Hi Squan_JRP,
Thanks for the information you provided.
Based on the Event ID "15301 and 15300", it turns out SSL certificate settings has been deleted and created by an admin. The HTTP Service SSL Auditing provides information about the service, but does not indicate whether the service is in a normal or error state. As for the Event ID 24, it is generated by Microsoft-Windows-WMI. WMI supports a query language called the WMI Query Language (WQL). WQL is a subset of structured query language (SQL) that is used by most relational database management systems. An event filter query is a WQL query that is used when processing WMI events. For more detailed information, please refer to the article below: http://technet.microsoft.com/en-us/library/dd348602(v=ws.10).aspx
I'd like to confirm the following information:
1. You can open a web browser and navigate to https://<ADFS FQDN>/adfs/ls/IdpInitiatedSignon.aspx from an internal client machine.
2. Log on to the ADFS proxy server > ping <ADFS FQDN> server. If you can ping the ADFS server, can you open https://<ADFS FQDN>/adfs/ls/IdpInitiatedSignon.aspx on the ADFS proxy server.
3. When you test ADFS service from the ADFS proxy server (in DMZ), can the logon page be redirected to the correct ADFS address?
3. Whether there is a Group Policy to control the "Log on as a service" or "Log on as a batch job" setting.
Moreover, you mentioned "3)Screenshot of browser with 503 is below." But I cannot see the screenshot. Please post it again in the forum.
Best Regards,
Edward Qu
