***I know this is not a FIM question, but as it's ADFS it belongs under IDM but there is no option for that.***
I am trying to get AD FS 3.0 up and working being load balanced through a pair of physical Citrix NetScaler ADC's. The load balancing part of the AD FS side is working fine, it is creating the trust relationship between the WAP's (which are in the DMZ) and the AD FS servers (which are in the LAN) that are being load balanced across the NS.
So the topology is 2*WAP in the DMZ and 2*ADFS in the LAN. There are two vServers one for the DMZ and LAN side, there is a NAT rule configured to forward traffic from the external IP to the DMZ vServer for the WAP's. Load balancing is working across the LAN vServer as I can browse to the ADFS URL's using the vServer IP.
The real issue is when I try to run the WAP trust relationship wizard to pair the WAP's and ADFS servers, there is an entry in the hosts file configured with the ADFS service name which points to the IP of the vServer in the LAN.
I also know this is not a Citrix forum but the NS is configured with a service pointing to each of the four servers, I have tried using the following protocols SSL_TCP, SSL_Bridge and SSL. The result is the same for all of the protocols, there does not have to be SSL offloading done on the WAP/ADFS
The error on the WAP is simply cannot save the configuration there is nothing in the events.
I know ADFS has changed in v3.0 and in 2012 it used to be like load balancing any other SSL website.