Office 365 ADFS certificate expired

Today I faced a problem. The ADFS certificate that we used for Office 365 was going to expire over 2 weeks. However the connection to Office 365 already was failing. I do not exactly know what the policy is for ADFS of outdated certificates but it looks like ADFS already invalidates certificates two weeks before they really expire.

This is not an Office 365 problem because other services that used our ADFS also had the same problem. To solve it on the other services it was simply updating the thumbprint of the trusted issuer but how do you do this in Office 365?

I succeeded with the following steps
  1. Start up "Microsoft Online Services-module for Windows Powershell". You can download this module for PowerShell if you not already done this on (http://onlinehelp.microsoft.com/en-us/office365-enterprises/ff652560.aspx ).
  2. Connect to your Office 365 environement by the following statement
$cred = Get-Credential

  1. Use your first admin account to login (the account with the onmicrosoft.com address). If you do not have this account anymore then I do not know a solution. Your normal account probably will not work because ADFS is failing. The first time I did this I got an message that my password needed to be changed and I need to contact the administrator.... You can however change it by login in on https://portal.microsoftonline.com/ and using your old password.
  2. Next step is to connect to Office 365 by the following statement
Connect-MsolService -Credential $cred
  1. When succeeded you can check the current thumbprint with the following statement
Get-MsolFederationProperty -domainname "your adfs domain name"
  1. When there are faults in the federation properties then you can reset it by first running the following command
Set-MsolADFSContext -computer "your adfs internal server name"
  1. Followed by the following statement to update your federation domain in Office 365
Update-MsolFederatedDomain

That fixed the problem for me. Probably I am going to need this blog next year again....

Location: Utrecht, Nederland

Comments

AAD said…
powershell saves the day !
May 17, 2012 at 1:54 PM
erectile said…
This web site truly has all the information I wanted concerning this subject and didn't know who to ask.
November 25, 2020 at 3:42 PM
erectile dysfunction natural remedies said…
Woah! I'm really loving the template/theme of this blog. It's simple, yet effective. A lot of times it's very hard to get that "perfect balance" between usability and visual appeal. I must say you have done a awesome job with this. Additionally, the blog loads extremely quick for me on Internet explorer. Excellent Blog!
November 25, 2020 at 3:45 PM
Post a Comment

Popular posts from this blog

System.Net.Http dll version problems

Last few weeks we had problems with referencing the correct System.Net.Http version. This is probably because some components use internally higher versions (.NET Core with System.Net.Http 4.2.0.0) compared to the versions that are available in NuGet. Frequently we got errors like: Could not load file or assembly 'System.Net.Http, Version=4.1.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040) What is the solution.... That is a great questions. But we do not have the satisfying answer yet. What we currently do is the following. - Use in all projects the same System.Net.Http version, currently we use v4.3.3 from nugget - Compile the code and check in the resulting Bin folder what the resulting System.Net.Http version is - Use this version as BindingRedirect in the app.config / web.config like <dependentAssembly>
Read more

SharePoint Survey Back Button

On Internet I could not find a correct solution for implementing a back button in a survey. After some search I found some near implementations but not an implementation that fully worked. One that inspired me was http://sharepointbender.blogspot.nl/2012/04/creating-back-button-on-sharepoint-2010.html but I found the history.back(-2) not satisfying. I wrote my one version in Javascript that uses the FirstField parameter of the survey to implement a correct behaviour. I hope it makes you happy. In the edit form I added a script link to the code below and i added the following statement spbackButton.init("Name of list"); In an javascript file I included the following code. var spbackButton = (function () { var _prevFieldsArray = new Array(); var _currentStep; var _prevPageStep; function setCookie(c_name,value,exdays) { var exdate=new Date(); exdate.setDate(exdate.getDate() + exdays); var c
Read more

How to set up AD FS for a development machine

Image
In this article I will describe how you should set up a development computer to use an existing AD FS. First thing we need to do is to create a trust between the ADFS server and the development machine. You can do this by login in with RDP at the server that is running ADFS and start up the "AD FS 2.0 Management" that is found under the Administrative tools. When the AD FS 2.0 Management studio is started you need to navigate to the "Relying Party Trusts" in the left folder structure. Then you nee to select "Add Relying Party Trust..." in the right menu. This will open the "Add Relying Party Trust Wizard" as shown below. When clicked on "Start" the following screen will open. Here you can specify how the relying party configuration is configured. For a development machine it is most easy to select just the last option "Enter data about the relying party manually" In the next screen you can fill in a name and descr
Read more