when we need to replace the token signing certificate or decryption certificate , after importing the new certificate , when we try to make the new certificate is primary , the primary option is greyed out
Cause : AutoCertificateRollover is enabled on the adfs properties.
How to fix that :
1.Open the powershell as administrator
2.Add-PSSnapin Microsoft.Adfs.PowerShell ---- this will load the powershell snapin module for the ADFS
3.get-adfsproperties --- this command will show you the Autocertificaterollover is $true which means it is enabled.
4. Set-ADFSProperties -AutoCertificateRollover $false ---- this sets the autocertificate rollover option to disable.
5.go back to your ADfs certificate console and right click on the new certificate and make that as primary certificate .
6. you can enable the autocertificaterollover back to enabled by running the Set-ADFSProperties -AutoCertificateRollover $true on powershell
Cause : AutoCertificateRollover is enabled on the adfs properties.
How to fix that :
1.Open the powershell as administrator
2.Add-PSSnapin Microsoft.Adfs.PowerShell ---- this will load the powershell snapin module for the ADFS
3.get-adfsproperties --- this command will show you the Autocertificaterollover is $true which means it is enabled.
4. Set-ADFSProperties -AutoCertificateRollover $false ---- this sets the autocertificate rollover option to disable.
5.go back to your ADfs certificate console and right click on the new certificate and make that as primary certificate .
6. you can enable the autocertificaterollover back to enabled by running the Set-ADFSProperties -AutoCertificateRollover $true on powershell
Thanks, that's exactly the information I was looking for.
ReplyDeleteThis is what i want. Thanks
ReplyDeleteThank you, saved me lots of time searching through msft articles
ReplyDeletethank you!!!
ReplyDelete