Who's Online
5 visitors online now
0 guests, 5 bots, 0 members
Support my Sponsor

Archive for the ‘Active Directory’ Category

ADFS signout issue for SharePoint site in IE browser due to FedAuth Cookie


Hi All,


Today we will discuss on a very famous SharePoint ADFS sign Out issue. Let me start with some background on the issue. I have configured SharePoint with ADFS authentication, everything(login, logout, claims, etc) works except when I try to logout, I am redirected to a page similar to https://your_sts_server/adfs/ls/?wa=wsignout1.0.


Now without closing the browser windows(Logout message says “Sign out: Close browser to complete sign out”) type the SharePoint site URL in address bar, I won’t be asked to login and SharePoint site will be accessible. This shows that Signout was incomplete.


This is a known issue with SharePoint site working with ADFS authentication. This is is caused due to ADFS FedAuth Cookie. In order to have correct sign out behaviour we need to make the FedAuth cookies as session based. We can achieve this by running the following SharePoint Powershell command:
$sts = Get-SPSecurityTokenServiceConfig
$sts.UseSessionCookies = $true


You need to run above command on a single server but you need to perform iisreset on all SharePoint servers.


To understand more about the FedAuth Cookie check below article:


Hope this will help you all.

Create a Active Directory Forest on a Windows Azure VM

  • Create a new domain

Now let’s configure this server to be a Domain Controller. As discussed earlier Domain controller manage DNS, AD Users, etc. and are normally the 1st and most important server in a company.


  1. Login to your Azure Subscription Portal site https://manage.windowsazure.com
  2. Select Virtual Machine from left Menu
  3. Select the Virtual Machine we just created and click on Connect at bottom
  4. Now RDP to the Virtual Machine we created and click on Server Manager


  1. Select Manager > Add Roles and Features


  1. Select “Next” on Installation Type screen


  1. Select “Next” on Destination Server screen


  1. Check Box “Active Directory Domain servers”


  1. Click on “Add Feature” on pop-up screen


  1. Select the check box “Restart the destination server if required” > Click OK


  1. Once it is installed, Click on Close


  1. Open the Server Manager again, Click on Flag at top and select “Promote this server to a Domain Controller”


  1. Select “Add a New forest”, type domain name
  2. Type the DSRM password and click “Next” (Note: this is required when you try to recover your active directory)


  1. Now you will have to select your domain name. For example. Demo.com
  2. The NetBIOS Name screen will remove .com and you will see only demo.
  3. Select the Default location of installation and click “Next”
  4. Click on “Install”


  1. Once the Computer is restarted, your Domain Controller would be ready.

Note: From now on when you logon to server you need use your domain name along with username we just created to authenticate to server. Example: demo\user1