one of your on-premises federation service certification is expiring update now

We are getting the pop when logging to O365 portal. The AutoCertificateRollover property is set to TRUE in ADFS server.
Please let me know if we need to update the certificate manually or it will be taken care by itself.

Attached few logs from the server.
msolfedprop.txt
adfsprops.txt
o365AdmAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Vasil Michev (MVP)Commented:
The popup usually shows up several weeks in advance (60 days if I remember correctly), so you have plenty of time to plan. In your case, auto-certificate rollover will take care of replacing the cert. In case you are not using the same cert as the SSL communications cert, your only job is to make sure the metadata is updated after the change happens. You can automate this part by settings up a scheduled task as detailed here: https://gallery.technet.microsoft.com/scriptcenter/Office-365-Federation-27410bdc

If you are using the same cert as token signing and SSL comm, you need to plan for replacing it on the AD FS server, Proxy/WAP servers any LBs, etc. Here are the relevant articles:

for AD FS 2.0/2.1 http://social.technet.microsoft.com/wiki/contents/articles/2554.ad-fs-how-to-replace-the-ssl-service-communications-token-signing-and-token-decrypting-certificates.aspx
for AD FS 3.0 http://blogs.technet.com/b/tune_in_to_windows_intune/archive/2013/11/13/replace-certificates-on-adfs-3-0.aspx
1
o365AdmAuthor Commented:
Hi Vasil,

In my case the AutoCertificateRollover is True, so will it take care of the replacement of cert. If so how many days before the expiry date certificate is updated.

Also how do I know if my server is ADFS 2.x or 3.0.

Thanks you.
0
Vasil Michev (MVP)Commented:
In your case it will be 20 days before the expiry, as per the CertificateGenerationThreshold value. You can find details for example here: http://social.technet.microsoft.com/wiki/contents/articles/16156.ad-fs-2-0-understanding-autocertificaterollover-threshold-properties.aspx

For determining the version, check for example here: https://jorgequestforknowledge.wordpress.com/2014/02/23/gathering-architectural-details-from-your-adfs-infrastructure-adfs-version/
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
o365AdmAuthor Commented:
Excellent Vasil.

We have 25 days expiry date so hopefully the federation service will take care of the certificates automatically after 5 days without our involvement.

Thank you so much for taking time. Much Appreciated.
0
o365AdmAuthor Commented:
I got an apt solution from the expert. Thank you.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Office 365

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.