Hi,
Question from a Newbie CRM.....
We have ADFS 3.0 on Windows Server 2012R2. Two servers on internal LAN and two Web Application Proxy (WAP). Our CRM is installed as Internet Faced Deployment (IFD).
The ADFS has an internal token-decryption and token-signing certificate, which is valid for one year. Every year this certificate will be replaced automatically by standard ADFS behavior:
- 20 days prior to expiration date, a new certificate is issued, and will be secondary in ADFS.
- 5 days after the old and the new certificate switch places. The old becomes secondary and the new becomes primary
- When the old certificate expires, it will be deleted
Last year, and this year CRM stopped working when the old and the new certificate switched places. And some manually things had to be done inside CRM before It worked again.
This error was on the CRM server:
Error Message: ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer.
Question: How CRM handle that the ADFS certificate changes automatically? Why must the CRM consultant do manually work?