, was unable to bind a socket for the server. The server publishing rule cannot be applied. 
The failure is due to error: You were not connected because a duplicate name exists on the network. If joining a domain, go to System in Control Panel to change the computer name and try again. If joining a workgroup, choose another workgroup name.

  So i just create ADFS 2.0 works.

AS

OK, after pulling my hair out a lot with this (TMG 2010 and ADFS 3 (windows 2012 R2) and federated domain with Office 365), I was getting the dreaded error 64.

the 443 non webserver rule solution previously posted worked, but I wasn't happy with that as I didn't want all port 443 requests going to my ADFS server, so persisted with the web publishing rule and got it working.

The setting that caused the error 64 for me, is to go to the web publishing rule and the "To" tab and  if you have anything specified in the "Computer name or IP address (required if the internal site name is different or not resolvable)" box = Leave that blank, tick "forward the original host header" box and I use "requests appear to come from TMG" and then it works. (I have a HOSTS file on the TMG that points the sts name at the WAP (ADFS Proxy) internal IP.

Big thanks go to my colleague MartinF who set me on the right path (hopefully my hair will start to grow back now).

• Proposed as answer by MegaNuk3 16 hours 7 minutes ago

OK, after pulling my hair out a lot with this (TMG 2010 and ADFS 3 (windows 2012 R2) and federated domain with Office 365), I was getting the dreaded error 64.

the 443 non webserver rule solution previously posted worked, but I wasn't happy with that as I didn't want all port 443 requests going to my ADFS server, so persisted with the web publishing rule and got it working.

The setting that caused the error 64 for me, is to go to the web publishing rule and the "To" tab and  if you have anything specified in the "Computer name or IP address (required if the internal site name is different or not resolvable)" box = Leave that blank, tick "forward the original host header" box and I use "requests appear to come from TMG" and then it works. (I have a HOSTS file on the TMG that points the sts name at the WAP (ADFS Proxy) internal IP.

Big thanks go to my colleague MartinF who set me on the right path (hopefully my hair will start to grow back now).

• Proposed as answer by MegaNuk3 Friday, May 08, 2015 3:16 PM