Make sure that an SSL binding exists for the Default Website on the IIS Server. Without this binding, AD FS 2.0 Configuration Wizard is going to complain as follows:
The process for requesting certificates needs to be initiated from a domain machine which has appropriate enroll privileges on the Web Server certificate template or any other template which complies with your enterprise Certificate Practice Statement.
Start the “Request New Certificate” wizard as shown. Follow the prompts until you see the following screen.
Provide the common name of the certificate as specified. This is the most important information about the certificate. It either needs to be either of the following:
- DNS name of the proxy server if deployed in a standalone mode
- DNS name of the load balancer behind which exists a farm of servers.
Switch to the General tab and provide a friendly name for ease of reference.
Switch to the Private Key tab and make the key exportable. This is required as we need to export the certificate off this computer onto our AD FS Federation Proxy Server.
Get done with the wizard and then click 'Enroll'.
Copy the certificate onto the AD FS Federation Proxy Server and start the Certificate Import Wizard from IIS.
Now start the AD FS 2.0 Federation Server Proxy Configuration Wizard.
Provide the name of the AD FS 2.0 Federation Server (or the name of the farm)
Follow the instructions as specified.
Provide the domain information of a user which will be used for communication with the federation server.
This error means that the account presented in the previous step doesn't have required permissions to issue proxy trust token which is used to identity AD FS Proxy Server/s.
If the account being used in the previous step was different from the AD FS service account provided during the setup of the federation server, then it needs to be added as a local admin to the federation server. If not, the service account should work just fine.
We are now ready to establish trust between the federation proxy and the federation server.
The configuration results will now show up.