Last week a added a secondary, internally signed, token-signing certificate to our ADFS 3.0 farm in advance of the cert rollover later this week. When running a get-adfsproperties to validate we see both the current primary cert and the new secondary cert. However, I'm not seeing the new cert in our federationmetadata. Why would that be?
Apologies.......failed to post an update after we resolved it.
Ended up having to reboot the ADFS servers. Cycling the ADFS service wasn't enough. Likely some other internal issue that needs to be looked at, and will, but this specific problem with the metadata is resolved.