The following is from http://www.interactivewebs.com/blog/index.php/server-tips/ad-fs-certificate-rollover-crm-2011/
The Fix
Basically the certificate automatically rolls over to a new one and ADFS won’t authenticate any more. Here are the steps that seem to fix this issue:
- Open windows Powershell as administrator (right click runas)
- Run the following commands:
- add-pssnapin Microsoft.adfs.powershell
- set-adfsproperties -autocertificaterollover $true
- update-adfscertificate -urgent
- Run the CRM deployment manager
- Run through Configure Claims-Based Authentication Wizard (no changes)
- Run through Configure Internet-Facing Deployment Wizard (no changes)
- Restart the adfs service
From a Command Prompt “cmd” Type
net stop adfssrv
then
net start adfssrv - Restart the Microsoft Asynchronous processing service
From Services Windows
Click the Restart Icon while the Service is selected - run an iisreset from the elevated command prompt
Start RUN “cmd”
iisreset