Error message after you run the MOSDAL Support Toolkit: "No token was received from the Microsoft Office 365 authentication system"

Article ID: 2707341 - View products that this article applies to.

Not sure what release of Office 365 you're using? Go to the following Microsoft website:
Am I using Office 365 after the service upgrade?
(http://office.com/redir.aspx?assetid=HA103982331)
Expand all | Collapse all

PROBLEM

After you run the Microsoft Online Services Diagnostics and Logging (MOSDAL) Support Toolkit, the Active Directory Federation Services (AD FS), the following error message is logged in the ADFSDiagnostic.txt diagnostics log file:
No token was received from the Microsoft Office 365 authentication system.
Note The log file is located in the \Admin_Applications\SSO_Diagnostic_Tests\ folder.

Additionally, when you try to sign in to Office 365 resources by using single sign-on (SSO)-enabled user ID credentials, you may receive the following message from login.microsoftonline.com:

"Organization could not sign you in."
Back to the top | Give Feedback

CAUSE

This issue may occur if one of the following conditions is true:
  • The on-premises user account and the Office 365 user ID weren't prepared correctly for SSO authentication.
  • AD FS 2.0 service metadata, relying party trust information, or token-signing certificate information hasn't been updated to the Windows Azure Active Directory (Windows Azure AD) authentication system.
  • An on-premises time issue is causing authentication problems.
  • The user principal name (UPN) of a user account changed and AD FS 2.0 server is using a cached copy of the old UPN when you build a claim for Office 365 access.
Back to the top | Give Feedback

SOLUTION

To resolve this issue, use one of the following methods, as appropriate for your situation.

Method 1: Troubleshoot an incorrectly-piloted SSO-enabled user ID

For information about how to make sure that the affected user ID is piloted correctly as an SSO-enabled user ID, see the following Microsoft Knowledge Base article:

2392130
(http://support.microsoft.com/kb/2392130/ )
Troubleshoot Active Directory user accounts that are piloted as Office 365 SSO-enabled user IDs

Method 2: Update the AD FS 2.0 service metadata to Windows Azure AD

For information about how to update the AD FS 2.0 service metadata, relying party trust, and token-signing certificate information to the Windows Azure AD authentication system, see the "How to update the configuration of the Office 365 federated domain" section of the following Microsoft Knowledge Base article:

2647048
(http://support.microsoft.com/kb/2647048/ )
How to update or to repair the configuration of the Office 365 federated domain

Method 3: Troubleshoot on-premises time synchronization issues

For information about how to resolve on-premises time issues that cause SSO authentication failures, see the following Microsoft Knowledge Base article:

2578667
(http://support.microsoft.com/kb/2578667/ )
"Your organization could not sign you in to this service" error and "80045C06" error code when a federated user tries to sign in to Office 365

Method 4: Clear the LSA cache of the old UPN

For information about how to resolve the problem that occurs when AD FS 2.0 uses a cached copy of an old UPN to build an AD FS 2.0 claim for Office 365 access, see Method 2 of the following Microsoft Knowledge Base article:

2535191
(http://support.microsoft.com/kb/2535191/ )
 "Your organization could not sign you in to this service" error and "80041034" error code when a federated user tries to sign in to the Office 365 portal

Back to the top | Give Feedback

MORE INFORMATION

Still need help? Go to the Office 365 Community
(http://community.office365.com/en-us/default.aspx)
website.
Back to the top | Give Feedback

Properties

Article ID: 2707341 - Last Review: May 15, 2013 - Revision: 10.0
Applies to
  • Microsoft Office 365 for enterprises (pre-upgrade)
  • Microsoft Office 365 for education  (pre-upgrade)
  • Windows Azure Active Directory
Keywords: 
o365 o365a mosdal4.5 o365022013 o365062011 o365e o365m pre-upgrade after upgrade KB2707341
Back to the top | Give Feedback

Give Feedback

 
Back to the topBack to the top