When having troubles with ADFS services on Windows Server 2012 or 2012 R2, we usually use the test URL https://mysts.mydomain.com/adfs/ls/IdpInitiatedSignon.aspx. With this page, it is easy to test the ADFS service itself without any dependencies from other products, trusts or relying parties.
Unfortunately, this feature is no longer enabled on ADFS servers running Windows Server 2016 and when using the URL, we get the following error:
And, on the ADFS server, the following error suggests that the requested functionality is disabled.:
Indeed, looking at the ADFS properties for the requested functionality via (Get-AdfsProperties | fl * idpinitiatedsignon *), it can be seen that the web page is disabled by default.
To correct the issue, run the following Windows PowerShell command to set the option to true: Set-AdfsProperties -EnableIdpInitiatedSignonPage $true
After enabling the ADFS setting to true, all is okay and we can use as usual the well known web page with the Sign In button,