Event ID 393 - The federation server proxy could not establish a trust with the Federation Service

  • Article

Hello Everyone! Here’s some info on an interesting support issue I worked the other day. If you happen to run into this one day, maybe this will help you get it resolved.

ISSUE:

We are performing a brand new deployment of Web Application proxy role on a Windows Server 2012 R2 machine.

The Application Proxy Server is in a workgroup machine, while the ADFS server is running on a domain-joined windows 2012 R2 server.

For information on the installation pre-requisites and steps, I would suggest you to review the TechNet documentation available here.

Now back to the issue,we took the PowerShell approach to install the Web application Proxy role.

Install –WebapplicationProxy –certificateThumbprint <Hashvalue> FederationServicename <name of the adfsservice >

When we ran this command let, we encountered the following error:

TROUBLESHOOTING AND RESOLUTION:

WAP has pretty extensive event logging, so the first thing we need to do is look at the event logs under Application and service logs. There we found Event 393 corresponding to our
failure.

We then verified that the certificate thumbprint of the cert in the “ADFSTrustedDevices” cert store (on the ADFS server) matches the SSL certificate on the WAP server.

So, all prerequisites are good. At this point, we checked the time settings on the 2 servers and found that the WAP and ADFS servers are out of time sync.

Once we fixed the time sync issue, we were successfully able to run the installation task and establish proxy trust. The issue was resolved!

The key takeaway here is, time sync between Web application proxy and ADFS server is of prime importance since some of the key operations like Configuration Polling will not work as expected if there is no correlation in time.

Hope this helps resolve some of the installation issues you might see when working on Web Application Proxy.

Thank you

Dheeraj Kollipara -MSFT
Support Engineer -Forefront Edge Team

TechNet: http://technet.microsoft.com/en-us/library/dn584113.aspx

Blog: http://blogs.technet.com/b/applicationproxyblog/