GD Bloggers

This is the blog site for Microsoft Global Delivery Communities focused in sharing the technical knowledge about devices, apps and cloud.
Follow Us On Twitter! Subscribe To Our Blog! Contact Us

Office 365 & ADFS - Error when adding the second Federation server: No Certificate Matching the Federation Service

Office 365 & ADFS - Error when adding the second Federation server: No Certificate Matching the Federation Service

  • Comments 4
  • Likes


The symptoms as follow:

- First ADFS server is implemented.

- New Federation service is configured properly.

- ADFS is installed on the second ADFS server.

- When adding the server to the federation farm we receive the following error:

“No certificate matching the Federation Service name were found in the Local Computer certificate store. Install the certificate that represents your Federation Service name in the Local Computer certificate store, and then try again”

The following snapshot represents the error:



Searching ADFS shows some vague words that gave the impression that ADFS requires that the name used for ADFS must be the subject name of the certificate, check the following article as example:

- Review ADFS Requirements:

“The Subject name of this SSL certificate is used to determine the Federation Service name for each instance of AD FS that you deploy. For this reason, you may want to consider choosing a Subject name on any new certification authority (CA)-issued certificates that best represents the name of your company or organization to the cloud service and this name must be Internet-routable. For example, in the diagram provided earlier in this article (see “Phase 2”), the subject name of the certificate would be”

Also when we have configured the first ADFS server and creating the new Federation Farm, you will notice that the wizard shows the certificate subject name as the default until from the drop down you select another name as the following snapshot:


But when adding the second server to the farm it’s not even gave you that option.

So the first thing to think of is that only with the wizard and can be fixed with the command line or not?


Doing a quick search I found this article which is talking about how to create new federation farm using the command fsconfig.exe:

The general syntax of the command:

fsconfig.exe {StandAlone|CreateFarm|CreateSQLFarm|JoinFarm|JoinSQLFarm}

And as per the article the fsconfig command in this folder:

C:\program files\Active Directory Federation Services 2.0

So all we need to do is to follow the same syntax to join an existing farm and we can use the help to get the exact parameters:

Fsconfig joinfarm /help

The command line should be:

fsconfig.exe joinfarm /primarycomputername <<this is the first ADFS server>> /serviceaccount <<service account used with the first server>> /serviceaccountpassword <<password>> /certthumbprint <<the certificate thumbprint>>

The following snapshot shows the result of executing the command:


As the snapshot the configuration is completed successfully and using the command line solved the problem.

  • Question: Does this require using an SQL Farm or can this be done with the Default Windows Internal Database Farm?  Thanks!

  • @Mark: in the above scenario I used WID, the firs server will be primary (read/write mode) second one will be read only, in case of failure of the first one you can promote the second server to be primary as the following article:

  • Thanks!

  • Thanks for the great info. I really loved this. I would like to apprentice at the same time as you amend your web site, how could i subscribe for a blog site?
    For more info on showbox please refer below sites:
    Latest version of Showbox App download for all android smart phones and tablets. - It’s just 2 MB file you can easily get it on your android device without much trouble. Showbox app was well designed application for android to watch movies and TV shows, Cartoons and many more such things on your smartphone.
    For showbox on iOS (iPhone/iPad), please read below articles:
    Showbox for PC articles:
    There are countless for PC clients as it is essentially easy to understand, simple to introduce, gives continuous administration, effectively reasonable. it is accessible at completely free of expense i.e., there will be no establishment charges and after establishment it doesn't charge cash for watching films and recordings. Not simply watching, it likewise offers alternative to download recordings and motion pictures. The accompanying are the strides that are to be taken after to introduce Showbox application on Android. The above all else thing to be done is, go to the Security Settings on your Android telephone, Scroll down and tap on 'Obscure sources'.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment