![SurePassID_CMYK_600.png]](https://support.surepassid.com/hs-fs/hubfs/SurePassID_CMYK_600.png?height=40&name=SurePassID_CMYK_600.png){kind=small}
Why does ADFS fail to start after updating the certificates?
Permissions for access to the new ADFS certificate have to be given to the ADFS service account.
With a new certificate selected for service signing, token decrypting, and token signing, a restart of ADFS resulted in the ADFS service not starting with event ID 7023 reported in the System event log.
This is fixed by giving the ADFS_SVC account (service account) permissions to read the certificate’s private key using the certificate management snap-in on the ADFS Server.
The section is accessed via the “Manage Private Keys” option in the context menu for the cert.