Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

"User {0} was not recognized by the Microsoft Office 365 authentication system" error after you run the MOSDAL Support Toolkit


View products that this article applies to.

Problem

After you run the Microsoft Online Services Diagnostics and Logging (MOSDAL) Support Toolkit, the Active Directory Federation Services (AD FS) diagnostics log shows the following error:
The user {0} was not recognized by the Microsoft Office 365 authentication system
Note This log is located at \Admin_Applications\SSO_Diagnostic_Tests\ADFSDiagnostic.txt.

Additionally, after you sign in to your Microsoft cloud service such as Office 365, Windows Azure, or Windows Intune by using a federated account, you may receive an "Organization could not sign you in" error message from login.microsoftonline.com.

↑ Back to the top


Cause

This issue may occur if one of the following conditions is true:
  • The on-premises user account and the Office 365 user account weren't correctly prepared for single sign-on (SSO) authentication.
  • The on-premises user account isn't synced correctly with Windows Azure Active Directory (Windows Azure AD).
  • The user principal name (UPN) of the user account changed and the AD FS server is using a cached copy of the old UPN when you're building a claim for access to the cloud service.

↑ Back to the top


Solution

To resolve this issue, use one of the following methods, as appropriate for your situation.

Method 1: Troubleshoot a badly piloted SSO-enabled user ID

To make sure that the affected user ID is piloted correctly as an SSO-enabled user ID, see the following Microsoft Knowledge Base article:
2392130 Troubleshoot user name issues that occur for federated users when they sign in to Office 365, Windows Azure, or Windows Intune

Method 2: Troubleshoot user account synchronization

To troubleshoot problems with specific user objects that aren't syncing correctly to Windows Azure AD, see the following Microsoft Knowledge Base article:
2643629 Individual Active Directory Domain Services objects don't sync to Windows Azure AD

Method 3: Clear the LSA cache of the old UPN

To resolve the problem when AD FS is using a cached copy of an old UPN to build an AD FS claim for access to the cloud service, see Method 2 in the following Microsoft Knowledge Base article:
2535191 "Sorry, but we're having trouble signing you in" and "80048163" error when a federated user tries to sign in to Office 365, Windows Azure, or Windows Intune

↑ Back to the top


More information

Still need help? Go to the Office 365 Community website or the Windows Azure Active Directory Forums website.

↑ Back to the top


Keywords: o365, mosdal4.5, o365022013, o365062011, o365e, o365m, pre-upgrade, after, upgrade, o365a, KB2707367

↑ Back to the top

Article Info
Article ID : 2707367
Revision : 21
Created on : 11/18/2013
Published on : 11/18/2013
Exists online : False
Views : 420