Getting an error when browsing the ADFS Xml

System: Dynamics 365 | Windows 2012 R2

I configured ADFS 3.0 and I am working on the Claim-Based Authentication,  I am getting the error below when browsing the ADFS Xml:
There was an error in enabling endpoints of Federation Service. Fix configuration errors using PowerShell cmdlets and restart the Federation Service.

I restarted the CRM server and the ADFS service but it still shows the error.  I am working on using PowerShell but cant find the ADFS 3.0 snap-in on the CRM server
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

carlos sotoIT AdministratorCommented:

do you have a specifik service account that is running the ADFS service? if so, check if it has the permissions to read the certificate properties
apollo7Author Commented:
Using  the CRM Admin account, the System Admin told me it has active directory rights, what do I look at to see if it has permissions to read the certificate properties?
carlos sotoIT AdministratorCommented:
open computer certificates in mmc.exe. Go to personal certificates, right click your certificate and select "all tasks" and "manage private keys"
check that adfssrv has read rights. Add the account that is running the ADFS Service, and then give the account at least read permissions.

Also, the url you poster isnt working. Maybe its only open from the inside?? otherwise i should be able to download the xml file or get the same error as you
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

apollo7Author Commented:
When I open computer certificates in mmc.exe and go to personal certificates, I right click one of the two certificates and select "all tasks" but don't get "manage private keys" - I get "manage enrollment policies"

I checked that adfssrv has read rights. I gave the adfssrv all rights except full control

I am  not getting the option to add the account that is running the ADFS Service and give the account at least read permissions.
carlos sotoIT AdministratorCommented:
look at the certificates for the computer, not current user. And check for the permissions there.

certificate store
You should be able to add a user to the certificate, the same way as you add permissions to a folder

was the adfs url you posted the right url? is it open from the outside?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
apollo7Author Commented:
I was able to finish the adfs setup by having the System Admin do the following:

Created a user: adfs18 and assigned that to run the adfs service. He also added a DNS entry that points to the CRMTEST

I can now browse the adfs xml, problem solved!

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.