I'm building a basic ADFS test lab. I now have three VM servers in my main domain - a DC, an STS and an APP server.
I initially installed ADFS 2.0 on the STS server using the Standalone federation server option. I installed the basic ClaimsAwareWebAppWithManagedSTS app on the APP server.
When trying to test it I kept getting System.Security.Principal.IdentityNotMappedException being thrown by the STS despite apparently having successfully authenticated on the adfs/ls login form using a domain account.
So, I uninstalled ADFS from the STS server and reinstalled using the New Federation Server farm option. At the Specify Service Account stage I chose my 'mydomain\adfssrvc' service account - previously created in ADDS and added to the Administrators group. The account was recognized correctly in the Select User | Check Names dialogue.
When I press OK I get an ADFS configuration wizard error dialog saying "The service account's identity could not be mapped. Try using another account"
I guess there's something wrong with my domain setup as the STS doesn't seem to recognize valid domain accounts but I don't know where to start.
Can anyone help?