Thursday 5 February 2015

Active Directory Federation Services (AD FS) 3.0 Configuration Wizard "An error occurred while trying to configure this machine". "A certificate with the thumbprint xxxx was not found in the LocalMachine certificate store."

I was recently installing Active Directory Federation Services (AD FS) 3.0 which is shipped with Windows Server 2012 R2. I had provisioned and configured the first AD FS server which was utilizing the WID database as this was only in a test lab. I had requested a certificate from my internal CA with the Common Name fs.domain.com from the first AD FS server. It was issued and imported without problem into the Personal store on the primary AD FS server.

Once I had installed the AD FS role on the second server I was following the configuration wizard to get it added to the AD FS farm, I received the error "An error occurred while trying to configure this machine". "A certificate with the thumbprint xxxx was not found in the LocalMachine certificate store." this was because I had forgot that all of the AD FS components in a farm must use the exact same certificate.


I moved back to the primary AD FS server and launched the Certificates (Computer) MMC, from there I opened the fs.domain.com certificate from the Personal store, I checked that the thumbprint of this certificate matched the once required by the AD FS wizard on the secondary server.


The certificate must be Exported from the Primary and Imported into the Personal store on the secondary AD FS server (or any other FS servers such as ADFS Proxy/WAP's).






Rerun the AD FS configuration wizard and ensure you tick the box Overwrite Existing AD FS Configuration Database Data.