I had lots of trial and error on this.

You will need SQL Server Management studio if you have errors when raising the behavior level


There is a lot of information online on how to add a secondary so I am going to cover what i did with the errors.  I wish I saved screenshots 🙁

When installing the ADFS role I had the following errors:

  • Certificate mismatch
    • Export the same cert and private key from the primary and import it
  • SPN mismatch or not created for service account
    • setspn -a host/{your_Federation_Service_name} {domain_name}\{service_account}
  • Duplicate Database (This happened after removing the role and adding it again to start over)
    • uninstall WID on server you are trying to make the secondary then go through the add role wizard again

It finally worked.  Now after that I tried to upgrade the behavior level (You could do that before adding the secondary I chose not too because I like making things complicated apparently.)

All of the below steps you will perform on the primary ADFS. I recommend running this command first to test:


On my server I got an error about the database already existing.  This is because I tried this command earlier and the failed database needs removed.  Open SQL Server Management Studio and connect to this location:


You may have to google around for how to connect to the WID database on different versions of windows if the above does not work.

Use Windows authentication to login

Before continuing I did copy all of the WID databases to another location as a backup.  to do this stop adfs service and go to


I copied all of the files from there to a backup location

In hind site however I recommend right clicking on the database I mention below and going to Tasks>Back Up

Expand Databases and delete AdfsConfigurationV4 (for server 2019) If you have server 2016 I think it will be AdfsconfigurationV3

Once doing that all the tests passed however when actually performing the upgrade it kept stopping on an error like so:

User, Group, (service account) already exists in database

I did not know how to resolve this so I changed the adfs service to login as the domain admin instead and the upgrade below completed successfully.  I then changed it back to my service account and restarted the service an it works.