Skip to content
Menu
  • About
  • Contact

Vince's Server Stuff

Have you tried turning it off and on again?

Menu

Setting up Azure Application Proxy on Server 2016 When Behind Company Proxy

Posted on March 21, 2018September 11, 2020 by Vince

First and foremost: ensure that your on-prem proxy allows the IP Address of your server to reach *msappproxy.net*

On the 2016 Server, you will need to do the following

  1. You want to make sure your server is joined to Azure. If it isn’t done so via domain policy, you can manually get it to join by doing the following. Run GPEdit and navigate to Computer Configuration > Administrative Templates > Windows Components > Device Registration
    1. Set “Register domain joined computers as devices” to enabled

 

  1. Open internet explorer and configure the proxy with whatever settings are necessary for your environment.
  1. Open an administrative command prompt and run the following to setup a system-wide proxy
    • netsh winhttp import proxy source=ie
  2. Since the application proxy services will run as Network Service and System, we need to set the proxy for these accounts as well. Download PSexec and copy it over to the 2016 server
    • psexec -i -u "nt authority\network service" cmd.exe
  3. In this newly opened cmd window, we want to launch internet explorer. So CD to “C:\Program Files\Internet Explorer”. Then type in iexplore.exe to open internet explorer
    • Configure the proxy in this newly opened IE instance, and then close internet explorer
    • We now want to do the same thing we just did, only we want to use the System account, so repeat the same steps in #4 and #5, but this time use the username “nt authority\system”
  1. Using the same cmd window opened in step #5, we also want to make sure the system is going to register with Azure. Run the following command
    • dsregcmd /join
  2. Reboot the system
  1. Disable IE Enhanced Security Configuration from Server Manager (Click on Local Server, and it’s in the right-hand column) 

 

  1. Download the Application Proxy Connector from https://portal.azure.com
    • Click on Enterprise Applications
    • Click on Application proxy
    • Click on Download connector 
  2. Run the downloaded file on the server as administrator
  1. Log in with global admin credentials at the prompt (The prompt won’t work right if you didn’t disable IE Enhanced Security Policy in step 8)
  1. The server should now be listed in azure in the same location you navigated to in step #9
  1. Last but not least, launch the port checking page for the Azure Application Proxy from the server https://aadap-portcheck.connectorporttest.msappproxy.net/  You should see green checkmarks across the board. If you see any red, your application proxy server may show up on the proxies page in azure, but it may show as inactive. Notice in the image above you see one listed as active and the other as inactive. The inactive one went through the entire setup but the proxy was blocking certain ports. If this is the case for you, you will likely need to battle it out with the person in charge of administering your proxy.

 

Posted in AzureTagged Azure, Azure Application Proxy, Server 2016

Post navigation

Select a Certificate Prompt When Signing Into Office 365 Portal
Accounts in Active Directory aren’t Inheriting Permissions

Related Post

  • You Can’t Get There From Here
  • Select a Certificate Prompt When Signing Into Office 365 Portal
  • Azure AD Registered Device Cleanup with PowerShell

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Search

Tags

Active Directory AdminSDHolder Azure Azure Application Proxy Certificate conditional access DCPromo Domain Controller Group Policy Office 365 Powershell Print Printing Print Management Print Server scripting SDProp Server 2016 Server 2019 Windows 7 Word 2016 You can't get there from here

About This Site

I’ve decided to post the random things I’ve come across and fixed in order to help other people struggling with the same issues. I’ve also decided to use stupid pictures for all the posts because this is my website and I can do what I want.

Theme Design & Developed By OpenSumo