"Sorry, but we're having trouble signing you in" and "8004789A" error when a federated user tries to sign in to Office 365, Azure, or Intune

Applies to: Cloud Services (Web roles/Worker roles)Azure Active DirectoryMicrosoft Intune More

PROBLEM

Consider the following scenario. You update the relying party trust with Microsoft Azure Active Directory (Azure AD) in Active Directory Federation Services (AD FS) 2.0 by using the procedures that are described in one of the following resources:

The following Microsoft TechNet article: Limiting Access to Office 365 Services Based on the Location of the Client
The following article:
2618887 "Federation service identifier specified in the AD FS 2.0 server is already in use." error when you try to set up another federated domain in Office 365, Azure, or Intune

However, after you do this, authentication fails for federated users when they try to sign in to a Microsoft cloud service such as Office 365, Azure, or Microsoft Intune from a sign-in webpage whose URL starts with https://login.microsoftonline.com/login. After the user clicks Sign in at <DomainName> on the webpage, the user gets the following error message:

Sorry, but we're having trouble signing you in

Please try again in a few minutes. If this doesn't work, you might want to contact your admin and report the following error:
8004789A

SOLUTION

To resolve this issue, install Update Rollup 1 for AD FS 2.0 on all AD FS 2.0 Federation Service farm nodes. For more info about how to download and install Update Rollup 1 for AD FS 2.0, see the following Microsoft Knowledge Base article:

2607496 Description of Update Rollup 1 for Active Directory Federation Services (AD FS) 2.0

Note This update requires a restart of the computer.

MORE INFORMATION

To use multiple top level domains or client access policies, you must install Update Rollup 1 for Active Directory Federation Services (AD FS) 2.0.

Still need help? Go to Microsoft Community or the Azure Active Directory Forums website.

Last Updated: Sep 21, 2018