AD FS 2.0 Federation Server Configuration Wizard Error


Errors:

An error occurred during an attempt to perform the configuration task: An error occurred during an attempt to access the private key of the certificate with thumbprint XXXXXXXXXXXXXXXXXXXXXXXXXXXX’.  Confirm that the certificate has a private key and that you have permission to read the private key, and try again.

or

An error occurred during an attempt to perform the configuration task: A certificate with the thumbprint XXXXXXXXXXXXXXXXXXXXXXXXXXXX was not found in the My certificate store.

 

Solution:

This one was killing me for darn near a whole day.  No matches online for the errors, so hopefully these find someone else.  The problem occurred when I tried to join a second federation server to my ADFS farm.  Basically, the thumbprint found in the XXXXXXXXXXXXXXXXXXXXXXXXXXXX refers to the one on your *primary* server; not the one you’re adding.  So, you have to replace the certificate you bound to the default website with the one from the primary federation server.  You do this through MMC > Certificates > Local Computer > Personal Store > Export.  Copy that over to the server you’re trying to add to the farm and import it to the same location using the MMC again.  Finally got past this thing.  Phew!


Comments (3)

  1. fortetg says:

    Just stumbled across your site after encountering the same error.  Saved me a lot of time, worked like a charm!  Thanks for sharing!

  2. alross says:

    Thanks for the feedback.  Makes it worth writing these up when they help others.  :)

  3. Travis Stock says:

    I followed your directions (thanks by the way! Saved me a lot of time as well!), however, I continued to have errors.

    I believe I was causing this to occur by not allowing the certificate to be Exported ("Allow this Certificate to be exported") when I was running the import on the Secondary Federation server. After leaving this checked, my Secondary Federation Server setup completed successfully.