I’m currently creating a SharePoint environment for a customer on Windows Azure with ADFS 3.0. Within this environment we have multiple front-end and back-end machines. Because we use ADFS the people picker will accept everything you enter, we installed and custom claim provider from codeplex (ldapcp.codeplex.com) to give the users a better experience
We decided to create 2 backend systems only for search and enabled only the search components on these machines. With this decision we got an error in the Health status of SharePoint
Saying that the Security token service was not available on the 2 dedicated search servers. When we followed the link Microsoft provides we have 2 solutions. The first solution is to restart the SecurityTokenServiceApplicationPool on the server. But the actual problem was that the custom claim provider was not deployed on these 2 servers. The second solution for this is to manually deploy the assembly on the server.
A manual deployment of an assembly is not the best way to do this in my opinion. When the solution is updated or removed it will not be changed of removed from these servers. So we solved this to enable the web application role to these 2 servers so solutions will be deployed to these servers to.