My site is ad supported.

How To Run Active Directory Federation Services (ADFS) on an Alternate Port Number


Description

By default, Active Directory Federation Services (ADFS) installs itself on the "Default Web Site" in IIS running the HTTPS protocol on port 443. However, this can be changed so that you can run the ADFS authentication service on HTTPS using an alternate port. This is ideal for networks which already have port 443 being utilized by another system when need to have ADFS installed (such as a Microsoft Dynamics CRM Internet Facing Deployment (IFD)).

For good measure, the steps to configure a Microsoft Dynamics CRM 2011 IFD (Internet Facing Deployment) using the ADFS running on an alternate port are covered below as well.

Instructions

Note: These steps assume you have already installed ADFS and have it running successfully on the default port of 443.

  1. Open IIS to the Default Web Site.
  2. Edit the bindings for HTTPS (running on port 443) to the alternate port number you want to use. We are using port 13200, but any available port will work.
  3. Apply your settings.
  4. Open a command prompt as the Administrator.
  5. Start Powershell.
    powershell
  6. Run the following commands within the Powershell prompt (the port number should match what was configured in IIS):
    Add-PSSnapin Microsoft.Adfs.PowerShell
    Set-ADFSProperties -HttpsPort 13200

  7. Update the ADFS Service to run as as Administrator (more specifically an account which full rights to the domain). If you have a single server deployment, you can use "Local System"; however if your domain controller is on a separate machine, you need to use a domain admin account.
    If in doubt, just use the domain administrator (Domain\Administrator) account.
  8. Restart the ADFS Service.
  9. In the command prompt, restart IIS.
    iisreset
  10. Open any external and/or local firewalls to allow traffic on the newly configured port.
  11. Now the ADFS login prompt should reflect the new port number in the URL.


My site is ad supported.

Configuring a Microsoft Dynamics CRM 2011 IFD to Run on an Alternate ADFS Port

These steps only apply if you are running a Microsoft Dynamics CRM 2011 Internet Facing Deployment which uses the Active Directory Federation Services reconfigured above for its authentication.

Note: These steps assume you have already have a working CRM 2011 IFD and simply need to update it to use the alternate ADFS port.

  1. Open CRM Deployment Manager.
  2. Run the Configure Claims Based Authentication wizard.
  3. Configure the URL to use the alternate port number from above (in our case, 13200).
  4. Click Next through the additional wizard steps.
  5. In the command prompt, restart IIS.
    iisreset