ADFS AutoCertificateRollover
BITE (show) (Photo credit: Wikipedia ) Leaving your ADFS 2.0 installation in AutoCertificateRollover mode will most certainly bite you in the ass at some point. This is the default mode when you install ADFS, and when your certificate expires, you'll get something that looks like this: The key to your answer is in the first line: ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. All you need to do is insert the new thumbprint from your ADFS Token-signing certificate. Make sure it's all in uppercase, and you've not added any invalid character codes, or spaces in the thumbprint or you will continue to get this error message . You are better served by generating another certificate for a longer period than the default 1 year. You can easily do this by opening Windows PowerShell and issuing the following: First, add your snapin: Add-PsSnapin Microsoft.Adfs.Powershell Show a list of your ADFS properties. Get-ADFSProperti