wif - ADFS 2.0 Error ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry -

the error:

id4175: issuer of security token not recognized issuernameregistry. accept security tokens issuer, configure issuernameregistry return valid name issuer.

the situation: have 3 or 4 asp.net apps running on single iis server (my qa environment), morning began returning error. start out on anonymous site, click link secure section, redirected federation services proxy, authenticate, , redirected secure page, error appears.

this link , bunch of others indicate thumbprint in web.config wrong, can prove (via history in tfs) thumbprint in web.config file has not changed.

i've tried re-running fedutil, still same message (though comes different thumbprint). ideas?

hate answer own question, looks got bit autocertificaterollover because worked, , re-deployed, replacing web.config , breaking authentication.

this thing, because our production cert expires in 6 weeks, , production doesn't have auto rollover enabled - have had serious issues in production , that's never good.