Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Error message after you run the MOSDAL Support Toolkit: "The federation metadata document could not be retrieved from AD FS"


View products that this article applies to.

Problem

After you run the Microsoft Online Services Diagnostics and Logging (MOSDAL) Support Toolkit, the Active Directory Federation Services (AD FS) diagnostics log contains the following error message:

The federation metadata document could not be retrieved from AD FS.

Note The AD FS diagnostics log is located here:
\Admin_Applications\SSO_Diagnostic_Tests\ADFSDiagnostic.txt

↑ Back to the top


Cause

This issue may occur if one of the following conditions is true:
  • AD FS Federation or Proxy services are unavailable.
  • There is a Secure Sockets Layer (SSL) certificate issue.
  • The Federation Metadata service endpoint may be disabled in the on-premises AD FS Federation service.

↑ Back to the top


Solution

To resolve this issue, use one of the following methods, as appropriate for your situation.

Method 1: Troubleshoot AD FS service availability issues

To investigate and resolve service availability issues with the AD FS service, see the following Microsoft Knowledge Base articles: �
2419389�Internet browser cannot display the AD FS webpage when a federated user tries to sign in to Office 365 web resources �

2712961�How to troubleshoot the AD FS connection

Method 2: Troubleshoot AD FS�communication SSL certificate problems

To investigate and resolve service SSL certificate issues with the AD FS service, see the following Microsoft Knowledge Base article: �
2523494�You receive a certificate warning from AD FS when you access Office 365 web resources by using a federated account �

Method 3: Reset the AD FS�service endpoints to the default configuration

To make sure that the AD FS service endpoints are set up to support SSO authentication, see the following Microsoft Knowledge Base article:
2712957�SSO authentication to Office 365 fails after you change AD FS service endpoint settings in the AD FS Management Console�
As soon as the AD FS service endpoints are updated, it's important to also sync the AD FS service metadata to Windows Azure Active Directory (Windows Azure AD). To do this, use the "How to update the configuration of the Office 365 federated domain" section of the following Microsoft Knowledge Base article: �
2647048 How to update or to repair the configuration of the Office 365 federated domain

↑ Back to the top


More information

Still need help? Go to the Office 365 Community�website or�the�Windows Azure Active Directory Forums website.

↑ Back to the top


Keywords: o365, mosdal4.5, o365022013, after, upgrade, o365062011, pre-upgrade, o365e, o365m, o365a, KB2707335

↑ Back to the top

Article Info
Article ID : 2707335
Revision : 12
Created on : 9/30/2013
Published on : 9/30/2013
Exists online : False
Views : 652