ADFS 4.0 Proxy - HTTP Error 503. The Service Is Unavailable On Browser
Query King | Thu, 20 May 2021 at 08:37 hours | Replies : 2 | Points : 100
Category : ADFS
Hi All,
I have to disable TLS 1.0 & TLS 1.1 to fix the vulnerability in ADFS Server. Post disabling and reboot of federation servers, I am getting "HTTP Error 503. The service is unavailable" error on browser while accessing from internet.
i am using Active Directory Federation Server (ADFS) 4.0, with 4.7 .Net.
I cannot see any error on Federation or proxy server. Please suggest if there is any dependency of ADFS 4.0 on TLS 1.0 version.
This Question is already solved Click To See The Answer
Hi,
Yes, there is dependency of TLS 1.0 for ADFS 4.0. But you can make some registry changes to force ADFS proxy to use any available higher version on ADFS proxy Server.
Below is the registry entry needs to be created in all 4 locations. Please take registry backup before making any kind of registry changes.
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v2.0.50727] SchUseStrongCrypto=dword:00000001
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319] SchUseStrongCrypto=dword:00000001
- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft.NETFramework\v4.0.30319] SchUseStrongCrypto=dword:00000001
- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft.NETFramework\v2.0.50727] SchUseStrongCrypto=dword:00000001
Post making the above registry changes, Restart below services.
- ADFS Service (adfssrv)
- Device Registration Service (drs)
- Any other .NET application that might be running in the server.
Hope this will help you.
Thanks, it is fixed
