Certificate Authentication in Windows Server 2012 R2

Solve port problems with Certificate Authentication (CA) and Active Directory Federation Services (AD FS) in Windows Server 2012 R2.

John Savill

July 10, 2014

1 Min Read
authentication

Q: I'm trying to use Certificate Authentication or Device Registration with Active Directory Federation Services on Windows Server 2012 R2, but it fails when connecting externally from the network. Why?

A: A change was made in Active Directory Federation Services (AD FS) in Windows Server 2012 R2 related to device registration; those changes also affect Certificate Authentication (CA). When a TCP connection is initiated to the AD FS or Web Application Proxy (WAP) server, the connection uses port 49443 instead of 443. This means you need firewall exceptions and publishing for TCP port 49443 in addition to 443 for the AD FS or WAP server (if used). Microsoft documents this change in "Preparing to Migrate the AD FS Federation Server."

About the Author

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like