Hi All,I have a notification from O365 portal:"One of your on-premises Federation Service certificates is expiring. Failure to renew the certificate and update trust properties within 5 days will result in a loss of access to all Office 365 services for all users" I checked my ADFS server i.e. Windows Server 2008 R2, ADFS 2.0 management, Service -> CertificatesThe Token-signing shows: expiration date: 16/10/2018 it does not make sense at all, as today is 26/09/2018, the O365 portal says I have only 5 days left which would be on the 1/10/2018, and the Token-signing cert due date is 16/10/2018.Can anyone shed a light on my issue, that would be really appreciated. Regards

This is sort of a "known" issue and is intentional in order to make sure you don't overlook this and end up with your users blocked from accessing O365. Simply update the certificate as soon as possible and the notifications will go away. If you need help with the steps: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-o365-certs

ADFS Password Expiration Notification | Microsoft Community Hub

EricStarker
Community Manager
Sep 26, 2018
I'm moving this to the Azure Active Directory space for better visibility.
VasilMichev
MVP
Sep 29, 2018
This is sort of a "known" issue and is intentional in order to make sure you don't overlook this and end up with your users blocked from accessing O365. Simply update the certificate as soon as possible and the notifications will go away. If you need help with the steps: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-o365-certs
Eli Shlomo
MVP
Sep 29, 2018
Hi,

Its very simple, Microsoft wants you to be safe and avoid a resume and generating event, so they make a 30 day. This makes the warning and automatic renewal overlap by 5 days to make sure you have enough time to update Office 365 before the old certificate expires.

Expiration minus 45 days – Issue federation certificate expiration warning in the Portal
Expiration minus 20 days – automatically renew a token-signing certificate
Expiration minus 19 days – scheduled task updates Office 365 with a new token-signing certificate.
More information https://www.eshlomo.us/office-365-and-adfs-certificate-notification/
Eli.
- Dzung Vu
  Copper Contributor
  Oct 08, 2018
  Thank you all for your help, I had to replace with the third-party SSL cert, since we've already had in place. and updated IIS with the third-party SSL. All Good!!
  Once again, thank you very much
  Regards,

Forum Discussion

ADFS Password Expiration Notification

Share

Resources