ADFS 3.0中的ADFS服务通信证书续订问题 [英] ADFS service communication certifcate renewal issue in ADFS 3.0
问题描述
大家好,
我们在服务器场中有2台ADFS服务器,带有SQL后端& 2 ADFS代理服务器,对于服务通信,我们使用Digicert认证&令牌证书是自签名的
目前我们有SHA1 digicert证书,我们计划用sha2证书替换sha1证书&我们还在ADFS和ADFS中更新了证书。 ADFS代理服务器
发布续订ADFS依赖方应用程序(如CRM,sharepoint等网站)正在从内部工作中运行但当我们尝试访问时从外部网络我们得到"服务器挂断"访问CRM时出错,sharepoint webistes
除了下面的"Schannel"之外,没有找到与ADFS相关的错误。证书更新后的错误,是否有人在他们的环境中出现相同的错误
注意:我们在证书续订后发现了更多的事件,在将证书推回旧版本后,这些错误在服务器中消失了
日志名称:系统
来源:Schannel
事件ID:36888
时间:2015年6月15日10.01 AM
级别:错误
用户:系统
计算机:abc
描述: 生成致命警报并发送到远程端点。这可能导致连接终止。 TLS协议定义的致命错误代码为40. Windows Schannel错误状态为1205
=========== ===
日志名称:系统
来源:Schannel
事件ID:36874
时间:2015年6月15日10.01上午
等级:错误
用户:系统
计算机:abc
描述: 从远程客户端应用程序收到TLS 1.2连接请求,但不支持客户端应用程序支持的密码套件由服务器。 SSL连接请求失败
Hi Sunil,
尝试按照以下文章关于如何更改证书ADFS 3.0。您可以单独留下DRS证书,但专注于使用两个应该运行的PShell命令
a / Set-AdfsCertificate
b /  ;设置-AdfsSslCertificate
Hi All,
We have 2 ADFS servers in farm with SQL backend & 2 ADFS proxy servers, For service communication we are using Digicert certifcate & Token certiifcates are self signed
Currently we were having SHA1 digicert certificate, we planned to replace sha1 certificates with sha2 certificates & we renewed certificates as well in both ADFS & ADFS proxy servers
Post renewal ADFS relying party application like CRM, sharepoint etc sites are working from internal entwork but when we try to access from external network we were getting "server hangup" error while accessing the CRM, sharepoint webistes
There was no ADFS related errors was found except the below "Schannel" errors after certiifcate renewal, Does anyone got same error in their environment
Note: we found more events after certiifcate renewal, after rolling the back the certiifcates to old one these errors gone in the server
Log Name: System
Source : Schannel
Event ID: 36888
Time : 6/15/2015 10.01 AM
Level : Error
User : System
Computer : abc
Description: A fatal alert was generated and sent to remote endpoint. This may result in termination of connection. The TLS protocol defined fatal error code is 40. The windows Schannel error state is 1205
==============
Log Name: System
Source : Schannel
Event ID: 36874
Time : 6/15/2015 10.01 AM
Level : Error
User : System
Computer : abc
Description: An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed
Hi Sunil,
Try to follow the article below on how to change certificates with ADFS 3.0. You can leave DRS certificate alone, but focus on using two PShell commands which should be run
a/ Set-AdfsCertificate
b/ Set-AdfsSslCertificate
这篇关于ADFS 3.0中的ADFS服务通信证书续订问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!