Solved

Office 365

Posted on 2014-02-18
6
376 Views
Last Modified: 2014-02-23
I have attached the error or alert I receive each time I open the Office 365 portal. How can I renew of fix this issue?
Premises-Error.gif
0
Comment
Question by:TabDB
  • 3
  • 3
6 Comments
 
LVL 40

Expert Comment

by:Vasil Michev (MVP)
ID: 39868423
As the alert says, one of the certificates you are using with AD FS will expire soon. This might be either the token signing/decrypting certificates or the communication ones. Review the following article for the procedure of changing them:

http://social.technet.microsoft.com/wiki/contents/articles/2554.ad-fs-2-0-how-to-replace-the-ssl-service-communications-token-signing-and-token-decrypting-certificates.aspx

If you are using self-signed certificates for token signing/decrypting, you might want to enable auto-renewal:

http://social.technet.microsoft.com/wiki/contents/articles/1424.ad-fs-2-0-how-to-enable-and-immediately-use-autocertificaterollover.aspx

Lastly, make sure to update the trust settings once you have replaced the certificates:

http://support.microsoft.com/kb/2647048
0
 

Author Comment

by:TabDB
ID: 39870187
It is both the Token Decrypting and the Token Signing. So how do I create new certs? I see how to replace them but I did not build this system so I do not know how to create new ones. Is this performed on a server within my network? They appear to be internal created certs since the Service Communications cert appears to be created by a third party provider.
0
 
LVL 40

Accepted Solution

by:
Vasil Michev (MVP) earned 500 total points
ID: 39870251
Ok, so you are using self-signed ones. You can use PowerShell to renew them:

Add-PSSnapin Microsoft.Adfs.Powershell

Update-ADFSCertificate -CertificateType: Token-Signing -Urgent:$true 

Update-ADFSCertificate -CertificateType: Token-decrypting -Urgent:$true

Update-MSOLFederatedDomain –DomainName <your domainname>

Open in new window


This will potentially cause a downtime for all federated users, so make sure to plan it after working hours.


To avoid this from happening in the future, you might want to enable auto-renewal:

http://social.technet.microsoft.com/wiki/contents/articles/1424.ad-fs-2-0-how-to-enable-and-immediately-use-autocertificaterollover.aspx

And make sure to also check the validity of the communication cert.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 

Author Comment

by:TabDB
ID: 39870270
Very well. Thank You. I will proceed with this on Saturday.
0
 
LVL 40

Expert Comment

by:Vasil Michev (MVP)
ID: 39870293
Oh, and of course make sure you have installed the WAAD PowerShell Module on the AD FS machine:

http://technet.microsoft.com/en-us/library/jj151815.aspx

Here's also another article that covers all the steps in more detail:

http://www.kraak.com/?p=190
0
 

Author Closing Comment

by:TabDB
ID: 39880688
This solved my issue. Only took five minutes. Very much appreciated.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office Picture Manager was included in Office 2003, 2007, and 2010, but not in Office 2013. Users had hopes that it would be in Office 2016/Office 365, but it is not. Fortunately, the same zero-cost technique that works to install it with …
This article explains how to prepare an HTML email signature template file containing dynamic placeholders for users' Azure AD data. Furthermore, it explains how to use this file to remotely set up a department-wide email signature policy in Office …
Microsoft Office Picture Manager has a Picture Shortcuts pane that shows a list with the Recently Browsed folders. While creating my video Micro Tutorial here at Experts Exchange showing How to Install Microsoft Office Picture Manager in Office 2013…
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question