"No certificate found” error in Remote Connectivity Analyzer and federated users experience authentication issues in Office 365, Azure, and Intune


Federated users in an Active Directory Federation Services (ADFS) environment experience authentication issues in Office 365, Intune, or Azure. When a federated user browses to their ADFS logon page at https://sts.contoso.com/ADFS/LS/IDPinitiatedSignOn.aspx, they receive a message that says that says that there's no Secure Sockets Layer (SSL) certificate. 

Note In the URL, "sts.contoso.com" represents your AD FS federation service name. 

When you run the Single Sign-On Test in Microsoft Remote Connectivity Analyzer (testconnectivity.microsoft.com), the test fails when it tries to contact your ADFS endpoint, and you receive the following error message:
No certificate found


This issue may occur if Transport Layer Security (TLS) 1.0 is disabled on the ADFS server.


Important Follow the steps in this section carefully. Serious problems might occur if you change the registry incorrectly. Before you change it, back up the registry for restoration in case problems occur.

Make sure that TLS 1.0 is enabled on the ADFS servers in your environment. To do this, follow these steps on each server:
  1. In Registry Editor, locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\TLS 1.0
  2. Double-click the Enable DWORD value. If the value in the Value data box is 0, change the value to 1, and then click OK.
  3. Exit Registry Editor, and then restart the server.


For more information about how to enable and disable TLS, see the following Microsoft Knowledge Base article:
187498 How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services
Still need help? Go to Microsoft Community or the Azure Active Directory Forums website. 

Id. de artículo: 3088997 - Última revisión: 28 dic. 2016 - Revisión: 1