Sign in with Microsoft
Sign in or create an account.
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.


Multi-Factor Authentication (MFA) fallback authentication fails through the Active Directory Federation Services (ADFS) Proxy.


This issue occurs because of a hard-coded time-out limit in ADFS proxy code. When the time-out occurs, you are prevented from accessing applications.


To fix this issue, install the May 2016 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 (KB3156418).


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information

Configuring time-out example

Following is an example of the Windows Management Instrumentation (WMI) way of updating time-out:

  • Commands to update time-out need to be executed in the elevated PowerShell mode on the proxy computer. The steps are as follows:

    $x=Get-WmiObject -class ProxyService -namespace root/ADFS

  • The example sets time-out to 300 seconds (5 minutes), reflected in C:\windows\adfs\Config\microsoft.proxyservice.config.txt.

Note Always configure connectionTimeoutInSec in C:\windows\adfs\Config\microsoft.proxyservice.config.txt by using WMI as explained above. We don't recommend you configure connectionTimeoutInSec manually. 

Uninstallation information

If you uninstall the package, the timeout settings are still in the file. Therefore, when you restart the proxy service, it fails stating that connectionTimeoutInSec (previous entry) is unknown. To fix this, manually remove the connectionTimeoutInSec property from the config file.


Learn about the terminology that Microsoft uses to describe software updates.

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Thank you for your feedback!