web
You’re offline. This is a read only version of the page.
close
Skip to main content
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Customer experience | Sales, Customer Insights,... / Issues after change of...
Customer experience | Sales, Customer Insights,...
Suggested answer

Issues after change of certificate

(0) ShareShare
ReportReport
Posted on by Pete_N 1,703

Windows 2016 - CRM 2016 v 8.2.28 - ADFS 3

We have been running this setup for ages without any issues. I have had to replace our wildcard certificate and since then we have had problems.

Originally the federated service stopped with some 20 days left on the original certificate. I followed so may threads on how to replace the certificate, but cannot access the system from outside. Also internal systems that use the discovery service can no longer connect.  There has been no changes to the DSN's

IFD is set to auth.mydomain:444 , internal.mydomain:444 , adfs.mydomain:444 and all these resolve and I can view the metadata. I think the issue may be with dev (dev.mydomain) If when configuring IFD i use dev.mydomain:444 I get a error on root domains - The Discovery Web Service could not be accessed. The domain is unavailable or does not exist., but passes if i just use dev.mydomain

I have installed / uninstalled ADFS several times over the last week in a bid to try and resolve this. I am no techie, just followed the guides on setting AFDS up. Can anyone help me to resolve this?

I have the same question (0)
  • Suggested answer
    mbashir83 Profile Picture
    mbashir83 20 on at
    RE: Issues after change of certificate

    Do you by chance use the same wildcard cert to protect the ADFS site as well as CRM?  There are several things that could be the cause here:

    1. Does your ADFS site use the same wildcard certificate?  Was the certificate updated on the ADFS server?
    2. Did you switch CRM over to the new certificate yet?  Which certificate is protecting the federation metadata url for both CRM & ADFS? Do they match?
    3. Does your ADFS have auto-rollover disabled?  If it does not, which certificate is showing as primary and which as secondary?  There is a potential mismatch between the key coming from CRM and the expected key from ADFS.  This article was written for CRM 2011, but it is relevant to this day for newer versions of CRM as well.
      1. learn.microsoft.com/.../microsoft-dynamics-crm-2011-log-in-issue-due-to-ad-fs-certificate-rollover

    My guess is the problem will be resolved with #3, but you should go through the list in that order to ensure nothing may have been missed along the way.  If you are still unable to connect, check the event viewer on ADFS to see what is being thrown as an error.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Abhilash Warrier – Community Spotlight

We are honored to recognize Abhilash Warrier as our Community Spotlight honoree for…

Congratulations to the September Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Customer experience | Sales, Customer Insights, CRM

#1
MVP-Daniyal Khaleel Profile Picture

MVP-Daniyal Khaleel 127

#1
MVP-Daniyal Khaleel Profile Picture

MVP-Daniyal Khaleel 127

#3
Tom_Gioielli Profile Picture

Tom_Gioielli 125 Super User 2025 Season 2

Last 30 days Overall leaderboard

Featured topics

Hide selecting Contact for potential customer when creating quote

Product updates

Dynamics 365 release plans