DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 974408 - Last Review: May 5, 2010 - Revision: 1.0

On This Page

INTRODUCTION

Active Directory Federation Services (AD FS) 2.0 helps IT enable users to collaborate across organizational boundaries and easily access applications on-premises and in the cloud. And, AD FS helps maintain application security. Through a claims-based infrastructure, IT can enable a single sign-on experience for end-users to applications. Such a claims-based infrastructure does not require a separate account or password, whether applications are located in partner organizations or hosted in the cloud.

MORE INFORMATION

System requirements

To implement AD FS 2.0, the computer must run one of the following Windows operating systems:
  • Windows Server 2008 R2 (64-bit):
    • Datacenter Edition
    • Enterprise Edition
    • Standard Edition
    • Embedded Solution Edition
    • Small Business Solutions Edition
    • Small Business Solutions EM Edition
    • Small Businesses Server Standard Edition
    • Small Businesses Server Premium Edition
    • Solutions Premium Edition
    • Solutions Edition
    • Solutions EM Edition
    • Foundation Server Edition
    • Small Businesses Edition
    • Essential Additional Edition
    • Essential Additional Svc Edition
    • Essential Management Edition
    • Essential Management Svc Edition
  • Windows Server 2008 together with Service Pack 2 (32-bit or 64-bit):
    • Datacenter Edition
    • Datacenter without Hyper-V Edition
    • Enterprise Edition
    • Enterprise without Hyper-V Edition
    • Standard Edition
    • Medium Business Management Edition
    • Medium Business Messaging Edition
    • Medium Business Security Edition
    • Small Business Server Premium Edition
    • Small Business Server Standard Edition
    • Small Business Server Prime Edition
    • Small Businesses Edition
    • Small Businesses Edition without Hyper-V
To install AD FS 2.0, the following software and hotfixes must be installed. If they are not installed when AD FS 2.0 is installed, the AD FS 2.0 Setup program installs them automatically.
  • The Microsoft .NET Framework 3.5 together with Service Pack 1

    Note This software is automatically installed only when the computer is running Windows Server 2008 R2.
  • Windows PowerShell
  • Internet Information Services (IIS) 7
  • Windows Identity Foundation (WIF)
  • Software updates and hotfixes

    Windows Server 2008 R2

    The following hotfix must be installed on computers that are running Windows Server 2008 R2:
    981002  (http://support.microsoft.com/kb/981002/ ) A hotfix rollup is available for Windows Communication Foundation in the .NET Framework 3.5 Service Pack 1 for Windows 7 and Windows Server 2008 R2
    Windows Server 2008

    The following software updates and hotfixes must be installed on computers that are running Windows Server 2008 SP2:
    968389  (http://support.microsoft.com/kb/968389/ ) Extended Protection for Authentication
    970430  (http://support.microsoft.com/kb/970430/ ) Description of the update that implements Extended Protection for Authentication in the HTTP Protocol Stack (http.sys)
    973917  (http://support.microsoft.com/kb/973917/ ) Description of the update that implements Extended Protection for Authentication in Internet Information Services (IIS)
    975955  (http://support.microsoft.com/kb/975955/ ) A hotfix is available that adds an endpoint behavior that lets services use multiple threads to receive secure messages in the .NET Framework 3.5 Service Pack 1
    981201  (http://support.microsoft.com/kb/981201/ ) A hotfix is available for ASP.NET 2.0 that enables support for extended protection
    981202  (http://support.microsoft.com/kb/981202/ ) A hotfix is available that enables support for extended protection for the .NET Framework 3.5 Service Pack 1 in Windows Vista and in Windows Server 2008
    981205  (http://support.microsoft.com/kb/981205/ ) A hotfix is available that adds the Extended Protection for Authentication feature to WCF in the .NET Framework 3.5 Service Pack 1 for Windows Vista and for Windows Server 2008

Supported languages

AD FS 2.0 is supported in the following languages:
  • Chinese (Simplified)
  • Chinese (Traditional)
  • Czech
  • Dutch
  • English
  • French
  • German
  • Hungarian
  • Italian
  • Japanese
  • Korean
  • Polish
  • Portuguese (Brazil)
  • Portuguese (Iberian)
  • Russian
  • Spanish
  • Swedish
  • Turkish

Download information

The following files are available for download from the Microsoft Download Center:
Collapse this tableExpand this table
Package nameSupported Windows operating systemPlatformDownload file size
AdfsSetup.exeWindows Server 2008 R2x64 24.04 MB
AdfsSetup.exeWindows Server 2008 SP2x64 42.64 MB
AdfsSetup.exeWindows Server 2008 SP2x8638.66 MB

