Sar4D
commented
2 years ago I created a new certificate with the subdomain. *.example.com
Now I am getting this error in INSTALL ADFS
The install adfs script is the exact same that's on the otrf repo
Closed Sar4D closed 1 year ago
Sar4D
commented
2 years ago I created a new certificate with the subdomain. *.example.com
Now I am getting this error in INSTALL ADFS
The install adfs script is the exact same that's on the otrf repo
Cyb3rWard0g
commented
1 year ago Hello @Sar4D ! Sorry for the late reply. Regarding the domain issue, I was testing the following and it is already working when deploying a template which creates a basic domain: https://github.com/OTRF/Blacksmith/blob/master/resources/scripts/powershell/dsc/active-directory/Create-AD.ps1#L28-L30
I am testing the same fix for this AD FS environment.
Regarding the last error message, I am not sure why it caused it. However, this line was causing some issues: https://github.com/OTRF/Blacksmith/commit/6bf4658b70ae078b763b5e2504a01399893a027f . Fixed it back in June.
Cyb3rWard0g
commented
1 year ago This is the AD FS part of this scenario:
https://github.com/OTRF/Blacksmith/tree/master/templates/azure/Win10-AD-ADFS
In order to expedite the testing, I would use that template. I have deployed it a few times today with a self-signed certificate and it works fine. I have also used it with a wildcard SSL certificate and it works fine. Let me know if you still have any issues with it. thank you and once again sorry for the late reply.
Getting certificate thumbprint error in Install-ADFS
Scenario : Been trying to deploy this environment for weeks! We are trying to deploy the environment in our current Azure environment that already has a domain and AD within. We tried first to deploy using that domain name as the FQDM but we would not able to AD connect in the DC because the federation existed already. We then tried to redeploy using a subdomain as our FQDN (ex: simuland.example.com ) changed the ps1 template for the AD to match : (as previously mentioned in another issue. )
$DomainName1,$DomainName2,$DomainName3 = ($using:domainFQDN).split('.') $ParentPath = "DC=$DomainName1,DC=$DomainName2,DC=$DomainName3 "
Everything deploys correctly up to Install-ADFS and this certificate thumbprint error. I am wondering if we have a wildcard certificate for our domain name ( .example.com ) if that is enough or do we need an extra wildcard certificate for the subdomain as well ( .simuland.example.com ) to satisfy the requirements of the newly create federation which will be adfs.simuland.example.com ? Trying to be as clear as possible here. Running a little short on solutions here and would really appreciate to get this environment going for our team! Thanks in advance.