question

ukkaapie avatar image
0 Votes"
ukkaapie asked Nick-2026 answered

ADFS 3.0 Service won't start because certificate has expired

Hi,

I have a fairly urgent issue with ADFS service not starting.

The infrastructure is all Server 2019 and the service account password had expired so the ADFS could not auto renew the token signing and decrypting certificate. I know, I should have set the service account password to never expire. My fault.

Right now the service will not start (because the certificate has expired) and powershell commands come up with a communication error:

get-adfsproperties : The communication object, System.ServiceModel.Channels.ServiceChannel, cannot be used for communication because it is in the Faulted state.

I have tried the command "Update-AdfsCertificate -CertificateType Token-Decrypting -Urgent" but that comes up with the same error. As the service will not start I cannot get into the console.

Please help.

adfs
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Looks like I've got the same problem, did you ever sort it out?

0 Votes 0 ·
ArjanMensch avatar image
0 Votes"
ArjanMensch answered
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Nick-2026 avatar image
0 Votes"
Nick-2026 answered

I just encountered this issue in Server 2019. The easiest solution was to just set the clock back to a day when the certificates weren't expired and start the service. Then you can generate the new certificates. I found that the computer clock could only be adjusted via Control Panel "Date and Time" app. This issue is very likely the result of setting the Automatic Renew option to disabled and never manually generating certificates before they expire.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.