I’ve recently solved a problem with the help of Microsoft Premier Support that didn’t have any references online that I could find.
Looking at the ADFS console under Certificates, the “Service Communications” section had a message of “Certificate not found in store”.
Connecting to the certificate store showed a proper external SSL cert for our UAT ADFS DNS name. Trying the option “Set Service Communications Certificate” in ADFS produced the error:
The Certificate could not be processed. Error message: Object reference not set to an instance of an object.
This error led me to this discussion on the Microsoft forums, with the following command to attempt:
Add–PsSnapin Microsoft.Adfs.PowerShell Set–AdfsCertificate –CertificateType “Service-Communications” –Thumbprint “aa bb cc dd …”
However, when I tried to run this command I repeatedly got the following error:
The type initializer for 'Microsoft.IdentityServer.Dkm.ADRepository' threw an exception. Microsoft.IdentityServer.PowerShell.Commands.SetCertificateCommand
The resolution: run PowerShell as the ADFS service account, and then use the command above to set the certificate. After this, I was able to restart the ADFS service and the console displayed the certificate properly.
I also needed to update the certificate on the ADFS proxy in IIS to get a successful result from the Microsoft Remote Connectivity Analyzer.
