Error trying to set Service Communications certificate RRS feed

  • Question

  • I have an ADFS 2.0 implementation in a test environment that is having problems. In the console under Certificates, the section for "Service Communications" lists:

    - Certificate not found in store

    I've found various articles on resetting this certificate (http://www.sharecentric.com/blog/2012/11/28/ad-fs-2-0-service-communication-certificate-lost/), and am using the following Powershell:

    Set-AdfsCertificate -CertificateType Service-Communications -Thumbprint "thumbprint ID"

    However, when I run this, I get the following error:

    Set-ADFSCertificate : The type initializer for 'Microsoft.IdentityServer.Dkm.ADRepository' threw an exception.At line:1 char:20+ Set-AdfsCertificate <<<<  -CertificateType Service-Communications -Thumbprint "72D5BB854FFBC8D77CFAAA50BBEB39833D347C50"    + CategoryInfo          : InvalidData: (:) [Set-ADFSCertificate], TypeInitializationException    + FullyQualifiedErrorId : The type initializer for 'Microsoft.IdentityServer.Dkm.ADRepository' threw an exception.   ,Microsoft.IdentityServer.PowerShell.Commands.SetCertificateCommand

    This error is virtually unseen on the Internet, and I can't find any method of resolving it.

    The certificate is a valid one from DigiCert, and is both installed properly and assigned in IIS.

    I've updated ADFS 2.0 with the hotfix for Update 3, and the Server 2008 R2 VM it's sitting on is fully up to date as well.

    Has anyone seen this issue before?

    • Edited by Jeff Miles Friday, August 18, 2017 10:08 PM
    Friday, August 18, 2017 10:07 PM


All replies

  • Nope, I have not seen ADFS 2.0 in a very long time though. You should upgrade to at least 2012 R2. Any reason why not to btw? Cause maybe we can help with that too!

    Maybe try with double-quotes around "service-communications"? But it's a wild guess...

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Saturday, August 19, 2017 8:48 AM

  • Turns out I had resolved this, and blogged about it, but didn't come back to this post to update.

    The problem was that the Set-AdfsCertificate cmdlet needs to be run as the ADFS service account.

    More detail here: https://faultbucket.ca/2017/08/adfs-2-0-renew-service-communications-certificate/

    • Marked as answer by Jeff Miles Tuesday, April 24, 2018 8:35 PM
    Tuesday, April 24, 2018 8:35 PM