OnPrem BC16 CU5 running in Azure VM.
Service instance using AccessControlService and Azure AD app for authenticating users for some reason uses TenantEncryptionCert "Windows Azure CRP Certificate Generator" certificate, although the correct thumbprint of Customer specific RSA certificate is specified on service.
Resulting in users not being able to log in, because RSA cert expected (error: Configuration setting 'DnsIdentity' has an invalid value)
When I delete TenantEncryptionCert and restart the BC server instance, then it uses the correct (RSA) certificate.
However, since TenantEncryptionCert gets recreated every time Azure VM starts ... it's not a solution.
Any ideas why it's using wrong certificate?
How to fix current situation?
Marco Mels maybe You have some ideas?