Archive

Posts Tagged ‘ADFS 2.0’

Your organization was not able to sign you in to this service

September 27, 2011 1 comment

Situation: ADFS 2.0, Office 365, Dirsync.

After configuring Dirsync (confirmed working) and ADFS 2.0, to provide single sign-on for Office 365, I was getting the following error:

“Your organization was not able to sign you in to this service”

This message was displayed after going to https://portal.microsoftonline.com and providing my internal AD credentials.

There were no helpful Event Log messages and I spent many hours troubleshooting this issue.

Cause: The “FederationServiceIdentifier” value was not the same on the cloud (Office 365) and my ADFS servers (do not ask me how this could happen). I think this is probably a bug.

Resolution: Compare the “FederationServiceIdentifiervalues in MSOL Module for Windows Powershell.

  1. Fire up the Microsoft Online Services Module for Windows Powershell.
  2. Connect to the MSOL service (http://onlinehelp.microsoft.com/en-us/office365-enterprises/ff652560.aspx)
  3. Once authenticated and connected, get the Federated Domain properties and compare the values.
  4. To get the domain properties type: Get-MsolFederationProperty -DomainName abc.com
  5. You should get results for 2 different sources; Your ADFS Server and something like Microsoft Office 365.
  6. Now, for each source, find the value of “FederationServiceIdentifyer”.
  7. Compare them. They must be exactly the same!!!
  8. If they are not the same, you need to modify your ADFS server so that they match.

To modify the “FederationServiceIdentifyer” value on ADFS server:

  1. Open ADFS 2.0 Management Console.
  2. Right click on the “Service” folder.
  3. Click “Edit Federation Service Properties…”
  4. Modify the “Federation Service Identifyer:” to match EXACTLY the value from the Microsoft Office 365 source (above).
  5. For example http://abc.com.au/adfs/services/trust/
  6. Try logging in at https://portal.microsoftonline.com
  7. Hopefully its working now!

In my case, the ADFS server had the FederationServiceIdentifyer http://fs.abc.com.au/adfs/services/trust/ but the Office 365 FederationServiceIdentifyer was http://abc.com.au/adfs/services/trust (if you can’t spot it, the “fs.” is missing from the front of the ADFS server url).

When I changed the Federation Service Identifyer on my ADFS server to http://abc.com.au/adfs/services/trust, everything worked fine…

Categories: Office 365, Powershell, Windows 2008 Server Tags: , , , ,

Uninstall ADFS 2.0

September 21, 2011 2 comments

Have you noticed that ADFS 2.0 does not appear in Programs and Features?

If you want to uninstall ADFS 2.0, go to Programs and Features and then “View Installed Updates”. Select Active Directory Federation Services and uninstall…

Categories: Active Directory, Office 365, Windows 2008 Server Tags: , , ,