We're running a CRM 2011 Internet-Facing Deploying with ADFS. When we try to install the Front-End server role on our existing CRM deployment, we get the following error message: "The encryption certificate 'CN=*.example.com, OU=Domain Control Validated,
O=*.example.com' cannot be accessed by the CRM service account.
We went to the local certificate store on the new front-end server and verified that the certificate was installed in the personal store and that the crm service account did have read permission on the private key for the certificate but we were still
getting the error. Unable to resolve this issue, we disabled IFD and Claims auth then installed CRM successfully then reenabled IFD and Claims. We haven't had any issues using the new server - Claims Authentication seems to work perfectly. Unfortunately, we've
continued to have this problem on each new Front-End server since we enabled Claims.
Is this due to some configuration error on our part? Is there a more correct way to install the new front-end server without having to disable Claims Auth temporarily?