AD FS HTTP Error 400 Bad Request /adfs/ls/wia

Today in a fresh AD FS LAB environment I encountered a strange error. NTLM prompt for logon, almost as expected although I hoped for SSO. After I entered username and password, I was redirected to a new page: https://FQDN/adfs/ls/wia, with a HTTP Error 400 Bad Request (obviously changed the url in the picture, as I am not using contoso.com).

http_error_400

A simple search on google pointed me to this forumpost.

Turns out I had used a CNAME for my AD FS FQDN. This causes some issues with SPN, but I will not try to explain the details as I do not fully understand them myself… The resolution for me was to replace said CNAME with an A-Record of the same name, pointing to the IPv4 address of my AD FS-server. After I changed this, Single Sign-On started working perfectly. Also make sure the AD FS FQDN is listed in Internet Explorers “Local Intranet Sites”.

Hope this can help someone with the same issue!

3 Replies to “AD FS HTTP Error 400 Bad Request /adfs/ls/wia”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.