Configure a New Federation Server Proxy
Updated: May 5, 2010
Applies To: Active Directory Federation Services (AD FS) 2.0
You can use the AD FS 2.0 Federation Server Proxy Configuration Wizard to configure a new federation server proxy in Active Directory Federation Services (AD FS) 2.0. The wizard has two modes of operation. The normal mode of operation is to start the wizard without any additional command-line options specified. You can then step through the wizard user interface (UI) manually. As an alternative, you can run the wizard by specifying all configuration options as additional command-line options. This way, you can complete the configuration of AD FS 2.0 in a single command (either at the Command Prompt or with Windows batch file or script) without starting the full UI.
You can use the AD FS 2.0 Federation Server Proxy Configuration Wizard to configure a federation server proxy. This wizard cannot be run from the AD FS 2.0 snap-in. It must be run as a stand-alone executable on the same computer where the federation server proxy is to be installed.
Before you run this wizard, complete the following tasks:
Set up a Federation Service on the intranet, and configure the endpoints that should be enabled for this federation server proxy. If a server has been set up already for this purpose, learn or obtain its host (computer) name.
Verify that during AD FS 2.0 setup that the Federation Server Proxy option is selected for server role. If the Federation Server option is selected, the federation server proxy configuration will not be available.
Open the AD FS 2.0 Federation Server Proxy Configuration Wizard after you install AD FS 2.0.
Note At the completion of AD FS 2.0 Setup, you have the option to start this wizard. If you decide instead to run it later, you can open the AD FS 2.0 Federation Server Proxy Configuration Wizard by using Windows Explorer. To open the wizard later, browse to the folder where AD FS 2.0 was installed (typically, %programfiles%\Active Directory Federation Services 2.0), and then double-click the FspConfigWizard.exe application.
On the Welcome page, click Next.
On the Specify Federation Service Name page, specify the name of the Federation Service that you want this federation server proxy to use, and then click Test Connection to verify that you can connect to this server. When you confirm that you can connect, click Next.
For more information, see Specify Federation Service Name.
When prompted, specify the credentials needed to establish a trust between this federation server proxy and the Federation Service.
By default, only the service account used by the Federation Service or a member of the local BUILTIN\Administrators group can authorize a proxy with the Federation Service.
On the Ready to Apply Settings page, review the details. If the settings appear correct, click Next to begin configuring AD FS 2.0 with these settings.
For more information, see Ready to Apply Settings.
On the Configuration Results page, review the results. When all the configuration steps are complete and you have reviewed the status for them, click Close to exit the wizard.
If some of the components were not installed successfully or configured as expected, note them and their status before you exit the wizard. For more information, see Configuration Results.
Open a Command Prompt window. To open a command prompt, click Start, click Run, type cmd, and then click OK.
Change the directory to the path where AD FS 2.0 was installed. For example, if the default path of %ProgramFiles%\Active Directory Federation Services 2.0 was used as the install path, type the following command, and then press ENTER:
cd %programfiles%\Active Directory Federation Services 2.0
To configure this computer as a federation server proxy, type the applicable syntax using either of the following command parameters, and then press ENTER:
fspconfigwizard.exe /HostName <host name> /Username <username> /Password <password> [/ForwardProxy <forward proxy DNS name>]
Parameter name Description
Specifies the host name or computer name of the intranet Federation Service. This parameter is required.
Specifies the username of the account that is authorized to register the federation server proxy. By default, only the service account used by the Federation Service or a member of the local BUILTIN\Administrators group can authorize a proxy with the Federation Service. This parameter is required.
Specifies the password for the user name. This parameter is required.
Specifies the DNS name and port of an HTTP proxy that this federation server proxy computer will use to obtain access to the intranet. This parameter is optional.