Configure a New Federation Server

Configure a New Federation Server

Updated: May 5, 2010

Applies To: Active Directory Federation Services (AD FS) 2.0

You can use the AD FS 2.0 Federation Server Configuration Wizard to configure a new federation server and a new Federation Service. This wizard has two modes of operation. The normal mode of operation is to start the wizard without any additional command-line options specified. You can use this mode to proceed through the wizard user interface (UI) manually.

As an alternative, you can run the wizard and specify all configuration options as additional command-line options. This makes it possible for you to configure a federation server in a single command (either at a command prompt or by means of a Windows batch file or script) without opening the full graphical user interface (GUI).

Using the Federation Server Configuration Wizard

The AD FS 2.0 Federation Server Configuration Wizard is a stand-alone executable (.exe) program. It is accessible from the Windows GUI or, for advanced non-GUI use, as a command-line tool. It cannot be opened or accessed from within Microsoft Management Console (MMC) and the AD FS 2.0 snap-in. You can use the following procedure to configure a new federation server with the AD FS 2.0 Federation Server Configuration Wizard.

To configure a new federation server using the wizard

1. Open the AD FS 2.0 Federation Server Configuration Wizard after you install Active Directory Federation Services (AD FS) 2.0.

clip_image001Note

At the completion of AD FS 2.0 Setup, you have the option to start the AD FS 2.0 snap-in and then immediately start this wizard. If you decide instead to run it later, you can open the AD FS 2.0 Federation Server Configuration Wizard by using Windows Explorer. To open the wizard later, browse to the folder where AD FS 2.0 was installed (typically, %programfiles%Active Directory Federation Services 2.0), and then double-click the FsConfigWizard.exe application.

2. On the Welcome page, select the option to either create a new Federation Service or to add a federation server to an existing Federation Service, and then click Next.

3. On the Select Stand-Alone or Farm Deployment page, select the option either to configure a stand-alone server or to create a new federation server farm, and then click Next.

4. On the Specify the Federation Service Name page, review the name for the Federation Service that has been taken from the Subject of the selected Secure Sockets Layer (SSL) certificate, and then click Next.

For more information, see Specify the Federation Service Name.

5. If an AD FS configuration database already exists, the Existing AD FS Configuration Database Detected page appears. If that occurs, do the following, and then click Next:

· Select the Delete database check box to remove the existing AD FS configuration database and replace it with a new copy of the database for the current AD FS 2.0 installation.

6. On the Specify a Service Account page, do the following, and then click Next:

a. For Service account, click Browse to specify the Active Directory user account that will be used as the service account by the AD FS 2.0 Windows service on this computer.

b. In Password, type the password for the selected account.

clip_image001[1]Note

This step is necessary only if you are configuring a new federation server farm or adding to an existing farm deployment.

7. On the Ready to Apply Settings page, review the details. If the settings appear correct, click Next to begin configuring AD FS 2.0 with these settings.

For more information, see Ready to Apply Settings.

8. On the Configuration Results page, review the results. When all the configuration steps are complete and you have reviewed status for them, click Close to exit the wizard.

If some of the components were not successfully installed or configured as expected, note them and their status before you exit the wizard.

To configure a new federation server using the command line

1. Open a Command Prompt window. To open a command prompt, click Start, click Run, type cmd, and then click OK.

2. Change the directory to the path where AD FS 2.0 was installed. For example, if the default path of %ProgramFiles%Active Directory Federation Services 2.0 was used as the install path, type the following command, and then press ENTER:

Copy

cd %programfiles%Active Directory Federation Services 2.0

3. To configure this computer as a federation server, type the applicable syntax using either of the following command parameters, and then press ENTER:

Copy

fsconfig.exe {StandAlone|CreateFarm|CreateSQLFarm|JoinFarm|JoinSQLFarm} [deployment specific parameters]

Parameter

Description

StandAlone

Sets up this computer as a stand-alone federation server for evaluation purposes or for a small production environment. To see details about this option, type fsconfig StandAlone /help.

CreateFarm

Creates a new federation server farm and uses the Windows Internal Database to store AD FS 2.0 configuration settings. To see details about this option, type fsconfig CreateFarm /help.

CreateSQLFarm

Creates a new federation server farm and uses Microsoft SQL Server® to store AD FS 2.0 configuration settings. To see details about this option, type fsconfig CreateSQLFarm /help.

JoinFarm

Joins this computer to an existing federation server farm that is using the Windows Internal Database. To see details about this option, type fsconfig JoinFarm /help.

JoinSQLFarm

Joins this computer to an existing federation server farm that is us
ing SQL Server. To see details about this option, type fsconfig JoinSQLFarm /help.

Source: Configure a New Federation Server

Leave a Reply

Your email address will not be published. Required fields are marked *