ADFS member server domain disjoin - rejoin process

  • 152 Views
  • Last Post 26 September 2016
nidhin_ck posted this 26 September 2016

Hi Experts,

Is there special steps to be followed when we disjoin and rejoin the ADFS member server from the domain? 

Regards,
Nidhin CK

Order By: Standard | Newest | Votes
ZJORZ posted this 26 September 2016

While it still is a member of the ADFS farm? Don’t know. Never done that before SQL or WID? SQL, you should be able to see the farm config WID, it should replicate (see event log) Any errors? Met vriendelijke groeten / Kind regards, Jorge de Almeida Pinto*: JorgeDeAlmeidaPinto@xxxxxxxxxxxxxxxx(: +31 (0)6 26.26.62.80 Description: Description: Description: Description: Think Green 

show

nidhin_ck posted this 26 September 2016

Hi Jorge,




Currently this server is a member of ADFS Farm and it uses WID. Wintel team recommends to disjoin and rejoin this server from domain as we receive Event ID 3210 (attached screenshot) on this ADFS server that too on specific time range (for eg:- region shift

login time). This server is a VM machine and wintel team thinks there might be a duplicate SID for this machine object. 




Whenever server generates 3210, this server also generates numerous Event ID 364 under ADFS event viewer and users pointing to this adfs server facing SSO issues. We will have restart ADFS service/IIS/Netlogon server to fix this SSO issue. So we thought

of trying this disjoin rejoin steps. 










Regards,


Nidhin CK







Regards,


Nidhin CK











show

kebabfest posted this 26 September 2016

I would have thought the message looks to be something screwy in dns. Is there a dc on the same vlan as your adfs server ?

show

skitzsofrenick posted this 26 September 2016

If you think it’s a problem with the computer account. Can you try running test-computersecurechannel? If that tests good, it is more than likely a firewall or

DC problem.

 



 

aaron clasby



 

show

nidhin_ck posted this 26 September 2016

test-computersecurechannel is giving true.. and we have multiple DC's in this adfs server vlan




Regards,


Nidhin CK











show

Close