Hi, I am deploying FIM CM 2010 with MS ADCS 2008 R2 and want my users to get email notification with OTP to renew their certificats when approching expiration date. I followed this article in order to get this workflow work: http://technet.microsoft.com/en-us/library/ee534907(v=ws.10).aspx In order to test my workflow, I manually modify the value of the cert_renew date of an active certificate in the Certificates table to some time in the past, as described in the article, then restarted the service Forefront Identity Manager CM Update Service, but my user test dont get any email notification and the renewal workflow is not initiated. I also restarted FIM CM server, nothing. First, I taught it was an issue of a FIM CM extended permissions since Microsoft dont give any information of what permissions are needed, so I gave full control to the service account of the five extended permissions. The workflow still dont work. Second, I taught it was an issue related to the user account in the database associated to my service account, so I gave the right sysadmin to my database user account. The workflow still dont work. Last, I opened a connection to the FIM CM Portal with the service account, and tried to launch manually the renewal workflow. In this case, my test user gets the email notification with the OTP. My conclusion is that the issue concerns the service Forefront Identity Manager CM Update Service who is even not able to check that the certificate need to be renewed (from the database), or to initiate the renewal workflow. Have you already encountered such an issue? Is there another configuration step to perform in order to get this workflow work? Thank you!