Jorge's Quest For Knowledge!

All About Identity And Security On-Premises And In The Cloud – It's Just Like An Addiction, The More You Have, The More You Want To Have!

The Knowledge Archives
The Knowledge Archives
RSS Links

RSS - Posts
RSS - Comments
Email Subscription

Subscribe to receive notifications of new posts by email.

Email Address:

Join 2,068 other subscribers
Categories
- Active Directory Certificate Services (ADCS) (31)
  - CAPOLICY.INF (2)
  - Certificate Templates (2)
  - Certificates (3)
  - Learning Guide (1)
  - OCSP (13)
  - SHA1 (1)
- Active Directory Domain Services (ADDS) (335)
  - Account Expiration Notification (1)
  - Active Directory Users And Computers (2)
  - Active Directory Web Service (2)
  - AD Queries (30)
  - ADSIEDIT (2)
  - Auditing (11)
  - AuthN (8)
  - Azure AD Connect Health (3)
  - Backup And Restore (11)
  - Confidential (1)
  - Conflicting Objects (1)
  - Data Set (1)
  - DC Locator (8)
  - Deactivate/Defunct (1)
  - Delegation (5)
  - Delegation Of Control (18)
  - Documentation (1)
  - Domain Join (3)
  - DomainPrep (1)
  - Fine Grained Password Policies (12)
  - Fixing Identity Data (1)
  - Forest Recovery (17)
  - ForestPrep (1)
  - FSMO (2)
  - Functional Levels (1)
  - GAP Analysis (1)
  - Group Policy Objects (5)
  - Group Policy Preferences (2)
  - Indexing (4)
  - Install From Media (1)
  - KCC (8)
  - Kerberos AuthN (25)
  - Kerberos Constrained Delegation (3)
  - KrbTgt Account (10)
  - Last Logon Information (4)
  - LDAPS (1)
  - LDP (2)
  - Lingering Objects (1)
  - Metadata Cleanup (10)
  - Naming/Limits (1)
  - NTLM AuthN (12)
  - Object Deletion/Restore (13)
  - Password Expiration Notification (7)
  - Passwordless (2)
  - Passwords (15)
  - Performance (1)
  - Promotion/Demotion (17)
  - Ransomware (3)
  - Read-Only Domain Controller (9)
  - Replication (36)
  - RODCPrep (1)
  - Schema (21)
  - Security (19)
  - Selective AuthN (1)
  - Sizing (2)
  - SYSVOL (25)
  - Trusts (7)
  - Updates (1)
  - Upgrade (1)
  - Vulnerability (2)
  - What's New (1)
- Active Directory Federation Services (ADFS) (126)
  - Attribute Store (1)
  - Auditing (1)
  - Auto Certificate Rollover (3)
  - Azure AD / Office 365 (5)
  - Azure AD Connect Health (1)
  - Azure AD MFA Adapter (7)
  - Certificate Based AuthN (2)
  - Certificates (15)
  - Claim Types (5)
  - Claims (5)
  - Claims Based Apps (6)
  - Claims Rule Language (10)
  - Configuration (2)
  - DB On SQL (3)
  - DB On WID (6)
  - Device Registration (2)
  - Endpoints (1)
  - Enterprise PRT (1)
  - Export/Import (2)
  - Farm (3)
  - Federation Metadata (9)
  - Federation Trusts (11)
  - Forms Based AuthN (4)
  - Hardening (1)
  - Home Realm Discovery (HRD) (3)
  - Identity Stores (3)
  - IdP-Initiated (3)
  - JWT Tokens (1)
  - Kerberos Constrained Delegation (1)
  - Migration (5)
  - onload.js (2)
  - Ports (3)
  - Pre-Authentication (1)
  - Proxy Service (5)
  - RelayState (1)
  - SALESFORCE.COM (1)
  - Security Token Service (STS) (16)
  - Security Tokens (5)
  - Service Account (2)
  - Shibboleth (1)
  - StandAlone (2)
  - Tracing (1)
  - Transform Rules (6)
  - Troubleshooting (2)
  - Updates (8)
  - Upgrading (2)
  - Version (1)
  - Web Application Proxy (7)
  - Web Themes (1)
  - What's New (1)
  - Windows Integrated AuthN (5)
  - Workplace Join (2)
- Active Directory Lightweight Directory Services (ADLDS) (7)
  - Data Set (1)
  - Functional Level (1)
  - LDAPS (1)
- Apple (1)
  - iPad (1)
- Batch Script (4)
- Beta/RC Stuff (58)
- Blog (1)
- Blog Post Series (62)
- Certificates (2)
- Cloud Services (3)
- Company/Employer Stuff (13)
- Conferences (41)
- Core Networking Services (12)
  - NTP (6)
- Cyber Attack (1)
- Day-To-Day Stuff (118)
- Design Guides (30)
- Exchange Server (24)
  - OWA (1)
- Field Experiences (10)
- Firewall (1)
- Forefront Identity Manager (FIM) bHold (23)
  - Updates (16)
- Forefront Identity Manager (FIM) Certificate Management (40)
  - Troubleshooting (2)
  - Updates (19)
- Forefront Identity Manager (FIM) PCNS (9)
