Web Application Proxy cannot detect the updated certificate after it automatically updates on Windows Server 2012 R2


Consider following scenario:

  • You have a Web Application Proxy installed on Windows Server 2012 R2.

  • A year after the installation, the Active Directory Federation Services (AD FS) certificate automatically updates when the automatic certificate rollover is enabled.

In this scenario, the users cannot be authenticated correctly in AD FS, and all users are blocked.


This issue occurs because the Web Application Proxy does not detect the update when the AD FS uses a new certificate.

Note During the Web Application Proxy installation, the Web Application Proxy reads the AD FS certificate data so that it can make sure that users are authenticated correctly.


Update information

To resolve this issue, install update rollup 2955164. For more information about how to obtain this update rollup package, click the following article number to view the article in the Microsoft Knowledge Base:

2955164 Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 update rollup: May 2014


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates For more information about Web Application Proxy, go to the following Microsoft website:

Web Application Proxy

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Any additional feedback? (Optional)

Thank you for your feedback!