ADFS 3.0 TLS Error: This page can’t be displayed

After Installing ADFS 3.0 on a Windows Server 2012 R2 the ADFS Server could not be reached.
While testings https://fs.contoso.com/adfs/ls/IdpInitiatedSignon.aspx the following error was displayed

adfs

Please turn on TLS 1.0, TLS 1.1 and TLS 1.2 in Advanced settings

Even though this was turned on in Microsoft Internet Explorer, also the Chrome browser could not connect to the ADFS Server.

The same error appeared while testing from the ADFS server itself. The ADFS Logon page was reachable when localhost was used instead of the FQDN.
In ADFS Powershell, when running the Get-AdfsSslCertificate Cmd-let the following was showed.

adfs_pwsh
The certificate was only binded to the Hostname: contoso.com
To fix this “binding” issue, the Set-AdfsSslCertificate cmd-let was run
adfs_pwsh3
The result was now that the Adfs Certificate was rebinded to the correct hostname
adfs_pwsh4

Restart the ADFS service and check for hostname warnings in AD FS > Admin eventlog

adfs_srvs

https://fs.contoso.com/adfs/ls/IdpInitiatedSignon.aspx was now correctly published

adfs2

Free subscription



You may also like...

1 Response

  1. Ken schreef:

    Hi Erwin,

    I am currently experiencing the same precise TLS error as seen in your post and screen capture. I have 2 ADFS Servers 3.0 load balanced with WNLB. Everything working fine for months until this week users started getting that message and could not login to office .

    Certificated were corrected binded correctly. I had to changed the adfs service from the NLB VIP to the primary ADFS server in the farm and all starting working . So it seems the WNLB was the culprit. . Any insights is appreciated.

Geef een reactie

Het e-mailadres wordt niet gepubliceerd. Vereiste velden zijn gemarkeerd met *