Article ID: 2707336 - View products that this article applies to.
After you run the Microsoft Online Services Diagnostics and Logging (MOSDAL) Support Toolkit, the Active Directory Federation Services (AD FS) diagnostics log contains the following error message:
Note The AD FS diagnostics log is located at \Admin_Applications\SSO_Diagnostic_Tests\ADFSDiagnostic.txt.
There was no response from the federation server when the tool attempted to retrieve a Metadata Exchange (MEX) document.
Additionally, you may notice one of the following symptoms when you sign in to your Microsoft cloud service such as Office 365, Microsoft Azure, or Windows Intune by using a federated account:
This issue may occur if one of the following conditions is true:
To resolve this issue, use one of the following methods, as appropriate for your situation.
Method 1: Troubleshoot AD FS connectivityTroubleshoot AD FS service problems that might limit connectivity by using the following Microsoft Knowledge Base article:
(http://support.microsoft.com/kb/2419389/ )Internet browser can't display the AD FS webpage when a federated user tries to sign in to Office 365, Azure, or Windows Intune
Method 2: Troubleshoot AD FS Proxy server functionalityIf the sign-in problems that are described earlier only occur when you are connected to AD FS from outside the on-premises network, use the following Microsoft Knowledge Base article to troubleshoot AD FS Proxy service problems that might limit connectivity:
(http://support.microsoft.com/kb/2712961/ )How to troubleshoot AD FS endpoint connection issues when users sign in to Office 365, Windows Intune, or Azure
Method 3: Update the AD FS service metadata to Azure ADIf the sign-in problems that are described earlier begin to occur after the service name of the AD FS Federation service farm is changed, the new MEX endpoint address must be updated in Azure AD. To do this, use the "How to update the configuration of the Office 365 federated domain" of the following Microsoft Knowledge Base article:
(http://support.microsoft.com/kb/2647048/ )How to update or repair the settings of a federated domain in Office 365, Azure, or Windows Intune
Method 4: Troubleshoot AD FS SSL certificate problemsIf a sign-in attempt to the cloud service results in a certificate warning from the AD FS server, use the following Microsoft Knowledge Base article to troubleshoot SSL certificate problems:
(http://support.microsoft.com/kb/2523494/ )You receive a certificate warning from AD FS when you try to sign in to Office 365, Azure, or Windows Intune
Method 5: Troubleshoot split-brain DNS problems for AD FS service name resolutionTo troubleshoot split-brain DNS configuration problems with the on-premises network, use the following Microsoft Knowledge Base article:
(http://support.microsoft.com/kb/2715326/ )Split-brain DNS misconfiguration prevents seamless SSO sign-in experience
Still need help? Go to the Office 365 Community
(http://community.office365.com/)website or the Azure Active Directory Forums
Article ID: 2707336 - Last Review: July 9, 2014 - Revision: 19.0