Symptoms
Consider following scenario:
-
You have a Web Application Proxy installed on Windows Server 2012 R2.
-
A year after the installation, the Active Directory Federation Services (AD FS) certificate automatically updates when the automatic certificate rollover is enabled.
In this scenario, the users cannot be authenticated correctly in AD FS, and all users are blocked.
Cause
This issue occurs because the Web Application Proxy does not detect the update when the AD FS uses a new certificate.
Note During the Web Application Proxy installation, the Web Application Proxy reads the AD FS certificate data so that it can make sure that users are authenticated correctly.
Resolution
Update information
To resolve this issue, install update rollup 2955164. For more information about how to obtain this update rollup package, click the following article number to view the article in the Microsoft Knowledge Base:
2955164 Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 update rollup: May 2014
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
More Information
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates For more information about Web Application Proxy, go to the following Microsoft website: