nginx reverse proxy for ADFS 3.0 server

2016-03-22 / Linux, Microsoft / 2 Comments

After setting up a nginx reverse proxy for a ADFS 3.0, instead of MS WAP, it was coming back connection reset by peer. When browsing to the site via IP or anything other than the original hostname it would return this error.

Nginx for some reason was not passing the host header in the reverse proxy request. When connecting to the backend server it was only using the IP of the upstream server causing ADFS to not accept connections.


1. Run the below command get get the certhash and the appid from the ADFS server
netsh http show sslcert

2. Run the command to enable http.sys to listen on all IPs with this certificate.
netsh http add sslcert ipport= certhash=5117dffde15446cf1cfd8bd855cfef25202c6c17 appid='{5d89a20c-beab-4389-9447-324788eb944a}'

Keep in mind if you have other things running on this server it could cause conflict. However, if its setup correctly, nothing else should be on the server.

The nginx config looked like this

upstream adfs_backend {
    server 1x2.xx8.xx.xx:443;
    keepalive 100;

server {
        listen   443;
        ssl    on;
        ssl_certificate    /etc/ssl/private/adfs.cer;
        ssl_certificate_key    /etc/ssl/private/adfs.key;

     location / {
        proxy_pass https://adfs_backend;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
Read More

Allow KVM/Qemu to use Hyper-V enlightenment settings

2016-03-16 / iPhone, Server, Windows / 0 Comments

Slow performance for Windows Servers in KVM/QEMU environments


Enable KVM to emulate the Hyper-V settings and allow the guest VMs to take advantage.

sudo virt-xml $VMNAME --edit --features hyperv_relaxed=on,hyperv_vapic=on,hyperv_spinlocks=on,hyperv_spinlocks_retries=8191
sudo virt-xml $VMNAME --edit --clock hypervclock_present=yes
Read More