Office 365

I have attached the error or alert I receive each time I open the Office 365 portal. How can I renew of fix this issue?
Premises-Error.gif
TabDBAsked:
Who is Participating?
 
Vasil Michev (MVP)Connect With a Mentor Commented:
Ok, so you are using self-signed ones. You can use PowerShell to renew them:

Add-PSSnapin Microsoft.Adfs.Powershell

Update-ADFSCertificate -CertificateType: Token-Signing -Urgent:$true 

Update-ADFSCertificate -CertificateType: Token-decrypting -Urgent:$true

Update-MSOLFederatedDomain –DomainName <your domainname>

Open in new window


This will potentially cause a downtime for all federated users, so make sure to plan it after working hours.


To avoid this from happening in the future, you might want to enable auto-renewal:

http://social.technet.microsoft.com/wiki/contents/articles/1424.ad-fs-2-0-how-to-enable-and-immediately-use-autocertificaterollover.aspx

And make sure to also check the validity of the communication cert.
0
 
Vasil Michev (MVP)Commented:
As the alert says, one of the certificates you are using with AD FS will expire soon. This might be either the token signing/decrypting certificates or the communication ones. Review the following article for the procedure of changing them:

http://social.technet.microsoft.com/wiki/contents/articles/2554.ad-fs-2-0-how-to-replace-the-ssl-service-communications-token-signing-and-token-decrypting-certificates.aspx

If you are using self-signed certificates for token signing/decrypting, you might want to enable auto-renewal:

http://social.technet.microsoft.com/wiki/contents/articles/1424.ad-fs-2-0-how-to-enable-and-immediately-use-autocertificaterollover.aspx

Lastly, make sure to update the trust settings once you have replaced the certificates:

http://support.microsoft.com/kb/2647048
0
 
TabDBAuthor Commented:
It is both the Token Decrypting and the Token Signing. So how do I create new certs? I see how to replace them but I did not build this system so I do not know how to create new ones. Is this performed on a server within my network? They appear to be internal created certs since the Service Communications cert appears to be created by a third party provider.
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
TabDBAuthor Commented:
Very well. Thank You. I will proceed with this on Saturday.
0
 
Vasil Michev (MVP)Commented:
Oh, and of course make sure you have installed the WAAD PowerShell Module on the AD FS machine:

http://technet.microsoft.com/en-us/library/jj151815.aspx

Here's also another article that covers all the steps in more detail:

http://www.kraak.com/?p=190
0
 
TabDBAuthor Commented:
This solved my issue. Only took five minutes. Very much appreciated.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.