Collapse this imageExpand this image
Download
Download the Active Directory Federation Service 2.0 package now. (http://www.microsoft.com/downloads/details.aspx?familyid=118c3588-9070-426a-b655-6cec0a92c10b&displaylang=en&Hash=jjI6vKF%2fU7718Zax4LaiDbb0fRbpy8wU8HIwUXYJfD3oCcukr9cylnVbgW0GdO5wvb6gCaR8yVM0RWNENtI2jg%3d%3d)

Release Date: May 5, 2010

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591  (http://support.microsoft.com/kb/119591/ ) How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

More information about Active Directory Federation Services 2.0

For more information about technical details and white papers, see the following overview:
Active Directory Federation Services 2.0 Overview (http://go.microsoft.com/fwlink/?LinkId=190555)

Upgrade information for Windows operating systems

If you have AD FS 2.0 deployed on a computer that is running Windows Server 2008, AD FS 2.0 is automatically uninstalled when you upgrade your Windows operating system to Windows Server 2008 R2. You have to install the AD FS 2.0 installation package for Windows Server 2008 R2 after you upgrade the Windows operating system.

If you want to preserve the previous configuration data on the federation server and restore the data after you reinstall AD FS 2.0, follow the steps in the "Before you upgrade Windows" and "After you upgrade Windows" sections.

Before you upgrade Windows

Copy the AD FS service configuration file to a file server on the network before you upgrade the operating system. And, note the service account that the AD FS 2.0 Windows Service uses. To do this, follow these steps:
  1. Locate the following AD FS 2.0 installation folder:
    %system drive%\Program Files\Active Directory Federation Service 2.0
  2. Copy the following configuration file to a safe backup location:
    Microsoft.IdentityServer.Servicehost.exe.config
  3. Click Start, click Run, type services.msc, and then click OK.
  4. Right-click AD FS 2.0 Windows Service, and then click Properties.
  5. On the Log On tab, note the service account that is used for the AD FS 2.0 Windows Service.

After you upgrade Windows

Reinstall AD FS 2.0, set a registry setting to restore the previous configuration, restore the service account, and start the appropriate services. To do this, follow these steps.

Note After you finish these steps, the previous installation of AD FS 2.0 that was present on this federation server before the upgrade is restored.
  1. Reinstall AD FS 2.0.
  2. Copy the following configuration file that you saved in step 2 of the "Before you upgrade Windows" section:
    Microsoft.IdentityServer.Servicehost.exe.config
  3. Locate the following AD FS 2.0 installation folder, and then copy the file that is mentioned in step 2 to this location:
    %system drive%\Program Files\Active Directory Federation Service 2.0
  4. Click Start, click Run, type regedit, and then click OK.
  5. Locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\adfssrv
  6. On the Edit menu, point to New, and then click String Value.
  7. Type InitialConfigurationCompleted, and then press ENTER.
  8. Right-click InitialConfigurationCompleted, and then click Modify.
  9. In the Value data box, type TRUE, and then click OK.
  10. On the File menu, click Exit to exit Registry Editor.
  11. Click Start, click Run, type services.msc, and then click OK.
  12. If you use Windows Internal Database as the AD FS 2.0 configuration database, follow these steps. Otherwise, bypass step 12, and go to step 13.
    1. Right-click Windows Internal Database (MICROSOFT##SSEE), and then click Properties.
    2. On the General tab, if the Service status field does not display Started, click Start to start the Windows Internal Database service.
    3. Click OK.
  13. Right-click AD FS 2.0 Windows Service, and then click Properties.
  14. On the Log On tab, provide the original backed-up service account name and the password that is used for the AD FS 2.0 Windows Service.
  15. On the General tab, select Automatic in the Startup type box.
  16. If the Service status field does not display Started, click Start to start the AD FS 2.0 Windows Service.
  17. Click OK.

Privacy statement information

AD FS 2.0 is covered by the following Windows Server privacy statements:
Windows Vista Privacy Statement (http://go.microsoft.com/fwlink/?LinkID=169559)

Windows 7 Privacy Statement (http://go.microsoft.com/fwlink/?LinkID=181904)

TECHNICAL REVISIONS

The following table lists significant technical revisions to this article. The revision number and the last review date in this article might indicate minor editorial revisions or structural revisions to this article that are not included in the table.
Collapse this tableExpand this table
DateRevision
May 5, 2010Original publication date

APPLIES TO
  • Windows Server 2008 R2 Datacenter
  • Windows Server 2008 R2 Enterprise
  • Windows Server 2008 R2 Standard
  • Windows Server 2008 Service Pack 2, when used with:
    • Windows Server 2008 Datacenter
    • Windows Server 2008 Enterprise
    • Windows Server 2008 Standard
    • Windows Server 2008 Datacenter without Hyper-V
    • Windows Server 2008 Enterprise without Hyper-V
Keywords: 
kbhowto kbtshoot kbexpertiseinter kbsurveynew atdownload kbdownload kbupdate KB974408
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support