Solved

Office 365

Posted on 2014-02-18
6
373 Views
Last Modified: 2014-02-23
I have attached the error or alert I receive each time I open the Office 365 portal. How can I renew of fix this issue?
Premises-Error.gif
0
Comment
Question by:TabDB
  • 3
  • 3
6 Comments
 
LVL 39

Expert Comment

by:Vasil Michev (MVP)
ID: 39868423
As the alert says, one of the certificates you are using with AD FS will expire soon. This might be either the token signing/decrypting certificates or the communication ones. Review the following article for the procedure of changing them:

http://social.technet.microsoft.com/wiki/contents/articles/2554.ad-fs-2-0-how-to-replace-the-ssl-service-communications-token-signing-and-token-decrypting-certificates.aspx

If you are using self-signed certificates for token signing/decrypting, you might want to enable auto-renewal:

http://social.technet.microsoft.com/wiki/contents/articles/1424.ad-fs-2-0-how-to-enable-and-immediately-use-autocertificaterollover.aspx

Lastly, make sure to update the trust settings once you have replaced the certificates:

http://support.microsoft.com/kb/2647048
0
 

Author Comment

by:TabDB
ID: 39870187
It is both the Token Decrypting and the Token Signing. So how do I create new certs? I see how to replace them but I did not build this system so I do not know how to create new ones. Is this performed on a server within my network? They appear to be internal created certs since the Service Communications cert appears to be created by a third party provider.
0
 
LVL 39

Accepted Solution

by:
Vasil Michev (MVP) earned 500 total points
ID: 39870251
Ok, so you are using self-signed ones. You can use PowerShell to renew them:

Add-PSSnapin Microsoft.Adfs.Powershell

Update-ADFSCertificate -CertificateType: Token-Signing -Urgent:$true 

Update-ADFSCertificate -CertificateType: Token-decrypting -Urgent:$true

Update-MSOLFederatedDomain –DomainName <your domainname>

Open in new window


This will potentially cause a downtime for all federated users, so make sure to plan it after working hours.


To avoid this from happening in the future, you might want to enable auto-renewal:

http://social.technet.microsoft.com/wiki/contents/articles/1424.ad-fs-2-0-how-to-enable-and-immediately-use-autocertificaterollover.aspx

And make sure to also check the validity of the communication cert.
0
Why are Office 365 signatures so complicated?

Trying to setup transport rules for Office 365 email signatures and can’t quite figure it out? Having to test the signature over and over? Make things simple by using Exclaimer Cloud - Signatures for Office 365.

 

Author Comment

by:TabDB
ID: 39870270
Very well. Thank You. I will proceed with this on Saturday.
0
 
LVL 39

Expert Comment

by:Vasil Michev (MVP)
ID: 39870293
Oh, and of course make sure you have installed the WAAD PowerShell Module on the AD FS machine:

http://technet.microsoft.com/en-us/library/jj151815.aspx

Here's also another article that covers all the steps in more detail:

http://www.kraak.com/?p=190
0
 

Author Closing Comment

by:TabDB
ID: 39880688
This solved my issue. Only took five minutes. Very much appreciated.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Synchronize a new Active Directory domain with an existing Office 365 tenant
Find out what the Office 365 disclaimer function is, why you would use it and its limited ability to create Office 365 signatures.
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now