Web Application Proxy cannot detect the updated certificate after it automatically updates on Windows Server 2012 R2

Applies to: Windows Server 2012 R2 DatacenterWindows Server 2012 R2 EssentialsWindows Server 2012 R2 Foundation More

Symptoms


Consider following scenario:

  • You have a Web Application Proxy installed on Windows Server 2012 R2.
  • A year after the installation, the Active Directory Federation Services (AD FS) certificate automatically updates when the automatic certificate rollover is enabled.

In this scenario, the users cannot be authenticated correctly in AD FS, and all users are blocked.

Cause


This issue occurs because the Web Application Proxy does not detect the update when the AD FS uses a new certificate.

Note During the Web Application Proxy installation, the Web Application Proxy reads the AD FS certificate data so that it can make sure that users are authenticated correctly.

Resolution


Update information

To resolve this issue, install update rollup 2955164. For more information about how to obtain this update rollup package, click the following article number to view the article in the Microsoft Knowledge Base:
2955164  Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 update rollup: May 2014

Status


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information


For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates
For more information about Web Application Proxy, go to the following Microsoft website: