Today while implementing a KEMP load balancing solution for ADFS v3 and WAP together with a colleague, I ran into errors on my WAP servers. Both seemed to be connected fine, the IdpInitiatedSignon.aspx page worked….but when I tried to run Get-WebApplicationProxyADFSRelyingParty in Powershell, I got 0x80075227 to chew on.
At first just ADFS+WAP, load balanced, worked, this error surfaced when we added a Non Claims Aware trust to a Sharepoint 2013 Kerberos enabled server so we could publish it using Windows Authentication (which we needed for various BI / Excel components that require Kerberos). The Sharepoint servers were also load balanced, we expect the KEMP has issues with SNI.
Connecting the WAP server directly to ADFS, without the KEMP load balancer in between solved this issue for now, we’re still looking into the configuration of the KEMP with their technicians to find a way to load balance this effectively without compromising on security.
Update: our engineer who worked with KEMP reported that an extra VIP was required because of SNI.