You cannot log on to an AD FS server when you use an alternative UPN suffix account in Windows Server 2012 R2

View products that this article applies to.

Symptoms

Consider the following scenario:

You create domain A, domain B, and an external trust between the domains.
You create an Active Directory Federation Services (AD FS) server that is running Windows Server 2012 R2 in domain A.
You add an alternative user principal name (UPN) suffix in domain B.
You create a user account that uses the alternative UPN suffix in domain B.
You go to the AD FS server sign-in page on a computer in domain A, and then you log on by using the user account.

In this scenario, this issue occurs.

Resolution

To resolve this issue, install update rollup 2975719. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

2975719 August 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top

More Information

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates

↑ Back to the top

Applies to:

↑ Back to the top

Keywords: kbqfe, kbfix, kbsurveynew, kbexpertiseadvanced, kb

↑ Back to the top

Article Info

Article ID	:	2980756
Revision	:	1
Created on	:	1/7/2017
Published on	:	8/12/2014
Exists online	:	False
Views	:	247

Microsoft KB Archive Search

You cannot log on to an AD FS server when you use an alternative UPN suffix account in Windows Server 2012 R2

Symptoms

Resolution

Status

More Information

Applies to: