This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 92%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EU%3C/text%3E%3C/svg%3E)
Hi,
I have a fairly urgent issue with ADFS service not starting.
The infrastructure is all Server 2019 and the service account password had expired so the ADFS could not auto renew the token signing and decrypting certificate. I know, I should have set the service account password to never expire. My fault.
Right now the service will not start (because the certificate has expired) and powershell commands come up with a communication error:
get-adfsproperties : The communication object, System.ServiceModel.Channels.ServiceChannel, cannot be used for communication because it is in the Faulted state.
I have tried the command "Update-AdfsCertificate -CertificateType Token-Decrypting -Urgent" but that comes up with the same error. As the service will not start I cannot get into the console.
Please help.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 78%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEL%3C/text%3E%3C/svg%3E)
Looks like I've got the same problem, did you ever sort it out?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 67%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
I just encountered this issue in Server 2019. The easiest solution was to just set the clock back to a day when the certificates weren't expired and start the service. Then you can generate the new certificates. I found that the computer clock could only be adjusted via Control Panel "Date and Time" app. This issue is very likely the result of setting the Automatic Renew option to disabled and never manually generating certificates before they expire.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 2%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Hi Nick,
you have just saved me from complete reinstallation, nothing else worked. Much thanks!
can you try to start the service with a different service account?