FIX: An error occurs when you use a third-party CSP and HSM and then configure a claims provider trust in Update Rollup 3 for AD FS 2.0 on Windows Server 2008 R2 Service Pack 1


Consider the following scenario:

  • You apply Update Rollup 3 for Active Directory Federation Services (AD FS) 2.0 to a server that is running Windows Server 2008 R2 Service Pack 1.

  • You use a third-party Cryptographic Service Provider (CSP) and Hardware Security Module (HSM) to generate and store private keys.

  • You configure ADFS 2.0 Token Signing to use a certificate that is issued by an HSM.

In this scenario when you configure a claims provider trust, you receive the following error message:

An error occurred during an attempt to read the federation metadata.


This problem occurs because of incorrect metadata generation.


To resolve this problem, apply security update 2843638.


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.


See the terminology Microsoft uses to describe software updates.

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.