Article ID: 2707369 - View products that this article applies to.
After you run the Microsoft Online Services Diagnostics and Logging (MOSDAL) Support Toolkit, the Active Directory Federation Services (AD FS) diagnostics log shows the following error:
Note This log is located at Admin_Applications\SSO_Diagnostic_Tests\ADFSDiagnostic.txt.
The AD FS Token-Signing certificate found in a token does not match the certificate registered with the Microsoft Office 365 authentication system.
Additionally, when you sign in to your Microsoft cloud service such as Office 365, Microsoft Azure, or Windows Intune by using a federated account, login.microsoftonline.com may return an "Organization could not sign you in" error.
This issue occurs if the AD FS token-signing certificate is expired because AD FS certificate auto-renew is deactivated.
To fix this issue, update the AD FS token-signing certificate info in the Azure Active Directory (Azure AD) authentication system. To do this, see the "How to update the configuration of the Office 365 federated domain" section of the following Microsoft Knowledge Base article:
(http://support.microsoft.com/kb/2647048/ )How to update or repair the settings of a federated domain in Office 365, Azure, or Windows Intune
Still need help? Go to the Office 365 Community
(http://community.office365.com/)website or the Azure Active Directory Forums
Article ID: 2707369 - Last Review: July 9, 2014 - Revision: 20.0