CRM 2011 Prompts for Credentials then gives 401 error.
The Fix
Basically the certificate automatically rolls over to a new one and ADFS won’t authenticate any more. Here are the steps that seem to fix this issue:
- Open windows Powershell as administrator (right click runas)

- Run the following commands:
- add-pssnapin Microsoft.adfs.powershell
- set-adfsproperties -autocertificaterollover $true
- update-adfscertificate -urgent
- Run the CRM deployment manager

- Run through Configure Claims-Based Authentication Wizard (no changes)
- Run through Configure Internet-Facing Deployment Wizard (no changes)
- Restart the adfs service
From a Command Prompt “cmd” Type
net stop adfssrv
then
net start adfssrv
- Restart the Microsoft Asynchronous processing service
From Services Windows
Click the Restart Icon while the Service is selected

- run an iisreset from the elevated command prompt
Start RUN “cmd”
iisreset