Pages

Thursday, May 24, 2018

Replacing ADFS Proxy Server's SSL certificate with the cmdlet Set-WebApplicationProxySslCertificate throws the error: "A positional parameter cannot be found that accepts argument..."

Problem

You need update the ADFS Proxy server’s certificate as per the following instructions:

Managing SSL Certificates in AD FS and WAP in Windows Server 2016
https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-certificates-ad-fs-wap

image

… but executing the command throws the error:

PS C:\Users\Administrator> Set-WebApplicationProxySslCertificate "54d87e8e2acc62de2d8cff943f8f5ebdd1db330c"
Set-WebApplicationProxySslCertificate : A positional parameter cannot be found that accepts argument
'54d87e8e2acc62de2d8cff943f8f5ebdd1db330c'.
At line:1 char:1
+ Set-WebApplicationProxySslCertificate "54d87e8e2acc62de2d8cff943f8f5ebdd1db330c"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Set-WebApplicationProxySslCertificate], ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.IdentityServer.Management.Proxy.Commands.SetSslCer
   tificateCommand

PS C:\Users\Administrator> Set-WebApplicationProxySslCertificate -thumbprint "54d87e8e2acc62de2d8cff943f8f5ebdd1db330c"

Message                                 Context                                                                  Status
-------                                 -------                                                                  ------
The configuration completed successf... DeploymentSucceeded                                                     Success

PS C:\Users\Administrator> Get-WebApplicationProxySslCertificate

HostName                           PortNumber  CertificateHash
--------                           ----------  ---------------
adfs.domain.com              443      54D87E8E2ACC62DE2D8CFF943F8F5EBDD1DB330C
adfs.domain.com             49443     54D87E8E2ACC62DE2D8CFF943F8F5EBDD1DB330C

PS C:\Users\Administrator>

image

Solution

The reason why this error is thrown is because the cmdlet shown on the website is missing the -Thumprint switch. To correct this, use the same syntax as the cmdlet for the internal ADFS server as shown below:

image

No comments: