Cannot Publish or Missing Certificates Template

Description:

You created a certificate template in your Windows Enterprise CA. However when you want to publish it, you cannot saw the templates inside the "Enable Certificate Templates" wizard. All other Certification Authority function works normally and you've used the account which has proper permission.

Resolution:

Try to use the following command:
Certutil -setcatemplates +templatename

Note: The plus (+) sign is mandatory. Otherwise it will replace all of the other published template.

WAP and ADFS trust certificate lifetime

Description:

The proxy trust certificate between WAP and ADFS is a rolling certificate which valid for 2 weeks and periodically updated. This is stored in an internal, protected store so we can't see it in any of the usual certificate stores. 

What we see in the local machine store is the initial temporary certificate thumbprint used while the proxy trust is first being established. This explains why the WAP event log error included a strange, unknown certificate thumbprint.

If we leave our WAP server offline for more than 2 weeks, the proxy trust certificate will expire and we’ll need to re-initialise the proxy trust (Install-WebApplicationProxy cmdlet).

This can also happen when we move the VM’s configuration to another storage.

Resolution:

We can solve this issue by setting the following registry key to 1 on the WAP server and re-running post-install config from the Remote Management console:

HKLM\Software\Microsoft\ADFS

ProxyConfigurationStatus

• 1 (not configured)
• 2 (Web Application Proxy is configured)

Intermittent ADFS Event ID 224 & 245 at WAP Server

Description:

At Web Application Proxy Server (WAP) configured to connect to ADFS, you saw several Event ID 224 & 245 intermittently appear. TCP Port 443 are already open between WAP and ADFS.

Resolution:

Make sure you have all the required certificate on WAP server, including the intermediate and trusted root of the SSL certificate.

Error when Configuring Azure AD Connect - Authorization Manager check failed

Description:

When you configure your Azure AD Connect, you encounter Authorization Manager check failed error message.

It said "An error occurred while retrieving the Active Directory Schema. The error are: AuthorizationManager check failed."

Resolution:

Try to manually installing the Microsoft certificate:

1.  Go to C:\Program Files\Microsoft Azure Active Directory Connect\AdSyncConfig\AdSyncConfig.psm1
2. Right click the file, and open properties
3. Go to 'Digital Signatures' tab and open the details for the certificate
4. Click View certificate
5. Click Install certificate for local machine
6. Manually choose to store certificates at 'Trusted publishers'
7. Click Ok to close the certificate wizard.
8. Go Back to the Azure AD Connect Wizard > Click Previous > and Click Next again.

Error when configuring Azure AD Connect at MSOnline.Format.ps1xml file

Description:

When you configure your Azure AD Connect, you encounter Authorization Manager check failed error message.

It said " Unable to retrieve the Azure Active Directory configuration. Errors occurred while reading the format data file: Microsoft.PowerShell, , C:\Program Files\Microsoft Active Directory Connect\AADPowerShell\MSOnline.Format.ps1xml: The file was skipped because of the following validation exception: AuthorizationManager check failed."

Resolution:

Try to manually installing the Microsoft certificate:

1.  Go to C:\Program Files\Microsoft Azure Active Directory Connect\AADPowerShell\MSonline.Format.ps1xml
2. Right click the file, and open properties
3. Go to 'Digital Signatures' tab and open the details for the certificate
4. Click View certificate
5. Click Install certificate for local machine
6. Manually choose to store certificates at 'Trusted publishers'
7. Click Ok to close the certificate wizard.
8. Go Back to the Azure AD Connect Wizard > Click Previous > and Click Next again.