CRM 2011: ADFS Service Federated Metadata Error – Keyset does not exist

Reviewing a client’s ADFS configuration,  I found an unusually error message in the ADFS service federation metadata saying “Keyset does not exist”.

After searching for all the usually culprits, this turned out to be one of the most commonly forgotten issues – Giving access to the service account to manage the private keys for the certificate.

This can be accomplished by openning the MMC, and adding the snapin for Certificate Management. Ensure your add using the Computer Acount. Once the Certificate MMC is launched, you can find the certificate in the personal certificate store, and right click on it, all tasks, maanged proviate keys.

You can now add the service account and give it the proper permissions as seen below:

You will need to do this both on the CRM and ADFS Servers (any server using your certificate for CRM).