I'm trying to install an ADFS proxy. In our intranet we have a ADFS 2.1 server running on Windows 2012 which is working fine. Now we're trying to deploy a proxy to this one for internet access, using Windows 2012 R2's Web Application Proxy.

I'm getting the following error on the proxy server, event ID 393:

Message : An error occurred while attempting to establish a trust relationship with the Federation Server. An error occurred when attempting to establish a trust relationship with the federation service. Error: Forbidden Context : DeploymentTask Status : Error

I'm not getting any errors on the ADFS server.

I've tried with different credentials. The ADFS service account, a domain administrator who is a member of the local administrators group on the ADFs server, and the local administrator account on the ADFS server. Same error message.

Both port 80 and 443 is accessible from the proxy server to the internal ADFS server, and I can access the ADFS metadata endpoint from the proxy server. I'm using the same trusted SSL certificate (wildcard) on both machines.

Do you have any ideas that can help me troubleshoot this problem?