After renewing the Microsoft Dynamics CRM Internet Facing Deployment (IFD) Certificate through the Microsoft Dynamics CRM Deployment Manager, an AD FS generic error message is shown when you try to log into CRM. Additionally, the following error message can be found in the Event Viewer on the AD FS server:
Microsoft.IdentityServer.Web.RequestFailedException: MSIS7012: An error occurred while processing the request. Contact your administrator for details. ---> Microsoft.IdentityServer.Protocols.WSTrust.StsConnectionException: MSIS7004: An exception occurred while connecting to the federation service. The service endpoint URL 'net.tcp://localhost:1501/adfs/services/trusttcp/windows' may be incorrect or the service is not running. ---> System.ServiceModel.EndpointNotFoundException: There was no endpoint listening at net.tcp://localhost:1501/adfs/services/trusttcp/windows that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.
AD FS 2.0 Service Communications certificate is missing in AD FS.
Configure the AD FS Server service to use the new or existing certificate. To do this, follow these steps:
1. Open AD FS 2.0 Management.
2. Browse to AD FS 2.0\Service\Certificates.
3. Right-click Certificates, and then select Set Service Communications Certificate.
4. Select the new certificate from the certificate selection UI.
5. Click OK.
It is recommended to follow all the steps found in the KB 2504439 in order to check whether the ADFS settings are correct.
How to change the ADFS 2.0 service communications certificate after it expires