Back

ADFS Token Signing Certificate Expiry Causes Sign-On Errors

When you install ADFS you must upload your certificate settings thumbprint to the Federated Relying Party in this case Office 365 The default exp...

2 min read
Published on Apr 8, 2012
adfs-token-signing-certificate-expires-with-office-365-sign-on-error-your-organization-could-not-sign-you-in-to-this-service

When you install ADFS, you must upload your certificate settings/thumbprint to the Federated Relying Party, in this case, Office 365.  The default expiration with standard ADFS 2.0 installation is a self signing certificate that expires every year.

Symptoms of user Errors in Browser on Office 365 Portal/Service Logon using federated identity:

  • “There was a problem accessing the site. Try to browse the site again.”
  • “Your organization could not sign you in to this service. There may be a system error. Please contact administrator at your organization if this problem persists.”

Application and Services Logs > ADFS 2.0 > Admin:

  • Event ID 358: Restarting Issuance ServiceHost. This restart is necessary because a change was detected in the certificates that this service host uses. Requests that are served by endpoints of this service host may fail during restart.

Potential Solution If these events occur, it’s a good bet your ADFS signing certificate expired and must be Ensure latest Microsoft Online Services Module for PowerShell installed. Download the module for your 32 or 64 bit system here.

Note - Microsoft Online Services Identity Federation Management PowerShell Module is deprecated and everything can now be configured in the Microsoft Online Services Module.

Powershell Commands:

  • Connect-MsolService Note - You will be prompted for credentials, enter a NON-Federated Office 365 admin account.

  • Optional, only If you’re NOT Running PowerShell From ADFS server: Set-MSOLAdfscontext -Computer YourAdfsServer.mydomain.local

  • Update-MSOLFederatedDomain -DomainName YourDomain.com

  • You can verify the thumbprint updated on Microsoft Online Federation gateway:Get-MSOLFederationProperty -DomainName YourDomain.com

Note – You will also need to update your other SAML Relying Parties such as Concur, Webex, Salesforce, Zendesk, and Google Apps.

If you would like assistance in federation for your organization, please learn more about AgileIdentity, our fixed price identity and access solution.

This post has matured and its content may no longer be relevant beyond historical reference. To see the most current information on a given topic, click on the associated category or tag.

Related Posts

NIST 800 171 vs NIST 800 53

NSA Cybersecurity Collaboration: No-Cost Services Available to DoD Contractors

Learn how NSA cybersecurity collaboration provides no-cost services to DoD contractors, helping enhance security and compliance with advanced cyber protections.

Jan 10, 2025
6 min read
When is a New CMMC Assessment Needed

Understanding When and Why You Need a New CMMC Assessment

Learn when to schedule a new CMMC assessment, what triggers reassessments, and how changes in scope, contracts, or compliance impact your certification process.

Jan 6, 2025
9 min read
How Does VDI Solve the CUI and CMMC Conundrum?

How Does VDI Solve the CUI and CMMC Conundrum?

Explore how VDI for CUI helps businesses meet compliance requirements, ensuring secure data access while simplifying CMMC certification.

Dec 30, 2024
9 min read
Disaster Recovery Plan Enough

Is your disaster recovery plan enough?

Strengthen your Office 365 disaster recovery plan with granular backup, retention policies, and solutions to prevent data loss.

Dec 18, 2024
7 min read
Outlook Organization Tips

Outlook Organization Tips to Take Back Your Outlook Mailbox

Struggling with a cluttered Outlook mailbox? Discover quick and efficient organization tips to streamline your email management.

Dec 17, 2024
6 min read
Managing your Organization's Data-Backup on the Cloud

Managing your Organization's Data-Backup on the Cloud

Learn how to efficiently manage your organization's data backup on the cloud. Discover strategies for optimizing backup processes, reducing storage costs, and ensuring data availability and disaster recovery.

Dec 10, 2024
4 min read