I was running a DC with server 2012 and ADFS 2.1 (server 2012) had an ADFS 2.1 Proxy

I published ADFS external via TMG with a web publishing rule, this worked great (no preauth by TMG).

Now i have a 2nd DC with server 2012 r2 and installed ADFS 2.2 (server 2012 r2) on it.
Now in the TMG adfs publishing rule i change the TO field to the ip of  the 2nd DC.

Now when i run the TEST RULE i get "64 - the specified network name is no longer available"

• Edited by dirkverhagen123 Monday, December 16, 2013 3:09 PM

I am seeing the same thing in my environment, and I think you are right; this has to do with the fact that ADFS is no longer dependent on IIS in Windows Server 2012 R2: http://technet.microsoft.com/en-us/library/hh831502.aspx.

But, what I am wondering is, is it only the "Test Rule" functionality in TMG that is broken, or does ADFS not work in general?

• Marked as answer by Quan GuMicrosoft contingent staff, Moderator Tuesday, December 24, 2013 6:35 AM

I can confirm that I can successfully authenticate to my O365 tenant using ADFS installed on Windows Server 2012 R2, and published through TMG. It seems its only the "Test Rule" functionality on the publishing rule that's broken, due to the fact that ADFS on Windows Server 2012 R2 no longer relies on IIS.

• Marked as answer by Quan GuMicrosoft contingent staff, Moderator Tuesday, December 24, 2013 6:35 AM

i also can confirm the test rule doesnt work but adfs itself does work

unfortunately the test rule also doesnt work for  publish "web application proxy" BUT then it does not work AT ALL.

• Marked as answer by dirkverhagen123 Tuesday, December 24, 2013 1:22 PM

HI All,

   I have create the TMG  non webserver publishing rule and cannot test the  url  https://sts.domain.com.au/adfs/ls/idpinitiatedsignon.htm from the external or DMZ Server ?

Cansome one help me to ctrate this connectivity to ADFS 2012 R2 Internal Server.

 Certificate: *.domain.com   ( use fro few application) 

 Internal Federation Identifier: sts.domain.com

 TMG server in DMZ with two Nics.

 What do i need to do to allow communication?

I got following error from externally

The page cannot be displayed  

Explanation: There is a problem with the page you are trying to reach and it cannot be displayed. 


Try the following:
Refresh page: Search for the page again by clicking the Refresh button. The timeout may have occurred due to Internet congestion. 
Check spelling: Check that you typed the Web page address correctly. The address may have been mistyped. 
Access from a link: If there is a link to the page you are looking for, try accessing the page from that link. 


Technical Information (for support personnel)
Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202) 
 

AS

 

• Edited by AUSSUPPORT Wednesday, July 16, 2014 6:06 AM

OK, after pulling my hair out a lot with this (TMG 2010 and ADFS 3 (windows 2012 R2) and federated domain with Office 365), I was getting the dreaded error 64.

the 443 non webserver rule solution previously posted worked, but I wasn't happy with that as I didn't want all port 443 requests going to my ADFS server, so persisted with the web publishing rule and got it working.

The setting that caused the error 64 for me, is to go to the web publishing rule and the "To" tab and  if you have anything specified in the "Computer name or IP address (required if the internal site name is different or not resolvable)" box = Leave that blank, tick "forward the original host header" box and I use "requests appear to come from TMG" and then it works. (I have a HOSTS file on the TMG that points the sts name at the WAP (ADFS Proxy) internal IP.

Big thanks go to my colleague MartinF who set me on the right path (hopefully my hair will start to grow back now).

• Proposed as answer by MegaNuk3 Friday, May 08, 2015 3:16 PM