Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Error message after you run the MOSDAL Support Toolkit: "No token was received from the Microsoft Office 365 authentication system"


View products that this article applies to.

Problem

After you run the Microsoft Online Services Diagnostics and Logging (MOSDAL) Support Toolkit, the Active Directory Federation Services (AD FS), the following error message is logged in the ADFSDiagnostic.txt diagnostics log file:
No token was received from the Microsoft Office 365 authentication system.
Note The log file is located in the \Admin_Applications\SSO_Diagnostic_Tests\ folder.

Additionally, when you try to sign in to Office 365 resources by using single sign-on (SSO)-enabled user ID credentials, you may receive the following message from login.microsoftonline.com:

"Organization could not sign you in."

↑ Back to the top


Cause

This issue may occur if one of the following conditions is true:
  • The on-premises user account and the Office 365 user ID weren't prepared correctly for SSO authentication.
  • AD FS service metadata, relying party trust information, or token-signing certificate information hasn't been updated to the Windows Azure Active Directory (Windows Azure AD) authentication system.
  • An on-premises time issue is causing authentication problems.
  • The user principal name (UPN) of a user account changed and AD FS server is using a cached copy of the old UPN when you build a claim for Office 365 access.

↑ Back to the top


Solution

To resolve this issue, use one of the following methods, as appropriate for your situation.

Method 1: Troubleshoot an incorrectly-piloted SSO-enabled user ID

For information about how to make sure that the affected user ID is piloted correctly as an SSO-enabled user ID, see the following Microsoft Knowledge Base article:

2392130 Troubleshoot Active Directory user accounts that are piloted as Office 365 SSO-enabled user IDs

Method 2: Update the AD FS service metadata to Windows Azure AD

For information about how to update the AD FS service metadata, relying party trust, and token-signing certificate information to the Windows Azure AD authentication system, see the "How to update the configuration of the Office 365 federated domain" section of the following Microsoft Knowledge Base article:

2647048 How to update or to repair the configuration of the Office 365 federated domain

Method 3: Troubleshoot on-premises time synchronization issues

For information about how to resolve on-premises time issues that cause SSO authentication failures, see the following Microsoft Knowledge Base article:

2578667�"Sorry, but we're having trouble signing you in" and "80045C06" error when a federated user tries to sign in to an organizational account

Method 4: Clear the LSA cache of the old UPN

For information about how to resolve the problem that occurs when AD FS uses a cached copy of an old UPN to build an AD FS claim for Office 365 access, see Method 2 of the following Microsoft Knowledge Base article:

2535191 "Sorry, but we're having trouble signing you in" and "80048163" error when a federated user tries to sign in to an organizational account

↑ Back to the top


More information

Still need help? Go to the Office 365 Community�website or�the�Windows Azure Active Directory Forums website.

↑ Back to the top


Keywords: o365, mosdal4.5, o365022013, o365062011, o365e, o365m, pre-upgrade, after, upgrade, o365a, KB2707341

↑ Back to the top

Article Info
Article ID : 2707341
Revision : 14
Created on : 9/30/2013
Published on : 9/30/2013
Exists online : False
Views : 830