When the Active Directory Federation Services service fails to start because certificates were revoked or have been expired: in best case it’s expired. All internet solutions suggest to run cmdlets. This fails, because the service isn’t started.
The error message points to Could not connect to net.tcp://localhost:1500/policy . The supposed solution? Making sure the ADFS service is running. See the irony here?
What worked in my case: changing the time of the virtual machine to be in the past. Since it was an Azure machine, I had to disable two services: win32time and Hyper-V Time Synchronization. Then, I could change the date to something in the past and I finally managed to get ADFS running. On Google Cloud, I recently encountered the same issue. I also disabled win32time, all Google-related services (bit of an overkill), quickly changed time and managed to get ADFS running.
You could perhaps obtain more info from the SQL or WID database > ADFS > ServiceSettings, which contained the thumbprints in my case.
Hint: you can open the WID database with SQL Server Management Studio (SSMS).
Connection string: np:\.\pipe\MICROSOFT##WID\tsql\query
You should be able to authenticate using the machine’s local admin account.
Then I changed the date/time to the real world time again and ran Update-ADFSCertificate -urgent with success.