HOTSPOT
You have a server named Server1 that runs Windows Server 2016. Server1 has the Web Application Proxy
role service installed.
You are publishing an application named App1 that will use Integrated Windows authentication as shown in the
following graphic.
presented in the graphic.
Hot Area:
Answer:
Answer:
Explanation:
1. Step 1: (configure the Backend server SPN – see first bulleted item below)
Before you begin, make sure that you have done the following:
Made sure that the Web Application Proxy servers are configured for delegation to the service principal names (SPN) of the backend servers.
Created a non-claims-aware relying party trust for the application in the AD FS Management console.
Configured the backend server to support Kerberos constrained delegation on the domain controller or by using the Set-ADUser cmdlet with the -PrincipalsAllowedToDelegateToAccount parameter. Note that if the backend server is running on Windows Server 2012 R2 or Windows Server 2012, you can also run this
PowerShell command on the backend server.
Verified that a certificate on the Web Application Proxy server is suitable for the application you want to publish.
1. Step 2: http//server2.contoso.com/publish/app1
Use the same URL as the backend server URL.
Web Application Proxy can translate host names in URLs, but cannot translate path names. Therefore, you can enter different host names, but you must enter the same path name. For example, you can enter an external
URL of https://apps.contoso.com/app1/ and a backend server URL of http://app-server/app1/. However, you cannot enter an external URL of https://apps.contoso.com/app1/ and a backend server URL of https://
apps.contoso.com/internal-app1/.
References: https://technet.microsoft.com/en-us/library/dn383640(v=ws.11).aspx