Ever faced the requirement of giving permissions to any resource (like folder) while your ASP.NET application’s pool is running under ApplicationPoolIdentity? Few points to understand:
I just came to understand that while using the Step by step guides for ADFS 2.0 alongwith combination of the Virtual machines that are present at connect Microsoft website, you might receive "Service Unavailable" errors while trying to navigate to ADFS asmx services or FederationMetadata.xml file.
The virtual Machines present at Microsoft connect location (below) have the Token-signing certificate and token-decrypting certificates on ContosoDC server expired on April 22 2011. Because of this ADFS is not able to build the certificate chain for these operations and as a result metadata endpoints are not exposed. An end user trying to work with these labs simply doesn’t see federationmetadata.xml file.
While it would take time to get the VMs updated, you can work ahead by renewing the certificates manually. In order to do so folow below steps:
1. Log in as Administrator on ContosoDC
2. Open Powershell in administrative mode and enter the command: "Add-PSSnapin Microsoft.Adfs.Powershell"
3. Enter following commands one by one. After hitting enter, you need to wait till the command prompt returns back.
Update-ADFSCertificate -CertificateType: Token-Signing -Urgent:$true
Update-ADFSCertificate -CertificateType: Token-Decrypting-Urgent:$true
VM Location: http://connect.microsoft.com/site642/Downloads/DownloadDetails.aspx?DownloadID=29506