?
Solved

Office 365

Posted on 2014-02-18
6
Medium Priority
?
383 Views
Last Modified: 2014-02-23
I have attached the error or alert I receive each time I open the Office 365 portal. How can I renew of fix this issue?
Premises-Error.gif
0
Comment
Question by:TabDB
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 43

Expert Comment

by:Vasil Michev (MVP)
ID: 39868423
As the alert says, one of the certificates you are using with AD FS will expire soon. This might be either the token signing/decrypting certificates or the communication ones. Review the following article for the procedure of changing them:

http://social.technet.microsoft.com/wiki/contents/articles/2554.ad-fs-2-0-how-to-replace-the-ssl-service-communications-token-signing-and-token-decrypting-certificates.aspx

If you are using self-signed certificates for token signing/decrypting, you might want to enable auto-renewal:

http://social.technet.microsoft.com/wiki/contents/articles/1424.ad-fs-2-0-how-to-enable-and-immediately-use-autocertificaterollover.aspx

Lastly, make sure to update the trust settings once you have replaced the certificates:

http://support.microsoft.com/kb/2647048
0
 

Author Comment

by:TabDB
ID: 39870187
It is both the Token Decrypting and the Token Signing. So how do I create new certs? I see how to replace them but I did not build this system so I do not know how to create new ones. Is this performed on a server within my network? They appear to be internal created certs since the Service Communications cert appears to be created by a third party provider.
0
 
LVL 43

Accepted Solution

by:
Vasil Michev (MVP) earned 2000 total points
ID: 39870251
Ok, so you are using self-signed ones. You can use PowerShell to renew them:

Add-PSSnapin Microsoft.Adfs.Powershell

Update-ADFSCertificate -CertificateType: Token-Signing -Urgent:$true 

Update-ADFSCertificate -CertificateType: Token-decrypting -Urgent:$true

Update-MSOLFederatedDomain –DomainName <your domainname>

Open in new window


This will potentially cause a downtime for all federated users, so make sure to plan it after working hours.


To avoid this from happening in the future, you might want to enable auto-renewal:

http://social.technet.microsoft.com/wiki/contents/articles/1424.ad-fs-2-0-how-to-enable-and-immediately-use-autocertificaterollover.aspx

And make sure to also check the validity of the communication cert.
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:TabDB
ID: 39870270
Very well. Thank You. I will proceed with this on Saturday.
0
 
LVL 43

Expert Comment

by:Vasil Michev (MVP)
ID: 39870293
Oh, and of course make sure you have installed the WAAD PowerShell Module on the AD FS machine:

http://technet.microsoft.com/en-us/library/jj151815.aspx

Here's also another article that covers all the steps in more detail:

http://www.kraak.com/?p=190
0
 

Author Closing Comment

by:TabDB
ID: 39880688
This solved my issue. Only took five minutes. Very much appreciated.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question