Today in a fresh AD FS LAB environment I encountered a strange error. NTLM prompt for logon, almost as expected although I hoped for SSO. After I entered username and password, I was redirected to a new page: https://FQDN/adfs/ls/wia, with a HTTP Error 400 Bad Request (obviously changed the url in the picture, as I am not using contoso.com).
A simple search on google pointed me to this forumpost.
Turns out I had used a CNAME for my AD FS FQDN. This causes some issues with SPN, but I will not try to explain the details as I do not fully understand them myself… The resolution for me was to replace said CNAME with an A-Record of the same name, pointing to the IPv4 address of my AD FS-server. After I changed this, Single Sign-On started working perfectly. Also make sure the AD FS FQDN is listed in Internet Explorers “Local Intranet Sites”.
Hope this can help someone with the same issue!
THANK YOU! Solution worked for me.
Thank you!
Helpfull.
Thanks, this solved my problem !
Replaced C-record with A-record.
Lifesaver, thanks!