'无法在联合服务器代理和联合服务之间建立信任。 [英] ‘Unable to establish a trust between the federation server proxy and federation service.
问题描述
当我安装联合代理服务器并进入您输入联合服务名称的安装页面时,我能够成功测试连接。但当我点击下一个按钮并输入我的服务帐户凭据时,我收到一条错误消息
'无法在联合服务器代理和联合服务之间建立信任。
When i am installing the Federation Proxy server and come to the setup Page where you input the federation service name i am able to test connection succesfully. But when i hit next button and type in my service account credentials i get an error message ‘Unable to establish a trust between the federation server proxy and federation service.
我是什么已经注意到证书上的主题名称指定了我的联合身份验证服务器名称而不是联合身份验证服务名称。我还注意到,在代理服务器向导的设置页面上输入的联合身份验证服务名称是
我的联合身份验证服务器名称,但测试连接按钮可以成功运行。但我得到的错误如上所述。
What i have noticed is that the subject name on the certificate specifys my Federation Server Name and not the Federation Service Name. What i also notice is that the Federation Service Name that is inputed on the setup page of the proxy server wizard is my Federation Server Name but the test connection button works succeesfully. But i get error as stated above.
(Certififcate主题字段名称是否必须与联合身份验证服务名称相同,如果是这样,我如何更改证书上的主题字段以使其工作或是还有另一种解决这个问题的方法)。
(Does the Certififcate subject field name need to be the same name as the Federation Service Name, If so how do i change Subject feild on Certificate for this to work or is there another way to reslove this problem).
我说的是联邦服务名称和联合服务器名称不能相同。
Also am i correct in saying that the Federation Service Name and Federation Server Name cannot be the same.
联合服务器名称= MPL-COLO-ADFS1 = 192.168.192.1(DNS主机记录)
联邦服务名称= MPL-COLO-ADFS = 192.168.192.1(DNS主机记录)
联合服务器代理= MPL-COLO-ADFSW = 192.168.192.2(DNS主机记录)
Federation Server Name = MPL-COLO-ADFS1 = 192.168.192.1 (DNS HOST A RECORD)
Federation Service Name = MPL-COLO-ADFS = 192.168.192.1 (DNS HOST A RECORD)
Federation Server Proxy = MPL-COLO-ADFSW = 192.168.192.2 (DNS HOST A RECORD)
我的TEST ssl证书上的主题数据= MPL-COLO-ADFS1
Subject feild on my TEST ssl certificate = MPL-COLO-ADFS1
帮助!!!!!!!!!!!!!!!!!!!!!!
HELP!!!!!!!!!!!!!!!!!!!!!!
推荐答案
看看:
和
服务器场中所有SSL证书的主题(包括所有联合服务器和联合服务器代理)必须使用联合身份验证服务名称。请务必注意,支持通配符和主题备用名称(SAN)证书。
The subject of all SSL certificates in the farm, including all Federation Servers and Federation Server Proxies, must utilize the Federation Service Name. It is important to note that wildcard and Subject Alternative Name (SAN) certificates are supported.
这篇关于'无法在联合服务器代理和联合服务之间建立信任。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
