Working with a customer recently, we ran into problems with RU3 and the sharing of SAML signing certificates between RPs in their test environment. After applying RU3, as mentioned in the previous post, additional manual actions are required. However, it turns out, following a nice long troubleshooting call with those lovely folks at support, that there are is more to this tale:

1. The PostReleaseSchemaChanges.ps1 script applies only to AD FS Windows Internal Database (WID) configurations. The script is provided with the RU3 update under the SQL sub-folder.

2. AD FS SQL database configurations need to run a script locally on a SQL Server node. This file is known as RelaxedRequestSigningCertsv2.sql  and is available via a newly updated article on the support site (KB 2790338) or directly via the following link:

http://gallery.technet.microsoft.com/scriptcenter/SQL-script-to-relax-unique-5ce353d1

The updated release notes for RU3 can be found here:

http://support.microsoft.com/kb/2790338

Please read, share and alert your fellow AD FS brethren