I’ve come across this issue before and to resolved it previously by removing and reinstalling WAP from the server but i wondered if there was a quicker way out there and there is!
This is a great blog post and sorted me out a treat without having to remove the WAP role and reinstall. Thanks Uilson Souza 🙂
Steps below are taken following Uilsons posts and the post even has an explanation to why it happens and if you wanted to prevent it using reg keys.
Explanation of why this happens taken from Uilsons Post
The proxy trust certificate is a rolling certificate valid for 2 weeks and periodically updated. This is stored in an internal, protected store so you won’t see it in any of the usual certificate stores. What you see in the local machine store is the initial temporary certificate thumbprint used while the proxy trust is first being established. This explains why the WAP event log error included a strange, unknown certificate thumbprint.
If you leave your WAP server offline for more than 2 weeks, the proxy trust certificate will expire and you’ll need to re-initialise the proxy trust (which is what I did with the Install-WebApplicationProxy cmdlet).
This can also happen when you move your VM’s configuration to another storage – as was my case!
You can also solve this issue by setting the following registry key to 1 on the WAP server and re-running post-install config from the Remote Management console:
HKLM\Software\Microsoft\ADFS
ProxyConfigurationStatus
- 1 (not configured)
- 2 (Web Application Proxy is configured)
Hopefully we wont need the Reg Key was i would want to know if WAP service was down for 2 weeks! if you have a planned shut down its very good to know but two weeks is still quite a while for WAP to be down.
WAP Server
Error i had when opening Remove access Management 😦
WAP Event Log
Unable to retrieve proxy configuration data from the federation service.
Checked Certs on WAP –
Thumbprint is different
ADFS Server
Same Thumbprint referenced in Event Log on ADFS which is wrong!
ADFS Certs
The one noted in Event Log does not exist. The Certificate installed on both WAP and ADFS is reference so i need to reset this.
From ADFS server i opened and checked the Farm Name
adfs.xxxxx.com
Back to WAP Server
From PowerShell as Admin run
Install-WebApplicationProxy -CertificateThumbprint "<CORRECT THUMPRINT>" -FederationServiceName "<FARM NAME>"
Enter in credentials with permissions to deploy WAP
Re-establishing trusts
Following this checked WAP Server Event log
WAP Service is now Running 🙂
ADFS Server