Active Directory Federation Services (ADFS) is Microsoft's federated identity and access management solution that provides single sign-on (SSO) capability to web applications. The smooth functioning of ADFS has several dependencies such as the SQL server in which the configuration database is stored, DNS which resolves the federation service to appropriate IP address, certificates which form the core of ADFS, and so on. Even a minor issue in any of these can lead to problems in ADFS operations, and affect users' ability to access applications like Office365. For example, if a certificate expires and loses validity, it can collapse ADFS functionality.

DNS name resolution must be one of the first things to check while troubleshooting ADFS. DNS must be able to resolve the name of the federation service and point to the IP address of the ADFS server or the load balancer in your server farm. The following are some of the name resolution tests to be performed in case ADFS is not working or responding.

• PING test

PING test sends Internet Control Message Protocol (ICMP) Echo Request messages to another TCP/IP computer to verify IP-level connectivity. To conduct the PING test:

• 1. Open a command prompt.
  2. Type ping followed by domain name. Example: ping manageengine.com.
  3. Press Enter
  4. Reply from the server will be displayed.
  

• Name server lookup (NSLookup)

The NSLookup command line tool can be used to fetch diagnostic details on DNS infrastructure.

• 1. Open a command prompt.
  2. Type nslookup followed by domain name. Example: nslookup manageengine.com.
  3. Press Enter.
  4. Server DNS information will be displayed.
  

• Tracert

Tracert command line utility traces the path to a destination by by sending Internet Control Message Protocol (ICMP) Echo Request or ICMPv6 messages with increasing Time to Live (TTL) field values.

• 1. Open a command prompt.
  2. Type tracert followed by domain name. Example: tracert manageengine.com
  3. The path traced to reach the destination server will be displayed.