This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 23%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFM%3C/text%3E%3C/svg%3E)
Hi, I am extremely new to ADFS, how can I determine what service account was used to setup & configure ADFS server? I am trying to renew the token signing & decryption certificates with the Update-ADFSCertificate PowerShell cmdlet and I get an error so I want to rename and re-create the ADFS certificate sharing container and I need to make sure the same service account is used. I am also wondering why even though the Set-Adfsautomaticrollover is set to TRUE and the threshold is 20 days and since my current cert expires on 4/11/2023 and the 20 days have come no new cert was created. From what I found online I need to run the Update-ADFSCertificate command, is this correct or does it really automatically create a new one?
One last thing,
when renaming and re-creating the ADFS certificate sharing container will this break any of my connections?
Hello @Fenton, Mark
Thank you for posting this concern on this community space.
I was reading your problem description and I am wondering if you have found this link below:
https://github.com/MicrosoftDocs/windowsserverdocs/issues/3761
I hope that works for you.
Looking forward to your feedback,
Cheers,
Hi, yes, I found that link and post that is why my plan is to take the steps proposed but there isn’t any info regarding the consequences or renaming and recreating the certificate sharing container and I am just worried of bringing down current sites and connections taking these steps.
Hi risolis, I followed the link instructions but it seems to have broken my service certificate for https, it is showing “not secure” in the browser and getting HTTP 404 error….PLEASE HELP!!!
Hi Buddy,
Did you restart the service when you had done this step?
I will be monitoring this post!
Just to let you know that if you used -urgent statement will occur:
Hey risolis, what if when I create the new cert sharing container is was setup with the wrong service account? I did go back and run the set-adfscertsharingcontainer -serviceaccount (USED THE CORRECTED ACCOUNT)
so hope that solved it. My users are now getting issues singing in, this just started today, seems the token-signing cert I created last week was auto rolled up to primary even though the other cert did not expire till 4-11-2023. Do I need to do anything else to stop the error (See attached) and make this work?
Hi risoli, It is showing all is good but getting an error when logging into the sites, the new cert is saying primary while the old is secondary, but users are getting an error when they enter login info on the URLS for the trust any help is appreciated.
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Comments have been turned off. Learn more
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Comments have been turned off. Learn more