Microsoft Office Tutorials and References
In Depth Information
Installing IIS on the AD FS server
Be careful of name duplication
It is important to make sure the FQDN federation service is NOT the same as the server
name in AD. In fact, it should not be the same as any other server in AD. For example,
let us say you want to refer to your federation service as fs1.adatum.com, but when you
set up this server and joined it to AD you also named it fs1. In this case, you will need
to change the server name to something else or the AD FS installation wizard will not
be able to set the SPN during installation. For more information, see “AD FS 2.0:
Guidance for Selecting and Utilizing a Federation Service Name” at http://social.technet.
5. On the Cryptographic Service Provider Properties page, we recommend that you
select the Microsoft RSA SChannel Cryptographic Provider with a bit length of
2,048, as shown in Figure 3-22. Although a 1,024 bit length is acceptable, it is more
susceptible to cryptanalytic attacks. For more information about certificates for AD
Figure 3-22 Cryptographic Service Provider Properties page with 2,048 bit length.