Web Application Proxy – The operation stopped due to an unknown general error. Error Code 0x8007520C

I’ve come across this issue before and to resolved it previously by removing and reinstalling WAP from the server but i wondered if there was a quicker way out there and there is!

This is a great blog post and sorted me out a treat without having to remove the WAP role and reinstall. Thanks Uilson Souza 🙂

http://fastvue.co/tmgreporter/blog/how-to-solve-web-application-proxy-and-ad-fs-certificate-issues-general-error-code-0x8007520c

Steps below are taken following Uilsons posts and the post even has an explanation to why it happens and if you wanted to prevent it using reg keys.

Explanation of why this happens taken from Uilsons Post

The proxy trust certificate is a rolling certificate valid for 2 weeks and periodically updated. This is stored in an internal, protected store so you won’t see it in any of the usual certificate stores. What you see in the local machine store is the initial temporary certificate thumbprint used while the proxy trust is first being established. This explains why the WAP event log error included a strange, unknown certificate thumbprint.

If you leave your WAP server offline for more than 2 weeks, the proxy trust certificate will expire and you’ll need to re-initialise the proxy trust (which is what I did with the Install-WebApplicationProxy cmdlet).

This can also happen when you move your VM’s configuration to another storage – as was my case!

You can also solve this issue by setting the following registry key to 1 on the WAP server and re-running post-install config from the Remote Management console:

HKLM\Software\Microsoft\ADFS

ProxyConfigurationStatus

  • 1 (not configured)
  • 2 (Web Application Proxy is configured)

Hopefully we wont need the Reg Key was i would want to know if WAP service was down for 2 weeks! if you have a planned shut down its very good to know but two weeks is still quite a while for WAP to be down.

WAP Server

Error i had when opening Remove access Management 😦

clip_image001

WAP Event Log

Unable to retrieve proxy configuration data from the federation service.

clip_image003

Checked Certs on WAP

Thumbprint is different

clip_image005

ADFS Server

Same Thumbprint referenced in Event Log on ADFS which is wrong!

clip_image006

ADFS Certs

The one noted in Event Log does not exist. The Certificate installed on both WAP and ADFS is reference so i need to reset this.

clip_image004

From ADFS server i opened and checked the Farm Name

adfs.xxxxx.com

clip_image001[5]

Back to WAP Server

From PowerShell as Admin run

Install-WebApplicationProxy -CertificateThumbprint "<CORRECT THUMPRINT>" -FederationServiceName "<FARM NAME>"

Enter in credentials with permissions to deploy WAP

clip_image002[5]

Re-establishing trusts

clip_image003[5]

Following this checked WAP Server Event log

clip_image004[5]

WAP Service is now Running 🙂

clip_image006[5]

ADFS Server

clip_image005[5]

clip_image007

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s