AD FS 2012 R2 and F5 Load Balancing
I am running into some issues with configuring AD FS 2012 R2 with the F5s. I am hosting the SSL certificate on the AD FS 2012 R2 servers and have set up the port 443 virtual service with "none" for the Http Profile. I can authenticate normally now (I could not when the Http Profile was set to http) but when I attempt to utilize certificate authentication it does not work. This requires port 49443 in this version of AD FS. I created a pool that contains ADFSBox1:49443 as the only member. I then created a virtual server using port 49443 and the same IP address of my 443 virtual server. It attempts to do the certificate authentication portion of it but fails and I get a "Internet Explorer cannot display the webpage" message.
I have been able to verify that that it's working on the AD FS side by using a host record on my test machine. I force it resolve the DNS name to the IP address of the AD FS Server and all functions work without issue there. When I remove the host record and it again resolves the DNS name to the F5 it again has issues. Does anyone have experience load balancing AD FS 2012 R2 (3.0)? Do I need to point 49443 virt to the server's 443 pool?