Windows Azure Pack – ADFS authentication and the NetBIOS domain name

Normally you would only change the authentication mechanism for the WAP Tenant Portal to ADFS and let the Windows Authentication as the default setting for the WAP Admin Portal. When you decide to change the authentication mechanism for the WAP Admin Portal also to ADFS then you have to consider the following behavior of WAP and ADFS.

Let us assume your domain name is wapack.com and your NetBIOS domain name is COM-WAPACK instead of WAPACK as normal. You want to grant the AD group WAPAdmins permissions to login into the WAP Admin Portal and execute the following PowerShell Cmdlets.

$ConnectionString=’Data Source=WAPSQLWAP;Initial Catalog=Microsoft.MgmtSvc.Store;User ID=sa;Password=Password’
Add-MgmtSvcAdminUser -Principal ‘COM-WAPACKWAPAdmins’ -ConnectionString $ConnectionString

If you login into the WAP Admin Portal now, you will experience the following error.

NetBIOSDomain

The reason is your customized NetBIOS domain name. You will not experience this error when you are using the proposed NetBIOS domain name by the ADDS wizard.

But the solution is very simple. When you grant new AD groups permissions to the WAP Admin Portal use the FQDN, like in the following example.

Add-MgmtSvcAdminUser -Principal ‘wapack.comWAPAdmins’ -ConnectionString $ConnectionString

That is the only thing you have to follow in combination with WAP, ADFS and a customized NetBIOS domain name.

Facebooktwittergoogle_pluslinkedinmail

Leave a Reply