Expired certificates cannot be removed when automatic certificate rollover is disabled in Windows Server 2012 R2

View products that this article applies to.

Symptoms

Consider the following scenarios:

You install a proxy on a Windows Server 2012 R2-based Active Directory Federation Services (AD FS) server.
You add a proxy trust certificate to the AD FS server.
You disable automatic certificate rollover on the AD FS server.
The certificate expires every 20 days, and the AD FS server renews the trust certificate.

In the scenario, the expired certificates remain present, and they cannot be removed from the Certificate Trust List (CTL).

↑ Back to the top

Resolution

To resolve this issue, install update rollup 2975719. For more information about how to obtain this update rollup package, click the following article number to view the article in the Microsoft Knowledge Base:

2975719 August 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top

More Information

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates

↑ Back to the top

Applies to:

↑ Back to the top

Keywords: kbqfe, kbfix, kbsurveynew, kbexpertiseadvanced, kb

↑ Back to the top

Article Info

Article ID	:	2976996
Revision	:	1
Created on	:	1/7/2017
Published on	:	8/12/2014
Exists online	:	False
Views	:	237

Microsoft KB Archive Search

Expired certificates cannot be removed when automatic certificate rollover is disabled in Windows Server 2012 R2

Symptoms

Resolution

Status

More Information

Applies to: