Article ID: 2647020 - View products that this article applies to.
When a federated user tries to sign in to a Microsoft cloud service such as Office 365, Microsoft Azure, or Microsoft Intune from a sign-in webpage whose URL starts with "https://login.microsoftonline.com/login," authentication for that user fails. Additionally, the user receives the following error message:
Sorry, but we're having trouble signing you in
Please try again in a few minutes. If this doesn't work, you might want to contact your admin and report the following error:
80041317 or 80043431
This issue occurs when the configuration settings of the federated domain for the on-premises Active Directory Federation Services (AD FS) service and for the Azure Active Directory (Azure AD) authentication system are mismatched. This causes the claim that the AD FS service supplies to be malformed and therefore rejected by the Azure AD authentication system.
Note This can occur after the token-signing certificate is renewed on-premises without updating federation trust data.
To verify that this is the cause of the issue that you're experiencing, follow these steps on a domain-joined computer:
To resolve this issue, use one of the following methods:
Method 1: Update the configuration of the federated domainFor more information about how to do this, see the "How to update the configuration of the Office 365 federated domain" section of the following article in the Microsoft Knowledge Base：
(http://support.microsoft.com/kb/2647048/ )How to update or repair the settings of a federated domain in Office 365, Azure, or Intune
Method 2: Repair the configuration of the federated domainIf method 1 doesn't resolve the issue, try to repair the federated trust. For more information about how to do this, see the "How to repair the configuration of the Office 365 federated domain" section of the following article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/2647048/ )How to update or to repair the configuration of the Office 365 federated domain
Method 3: Manually update the attributes by using the Azure Active Directory Module for Windows PowerShellIf methods 1 and 2 don't resolve the issue, try to manually update the mismatched attributes. In the Windows PowerShell connection that you used to diagnose the issue, run the appropriate cmdlet from the following table:
Collapse this tableExpand this table
Still need help? Go to the Office 365 Community
(http://community.office365.com/)website or the Azure Active Directory Forums
Article ID: 2647020 - Last Review: December 12, 2014 - Revision: 22.0
Contact us for more help