Back

ADFS Token Signing Certificate Expiry Causes Sign-On Errors

When you install ADFS you must upload your certificate settings thumbprint to the Federated Relying Party in this case Office 365 The default exp...

2 min read
Published on Apr 8, 2012
adfs-token-signing-certificate-expires-with-office-365-sign-on-error-your-organization-could-not-sign-you-in-to-this-service

When you install ADFS, you must upload your certificate settings/thumbprint to the Federated Relying Party, in this case, Office 365.  The default expiration with standard ADFS 2.0 installation is a self signing certificate that expires every year.

Symptoms of user Errors in Browser on Office 365 Portal/Service Logon using federated identity:

  • “There was a problem accessing the site. Try to browse the site again.”
  • “Your organization could not sign you in to this service. There may be a system error. Please contact administrator at your organization if this problem persists.”

Application and Services Logs > ADFS 2.0 > Admin:

  • Event ID 358: Restarting Issuance ServiceHost. This restart is necessary because a change was detected in the certificates that this service host uses. Requests that are served by endpoints of this service host may fail during restart.

Potential Solution If these events occur, it’s a good bet your ADFS signing certificate expired and must be Ensure latest Microsoft Online Services Module for PowerShell installed. Download the module for your 32 or 64 bit system here.

Note - Microsoft Online Services Identity Federation Management PowerShell Module is deprecated and everything can now be configured in the Microsoft Online Services Module.

Powershell Commands:

  • Connect-MsolService Note - You will be prompted for credentials, enter a NON-Federated Office 365 admin account.

  • Optional, only If you’re NOT Running PowerShell From ADFS server: Set-MSOLAdfscontext -Computer YourAdfsServer.mydomain.local

  • Update-MSOLFederatedDomain -DomainName YourDomain.com

  • You can verify the thumbprint updated on Microsoft Online Federation gateway:Get-MSOLFederationProperty -DomainName YourDomain.com

Note – You will also need to update your other SAML Relying Parties such as Concur, Webex, Salesforce, Zendesk, and Google Apps.

If you would like assistance in federation for your organization, please learn more about AgileIdentity, our fixed price identity and access solution.

This post has matured and its content may no longer be relevant beyond historical reference. To see the most current information on a given topic, click on the associated category or tag.

Related Posts

DFARS Compliance in Office 365

DFARS Compliance in Office 365

Learn how Microsoft Office 365 GCC High and Azure Government help DOD contractors meet DFARS compliance. Discover the steps to protect CUI and ensure regulatory compliance with Agile IT's expertise.

Feb 13, 2025
7 min read
Top 10 Reasons to Partner with an MSP for Security and Compliance

Top 10 Reasons to Partner with an MSP for Security and Compliance

Discover why partnering with an MSP for security and compliance is critical for organizations navigating FAR CUI and CMMC requirements.

Feb 10, 2025
8 min read
Understanding DFARS Compliance

DFARS Compliance: A Guide to Federal Cybersecurity Requirements

Learn about DFARS compliance and how it ensures the security of federal data. Explore key requirements, NIST 800-171 alignment, and tips for achieving compliance.

Feb 3, 2025
7 min read
Office 365 License Comparison: Business Plans Vs. E5, E3 and E1

Master Microsoft & CIS Benchmark Best Practices to Secure Your Environment

Discover how to implement Microsoft & CIS Benchmark best practices to strengthen your business security and protect your environment from evolving threats with expert guidance.

Jan 28, 2025
7 min read
Screen Capture Protection in Windows 365

How to Enable Screen Capture Protection in Windows 365 for Enhanced Security

Learn how to enable and use screen capture protection in Windows 365 to secure sensitive information and prevent unauthorized captures, enhancing your organization's data security.

Jan 21, 2025
7 min read
Office 365 Collaboration Tools

Office 365 Collaboration Tools: Are They Right for Your Organization?

Explore how Office 365's collaboration tools can enhance your organization's productivity and security.

Jan 12, 2025
6 min read

Ready to Secure and Defend Your Data
So Your Business Can Thrive?

Fill out the form to see how we can protect your data and help your business grow.

Loading...
Secure. Defend. Thrive.

Let's start a conversation

Discover more about Agile IT's range of services by reaching out.

Don't want to wait for us to get back to you?

Schedule a Free Consultation

Location

Agile IT Headquarters
4660 La Jolla Village Drive #100
San Diego, CA 92122

Secure. Defend. Thrive.

Don't want to wait for us to get back to you?

Discover more about Agile IT's range of services by reaching out

Schedule a Free Consultation