  - Updates (7)
- Forefront Identity Manager (FIM) Portal (101)
  - Activities (1)
  - Backup/Export (1)
  - Calendar (1)
  - Data Set (1)
  - Logon/Access (1)
  - Mail Template (1)
  - MPR (2)
  - PowerShell (1)
  - RCDC (5)
  - Search Scopes (1)
  - Self Service Password Reset (4)
  - SET (4)
  - Tools (2)
  - Troubleshooting (3)
  - Updates (21)
  - User Verification (1)
  - Workflow (5)
  - Xpath (2)
- Forefront Identity Manager (FIM) Sync (78)
  - Backup/Export (1)
  - Connector/MA (9)
  - CSExport (2)
  - GAL Sync (2)
  - Tools (4)
  - Troubleshooting (1)
  - Updates (23)
- Hardware/Devices (1)
- Identity Lifecycle Manager (ILM) (22)
- Intune (1)
- IT News (22)
- IT Pro Tools (14)
- KB Articles (1)
- Literature (1)
- MCP/MCT (2)
- Microsoft (4)
- Microsoft Authenticator App (3)
- Microsoft Identity Manager (MIM) (11)
  - PCNS (1)
  - Portal (1)
  - Updates (6)
- Migration/Upgrade (11)
  - ADMT (3)
  - PES (3)
- Mobile Devices (2)
- MVP (22)
- Networking (8)
- OCS/Lync Server (4)
- Office (1)
- Office 365 (5)
  - DirSync (2)
  - SSO (3)
  - Troubleshoot (1)
- Outlook.com (1)
- Password-Less (2)
- Personal Stuff (17)
- PowerShell (130)
- SaaS Apps (1)
- Security (10)
- Sharepoint Server (16)
- SQL Server (4)
- Tooling/Scripting (128)
- Uncategorized (10)
- VB Script (7)
- Virtualization (26)
- Windows Azure (2)
- Windows Azure Active Directory (151)
  - App Access Management (1)
  - Azure AD Administrative Units (11)
  - Azure AD Application Proxy Connector (1)
  - Azure AD B2B (1)
  - Azure AD B2C (2)
  - Azure AD Cloud Sync (3)
  - Azure AD Connect (74)
    - Documenter (1)
  - Azure AD Connect Health (6)
  - Azure AD Domain Services (DCaaS) (2)
  - Azure AD Graph (2)
  - Azure AD Identity Protection (3)
  - Azure AD Join (6)
  - Azure AD Password Protection (12)
  - Azure AD PRT (1)
  - Azure AD Sync (8)
  - Branding (1)
  - Certificates (2)
  - Conditional Access (4)
  - Data Set (1)
  - DirSync (3)
  - GAP Analysis (1)
  - Microsoft Graph (8)
  - Monitoring/Reporting (1)
  - Multi-Factor AuthN (13)
  - Pass Through Authentication (2)
  - Password Hash Sync (PHS) (1)
  - Passwordless (2)
  - Passwords (12)
  - Portals (2)
  - RBAC (3)
  - Rights Management (1)
  - Self-Service Group Management (1)
  - Self-Service Password Reset (6)
  - SSO (5)
  - Trial (1)
  - Troubleshoot (2)
- Windows Client (68)
  - Apps (1)
  - Event Log (1)
  - Remote Server Administration Tools (3)
  - Security (1)
  - Updates (2)
  - User Rights (1)
  - WH4B (3)
- Windows Server (157)
  - Event Log (1)
  - Remote Server Administration Tools (2)
  - Security (1)
  - Server Core (2)
  - Support (1)
  - System Wide Proxy Settings (2)
  - Updates (5)
  - User Rights (1)
- Yammer (1)
  - DirSync (1)

(2017-01-15) Azure AD Connect Health Telling The ADFS Farm Just Dropped Dead!

Posted by Jorge on 2017-01-15

When you get any or all of the following mails from Azure AD Connect, your ADFS farm is hosed and you are in big trouble. Make sure this does NOT happen to you!

(Don’t worry, this is just my test/demo environment that was turned for the holidays)

Figure 1: E-mail From Azure AD Connect Health Mentioning The Token Signing Certificate Has Expired

–

Figure 2: E-mail From Azure AD Connect Health Mentioning The Token Encryption/Decryption Certificate Has Expired

–

Figure 3: E-mail From Azure AD Connect Health Mentioning The SSL Certificate Has Expired

–

In addition, your ADFS Admin Event Log only displays one color, RED, lots of it!

–

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
######### http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

This entry was posted on 2017-01-15 at 23:00 and is filed under Active Directory Federation Services (ADFS), Azure AD Connect Health, Certificates, Windows Azure Active Directory. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a comment Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

« (2017-01-11) Azure AD Connect v1.1.380.0 Has Been Released

(2017-01-29) Azure AD MFA Server v7.2.0.1 Has Been Released »