Article ID: 2707335 - View products that this article applies to.
After you run the Microsoft Online Services Diagnostics and Logging (MOSDAL) Support Toolkit, the Active Directory Federation Services (AD FS) diagnostics log contains the following error message:
Note The AD FS diagnostics log is located at \Admin_Applications\SSO_Diagnostic_Tests\ADFSDiagnostic.txt.
The federation metadata document could not be retrieved from AD FS.
This issue may occur if one of the following conditions is true:
To resolve this issue, use one of the following methods, as appropriate for your situation.
Method 1: Troubleshoot AD FS service availability issuesTo investigate and resolve service availability issues with the AD FS service, see the following Microsoft Knowledge Base articles:
(http://support.microsoft.com/kb/2419389/ )Internet browser can't display the AD FS webpage when a federated user tries to sign in to Office 365, Windows Azure, or Windows Intune
(http://support.microsoft.com/kb/2712961/ )How to troubleshoot AD FS endpoint connection issues when users sign in to Office 365, Windows Intune, or Windows Azure
Method 2: Troubleshoot AD FS communication SSL certificate problemsTo investigate and resolve service SSL certificate issues with the AD FS service, see the following Microsoft Knowledge Base article:
(http://support.microsoft.com/kb/2523494/ )You receive a certificate warning from AD FS when you try to sign in to Office 365, Windows Azure, or Windows Intune
Method 3: Reset the AD FS service endpoints to the default configurationTo make sure that the AD FS service endpoints are set up to support single sign-on (SSO) authentication, see the following Microsoft Knowledge Base article:
2712957As soon as the AD FS service endpoints are updated, it's important to also sync the AD FS service metadata to Windows Azure Active Directory (Windows Azure AD). To do this, use the "How to update the configuration of the Office 365 federated domain" section of the following Microsoft Knowledge Base article:
(http://support.microsoft.com/kb/2712957/ )Sign in to Office 365, Windows Azure, or Windows Intune fails after you change the federation service endpoint
(http://support.microsoft.com/kb/2647048/ )How to update or to repair the configuration of the Office 365 federated domain
Still need help? Go to the Office 365 Community
(http://community.office365.com/)website or the Windows Azure Active Directory Forums
Article ID: 2707335 - Last Review: February 26, 2014 - Revision: 18.0
Contact us for more help
Connect with Answer Desk for expert help.