Recently I was doing so many tests on my ADFS lab and at one point, I basically got lost on my config and I did not remember what I had done. So, I got stucked in an ugly situation that my ADFS portal was not opening and it was giving an error in regards with TLS of my ADFS. Since I managed to fix that issue, I thought it is better to share this info with you in case you got yourself in same situation as me and you need a way out. Just a reminded that all the image you see with links here belongs to my LAB and I have no problem on showing them.
The problem started when my ADFS was saying: “Please turn on TLS 1.0, TLS 1.1 and TLS 1.2 in Advanced settings”. Although I verified that, and everything was OK. Here is how my portal was look like:
So, for a deeper analysis, I went through the event viewer to see the issue and where it come from. The event ID 249 was logged on my ADFS log and it was indicating that the certificate thumbprint was not found. Here is an image of the event in my event viewer:
Since it was a bit strange, I knew that there should be a problem with the certificate issued for my ADFS. I had a feeling that was telling me that the certificate issued for my ADFS is different from the certificate currently binded to my ADFS. So, I ran the PowerShell cmdlet Get-Adfssslcertificate on my ADFS server to view all the certificate stored. Right next to it, I wanted to see what the certificate is currently binded to my ADFS server. So, I queried the local cert store to compare the results and BAAM! The certificate stored on certificate store was completely different from the certificate binded to my ADFS. As you can see in this image, they are completely different:
Since I was certain that the certificates using the same name of portal and info, I knew that the only thing that differs here is the hash of the certificate, so let’s manually modify the hash of the certificate. I used Set-ADFSsslcertificate for that with the actual thumbprint of the correct certificate. I ran this command on my ADFS server:
And the next time once I verified the certificate binded to my ADFS, they seemed OK:
Then I restarted the ADFS service and everything was back to normal. Once you do this config properly, you will even see an event indicating that everything is done correctly with event number of 100 and source of ADFS:
That is all I did for fixing that problem. You may do it with GUI but since I found the problem via PowerShell, I sticked with PowerShell. I clearly do not know where this error came from but it is clear that it was me who produced this issue and that is because I do so many stupid things on my LAB to find how things work. :)