Dynamics Tutorial: CRM is down – Auto-rollover failed – ADFS errors

Expired 

Please note: This articles steps are taken directly from Microsoft’s own official article found here: https://support.microsoft.com/en-us/kb/2686840  

You are here so I am guessing you might be seeing the error below right?

The Token-signing certificate and Token-Decrypting certificate in ADFS will automatically be renewed by the Auto Certificate Rollover feature because these certificates reach their expiration date.

The ADFS Token certificates on your CRM server are due to expire.

This will cause the ADFS Server to generate some new certificates (around 20 days before expiration) and then try to rollover (around 5 days later).

Once the certificate has rolled over, you will be unable to access CRM. 

 

In ADFS Management Console update the Federation metadata URLs and do an IIS reset on CRM server. Next, restart the ADFS service.

If above steps do not resolve the issue please follow below steps:-

1. On the Microsoft Dynamics CRM server, go to Deployment Manager and disable the Claims Based Authentication

2. On the Microsoft Dynamics CRM server, click the Start menu, select Run and type iisreset to complete an IIS reset

3. Re-configure Claims-Based Authentication from Deployment Manager keeping all the settings same

4. Re-configure IFD through the Microsoft Dynamics CRM Deployment Manager

5. On the Microsoft Dynamics CRM server, click the Start menu, select Run and type iisreset to complete an IIS reset

6. In ADFS Management Console on the ADFS server, update the corresponding Federation Metadata URLs

a. Go to the ADFS Server and open the ADFS management Console

b. Click Relying Party Trusts to display the internal and external relying party trusts

c. Right-click each and select Update Federation Metadata

d. Go to the Microsoft Dynamics CRM server, click the Start menu, select Run and type iisreset to complete an IIS reset

e. Next, browse to Service on the ADFS server and restart the ADFS service

Now check if CRM is available again!

One Comment Add yours

  1. admin says:

    Thanks for your comment. The steps are indeed taken from a Microsoft article but the majority of content is completely original. I have added a line at the top of the article showing exactly which Microsoft article this comes from.
    Regards,
    Stephen

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s