Article ID: 2578667 - View products that this article applies to.
When a federated user tries to sign in to a Microsoft cloud service such as Office 365, Windows Azure, or Windows Intune from a sign-in webpage whose URL starts with https://login.microsoftonline.com/login, authentication for that user is unsuccessful. The user gets the following error message:
Sorry, but we're having trouble signing you in
Please try again in a few minutes. If this doesn't work, you might want to contact your admin and report the following error:
This issue can occur if the time setting in the on-premises environment doesn't match the time setting of the Windows Azure Active Directory (Windows Azure AD) authentication system. Where the time difference between Active Directory Federation Services (AD FS) clients or servers and the Windows Azure AD authentication system is more than 5 minutes, logons by federated users will fail. This may occur if one or more of the following conditions are true:
To resolve this issue, use one of the following methods:
Method 1: Set up client computers and AD FS servers to use the on-premises Active Directory PDC emulator as a Network Time Protocol (NTP) time source
Method 2: Set up the on-premises Active Directory PDC emulator to use a reliable Internet-based NTP time source
Method 3: Update the token validity periodThe token validity period for AD FS should not be less than five minutes. To change the token validity period, go to Claims-based authentication and security token expiration
For more information about how to identify the PDC emulator, go to Identify the PDC emulator
For more information about the Windows Time service, go to Windows Time Service Technical Reference
Still need help? Go to the Office 365 Community
(http://community.office365.com/)website or the Windows Azure Active Directory Forums
Article ID: 2578667 - Last Review: November 13, 2013 - Revision: 22.0
Contact us for more help
Connect with Answer Desk for expert help.