Article ID: 2707341 - View products that this article applies to.
After you run the Microsoft Online Services Diagnostics and Logging (MOSDAL) Support Toolkit, the following error message is logged in the ADFSDiagnostic.txt diagnostics log file:
Note The log file is located in the \Admin_Applications\SSO_Diagnostic_Tests\ folder.
No token was received from the Microsoft Office 365 authentication system.
Additionally, when you try to sign in to your Microsoft cloud service such as Office 365, Microsoft Azure, or Windows Intune by using a federated account, you may receive the following message from login.microsoftonline.com:
"Organization could not sign you in."
This issue may occur if one of the following conditions is true:
To resolve this issue, use one of the following methods, as appropriate for your situation.
Method 1: Troubleshoot an incorrectly-piloted SSO-enabled user IDFor information about how to make sure that the affected user ID is piloted correctly as an SSO-enabled user ID, see the following Microsoft Knowledge Base article:
(http://support.microsoft.com/kb/2392130/ )Troubleshoot user name issues that occur for federated users when they sign in to Office 365, Azure, or Windows Intune
Method 2: Update the AD FS service metadata to Azure ADFor information about how to update the AD FS service metadata, relying party trust, and token-signing certificate information to the Azure AD authentication system, see the "How to update the configuration of the Office 365 federated domain" section of the following Microsoft Knowledge Base article:
(http://support.microsoft.com/kb/2647048/ )How to update or repair the settings of a federated domain in Office 365, Azure, or Windows Intune
Method 3: Troubleshoot on-premises time synchronization issuesFor information about how to resolve on-premises time issues that cause SSO authentication failures, see the following Microsoft Knowledge Base article:
(http://support.microsoft.com/kb/2578667/ )"Sorry, but we're having trouble signing you in" and "80045C06" error when a federated user tries to sign in to Office 365, Azure, or Windows Intune
Method 4: Clear the LSA cache of the old UPNFor information about how to resolve the problem that occurs when AD FS uses a cached copy of an old UPN to build an AD FS claim for access to the cloud service, see Method 2 of the following Microsoft Knowledge Base article:
(http://support.microsoft.com/kb/2535191/ )"Sorry, but we're having trouble signing you in" and "80048163" error when a federated user tries to sign in to Office 365, Azure, or Windows Intune
Still need help? Go to the Office 365 Community
(http://community.office365.com/en-us/default.aspx)website or the Azure Active Directory Forums
Article ID: 2707341 - Last Review: July 9, 2014 - Revision: 23.0