“Identity check failed for outgoing message” error when accessing any Password Reset Webpage after an upgrade or opening the Configuration tool
Complete message reads: “Identity check failed for outgoing message. The expected DNS identity of the remote endpoint was ‘servername.domain.com’ but the remote endpoint provided DNS claim ‘webserveralias.domain.com.’ If this is a legitimate endpoint, you can fix the problem by explicitly specifying DNS identity ‘webserveralias.domain.com’ as the identity property of EndpointAddress when creating channel proxy.”
Possible cause
During installation, you may have used the web server certificate when installing the “server” component instead of the “web” component.
Possible solution
The server component requires a certificate with a CN (common name) that matches the FQDN of the server. This is required for Windows Identity Foundation to work correctly. A self-signed certificate or a certificate with a CN, either public or private, can be used for this function.