标签:server ret archive pretty tin mmu bin 命令 let
I found a related TechNet Blog that shed some light on the subject:
http://blogs.technet.com/b/tune_in_to_windows_intune/archive/2013/11/13/replace-certificates-on-adfs-3-0.aspx
According to this document, after setting the Service Communications
Certificate in the MMC, you must run:Get-ADFSCertificate
to
fetch the certificate thumbprint of the Service Communications Cert. Take note
of the certificate thumbprint, then run:Set-ADFSSslCertificate
-Thumbprint [yourThumbprint]
“Set-AdfsSslCertificate” will fix the HTTP.SYS bindings used by ADFS.
Apparently the MMC does not set the bindings, which is pretty annoying
because this leaves the service in a pretty darn broken state. The HTTP bindings
are mentioned in this TechNet
documentation:
https://technet.microsoft.com/en-us/library/dn781428.aspx
BUT,
the docs do not explicitly state that the Set-AdfsSslCertificate cmdlet needs to
be run on all of the ADFS server nodes in your farm. This also is a key
missing detail.
标签:server ret archive pretty tin mmu bin 命令 let
原文地址:http://www.cnblogs.com/Earson/p/6254327.html