Preparation
1. Two ADFS servers (mine are Dynamics-ADFS01 and Dynamics-ADFS02).
2. 3 IPs (two ADFS server IPs: 192.168.1.115, 192.168.1.116, one load IP: 192.168.1.144).
3. To install ADFS, domain controller administrator privileges are required.
Install Network Load Balancing
Add network load balancing and related configurations to the Dynamics-ADFS01 and Dynamics-ADFS02 servers respectively.
The specific configuration is as follows:
Click Add Roles and Functions
and select Add Network Load Balancing to add the function.
Configure Network Load Balancing
Open any ADFS server, select "Network Load Balancing Manager" in the tool to
open the Network Load Balancing Manager, right-click "Network Load Balancing Cluster" and click Add Cluster.
Enter the host name "Dynamics-ADFS01" and click Connect, then
continue to the next step
to add the cluster IP, I use 192.168.1.144, and then
select the cluster operation mode as "Multicast" in the next step, click Next
and click "Finish", As shown in the picture, the network load balancing cluster has been successfully added.
Right-click the cluster, click Add host to the cluster,
enter the name of the second application host "Dynamics-ADFS02", click Connect, and then click Next until complete.
Install ADFS Farm High Availability
First install the first ADFS server, log in to Dynamics-ADFS01 to open the server manager, and click Add "Roles and Features".
In the server role, select "Active Directory Federation Services", click Next until the installation is complete.
The first ADFS server Select "Create the first federated server in the federated server farm" and click Next.
Here you need to operate through the domain controller administrator, select the domain controller administrator.
Select the certificate and fill in the "Federation Authentication Server Name" and "Federation Authentication Server Display Name" and click Next.
Select "Use an existing domain user account or group hosting service account". Here, the domain controller administrator user is not required, and you only need to select an ordinary user for specific configuration of adfs. After the subsequent installation is completed, further configuration can be performed through this user .
This option "Specify the location of the SQL server database", enter the database host name, I use the AlwaysOn listener here, and then the next step.
Click Next.
Click Configure, wait for completion, and finally restart the server. The first ADFS server installation is complete.
Log in to the Dynamics-ADFS02 server, open the server manager, and click Add "Roles and Features".
In the server role, select "Active Directory Federation Services", click Next until the installation is complete.
Note here that you need to select the second "Add federation server to the federation server farm", and then click Next.
Similarly, the domain controller administrator is required to select the operation, and then the next step.
Select "Specify the database location for an existing farm using SQL Server" and fill in the database host name. I also used the same AlwaysOn listener for the first ADFS here.
Select the same certificate as the first ADFS server.
Configure the managed service account to be consistent with the first ADFS server.
Click Next.
Click Configure until it is completed, and then restart the server to complete all installation configurations.
For the subsequent configuration of specific ADFS-related operations, you can add the resolution of the corresponding IP of NLB to the DNS or hosts file. At this point, the network load balancing combined with the high availability of ADFS and the high availability of SQLServer AlwaysOn can achieve the purpose of consistent front-end and database.
注意:配置完NLB,如果跨网段访问,可能会访问不到,这时候需要联系网管,通过在网关上手工静态绑定ARP记录解决。下图为NLB的IP地址及MAC地址。
