question

lamaiden774-1836 avatar image
0 Votes"
lamaiden774-1836 asked piaudonn commented

Secondary ADFS certificate not updating during renewal

Hello, I am hoping someone could lead me to resolve this issue.
I have renewed the SSL certificate (service communication) on the primary ADFS server but the secondary is not updating and is still showing the old certificate thumbprint.
Both servers (Win 2016) have the certificate and private key in their respective personal store. One thing I noticed is that the virtual account adfssrv does not have the read permission on the private key on the secondary but has the permission on the primary server. I am not sure if it is related.
Thank you for your help.

adfs
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

lamaiden774-1836 avatar image
0 Votes"
lamaiden774-1836 answered piaudonn commented

Got it worked out. I follwoed this : https://tristanwatkins.com/changing-adfs-url-windows-server-2012-r2/ and manually applied the new cert with powershell and netsh

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

NETSH is not required though.

You need to run Set-ADFSCertificate and Set-ADFSSSLCertificate. The second one is using WinRM to set the new binding on all the nodes. So you need to make sure you run the command with a domain account that has local admin privilege on all the nodes and that WinRM is configured and working.

Please mark your own answer as a solution if you feel it might help other in the same situation.

0 Votes 0 ·