"Sorry, but we're having trouble signing you in" and "80045C06" error when a federated user tries to sign in to Office 365, Azure, or Windows Intune

Article translations Article translations
Article ID: 2578667 - View products that this article applies to.
Expand all | Collapse all

PROBLEM

When a federated user tries to sign in to a Microsoft cloud service such as Office 365, Microsoft Azure, or Windows Intune from a sign-in webpage whose URL starts with https://login.microsoftonline.com/login, authentication for that user is unsuccessful. The user gets the following error message:
Sorry, but we're having trouble signing you in

Please try again in a few minutes. If this doesn't work, you might want to contact your admin and report the following error:
80045C06

CAUSE

This issue can occur if the time setting in the on-premises environment doesn't match the time setting of the Microsoft Azure Active Directory (Azure AD) authentication system. Where the time difference between Active Directory Federation Services (AD FS) clients or servers and the Azure AD authentication system is more than 5 minutes, logons by federated users will fail. This may occur if one or more of the following conditions are true:
  • The client computer or computers aren't syncing correctly with the on-premises Active Directory.
  • The AD FS service components aren't syncing correctly with the on-premises Active Directory.
  • The on-premises Active Directory Primary Domain Controller (PDC) emulator isn't syncing to an accurate Internet time source.
  • The token validity period for AD FS claims is too short.

SOLUTION

To resolve this issue, use one of the following methods:

Method 1: Set up client computers and AD FS servers to use the on-premises Active Directory PDC emulator as a Network Time Protocol (NTP) time source

  1. Set up client computers and the AD FS servers to correctly sync time from the on-premises Active Directory PDC emulator. For more info about how to do this, go to Configure a client computer for automatic domain time synchronization.
  2. Make sure that IP connectivity between client computers and AD FS servers and the on-premises Active Directory PDC emulator is available on UDP port 123.

Method 2: Set up the on-premises Active Directory PDC emulator to use a reliable Internet-based NTP time source

  1. Set up the on-premises Active Directory PDC emulator to sync time from a trusted Internet NTP source. For more info about how to do this, go to Configuring a time source for the forest.
  2. Make sure that IP connectivity between the Active Directory PDC Emulator and the Internet time source is available on UDP port 123.

Method 3: Update the token validity period

The token validity period for AD FS should not be less than five minutes. To change the token validity period, go to Claims-based authentication and security token expiration.

MORE INFORMATION

For more information about how to identify the PDC emulator, go to Identify the PDC emulator.

For more information about the Windows Time service, go to Windows Time Service Technical Reference.

Still need help? Go to the Office 365 Community website or the Azure Active Directory Forums website.

Properties

Article ID: 2578667 - Last Review: July 15, 2014 - Revision: 25.0
Applies to
  • Microsoft Azure
  • Microsoft Azure Active Directory
  • Microsoft Office 365
  • Windows Intune
  • CRM Online via Office 365 E Plans
  • Microsoft Azure Recovery Services
  • Office 365 Identity Management
Keywords: 
o365 o365a mosdal4.5 o365e o365022013 o365m KB2578667

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com