A UCC cert expired today causing some issues, including CRM and ADFS. A renewed cert was imported to my CRM 2011 server and I've gone through to try and update CRM and ADFS but I'm still having issues.
CRM 2011 and ADFS 2.0 are on the same server.
Here's what I've done:
- Added the new cert to Local Computer of the CRM / ADFS server in the Personal and Trusted Root stores
- Granted ADFS and CRM app pool account read permissions to the new cert
- Updated CRM and ADFS IIS site bindings for the new cert
At this point I've tried to reconfigure Claims Based Auth in Deployment Manager which fails - I leave the federation metadata URL unchanged and select the new cert.
System checks complains that the federation metadata URL is not available and the encryption certificate doe not exist in the local computer store.
My CRM site results in this error - Relying Party Certificate was not found
I've gone into ADFS 2.0 and set the Service Communications certificate to the new cert and when I review the Relying Party Trusts for my internal and external identifiers they read certificate has expired on the encryption tab and show the details of the expired cert. Trying to update the two trusts from Federation Metadata throws a 502 error: bad gateway.
Any ideas on what I'm missing to get the certs updated and the site restored?
Thanks All
*This post is locked for comments
I have the same question (0)
