Consider the following scenario. You update the relying party trust with Microsoft Azure Active Directory (Azure AD) in Active Directory Federation Services (AD FS) 2.0 by using the procedures that are described in one of the following resources:
However, after you do this, authentication fails for federated users when they try to sign in to a Microsoft cloud service such as Office 365, Azure, or Microsoft Intune from a sign-in webpage whose URL starts with https://login.microsoftonline.com/login. After the user clicks Sign in at <DomainName> on the webpage, the user gets the following error message:
Sorry, but we're having trouble signing you in
Please try again in a few minutes. If this doesn't work, you might want to contact your admin and report the following error: 8004789A
To resolve this issue, install Update Rollup 1 for AD FS 2.0 on all AD FS 2.0 Federation Service farm nodes. For more info about how to download and install Update Rollup 1 for AD FS 2.0, see the following Microsoft Knowledge Base article:
2607496 Description of Update Rollup 1 for Active Directory Federation Services (AD FS) 2.0
Note This update requires a restart of the computer.
To use multiple top level domains or client access policies, you must install Update Rollup 1 for Active Directory Federation Services (AD FS) 2.0.
Microsoft Azure cloud services, Microsoft Azure Active Directory, Microsoft Office 365, Microsoft Intune, CRM Online via Office 365 E Plans, Microsoft Azure Recovery Services, Office 365 Identity Management