An Error Occurred During an Attempt to Read the Federation Metadata

windows-server.jpg

During a routine updating of certificates I noticed this error within the AD FS management console. After further investigation it looks like some relaying party’s are now using TLS 1.2 instead of the legacy 1.0 and 1.1 protocols.

To fix simply run the following commands as an administrator in Power Shell. This machine happened to be running Windows Server 2012 R2.


New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Force | Out-Null

New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'Enabled' -value '1' -PropertyType 'DWord' -Force | Out-Null

New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'DisabledByDefault' -value 0 -PropertyType 'DWord' -Force | Out-Null

New-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -name 'SchUseStrongCrypto' -value '1' -PropertyType 'DWord' -Force | Out-Null

Once complete close the AD FS management console and reopen. Right click your relying party trust(s) that have the error and click “Update from Federation Metadata”.


<
>