We had an event where our main *.domain.com certificate expired which was used for ADFS and Dynamics CRM. I’ve since replaced the certificate, and ran through ADFS / Dynamics deployment manager multiple times, but the site doesn’t work. Very little useful information either, as we are presented with a login screen ( https://sts1.domain.com ), followed by a very vague error. “Error: There was a problem accessing the site. Try to browse to the site again. If the problem persists, contact admin and provide reference number: fc8c6c13-96fe-4c63-9f2e-30992bdae753” What good are these reference numbers? I don’t see any information online nor anything in event viewer related to them. This was a working environment at one point, until the cert expired and auth broke. I’ve since tried to re-configure many times following this MS doc: download.microsoft.com/…/crmconfigureifd.pdf Things I have checked: – IIS, default website as well as Dynamics CRM site both have the new cert bound to https. -Checked with netsh http sslcert that the new cert is bound to the correct ports. -Browsed to the URL of Relying party’s federation metadata URL, which works and no ssl errors. -Re-setup / re-deployed the ADFS relying party trust multiple times,along with accepted claim types/rules. -Ensured new cert is installed to LOCAL MACHINES personal folder. -Ensured service account used to setup IIS app pool has permissions to the certificate in mmc. -IISreset and multiple server reboots. Can somebody please have a look over my configuration to see if anything sticks out? Anywhere I can look for more clues? Event viewer does not seem to help- seems like Dynamics CRM simply isn’t serving up the page after login. Is there another way to simply gain access to CRM without ADFS? We only need it for local/legacy records access at this point. Note** Something peculiar of note is that https for the default website in IIS is set to port 444- https for microsoft dynamics is bound to 443. I don’t know why this would be. I followed the microsoft guide to reconfigure with our FQDN but I don’t know why port 444 would be coming up in ADFS/login etc. When I go to Dynamics deployment manager and click “Configure claims-based auth” it auto-populates with the https://sts1.domain.com:444/FederationMetadata/…/FederationMetadata.xml URL, then afterwards tells me to set a relying party trust using https://slcrm.domain.com/…/FederationMetadata.xml . Any tips at this point would be helpful, I feel that I’ve exhausted all avenues including complete re-configuration. Some of the values in IIS were present since before my time so I suspect maybe something in there could be a problem? But I’ve researched extensively and have checked everything I could find to pinpoint a problem here.