Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Error message after you run the MOSDAL Support Toolkit: "The WS-Trust endpoint for Windows Integrated Authentication in the AD FS Metadata Exchange (MEX) document does not match the one registered"


View products that this article applies to.

Problem

After you run the Microsoft Online Services Diagnostics and Logging (MOSDAL) Support Toolkit, the Active Directory Federation Services (AD FS) diagnostics log contains the following error message:

The WS-Trust endpoint for Windows Integrated Authentication in the AD FS Metadata Exchange (MEX) document does not match the one registered with the Microsoft Office 365 authentication system.

Note The AD FS diagnostics log is located here:
\Admin_Applications\SSO_Diagnostic_Tests\ADFSDiagnostic.txt
In addition, you may notice the following behavior when you sign in to Office 365 resources by using single sign-on (SSO)-enabled user ID credentials:
You receive the following error message when you connect to the AD FS service:�
"There was a problem accessing this site"

↑ Back to the top


Cause

This issue may occur if one of the following conditions is true:
  • The windowstransport and usernamemixed service endpoints may be disabled in the on-premises AD FS Federation service.�
  • The windowstransport and usernamemixed service endpoints are enabled in the on-premises AD FS Federation service. But these service endpoints were disabled the last time that the�update-MSOLFederatedDomain�cmdlet was run to update Office 365 with AD FS configuration data. To determine whether AD FS metadata isn't updated correctly, see the "Cause" section in the following Microsoft Knowledge Base article: �
    2647020�"Sorry, but we're having trouble signing you in" and "80041317" or "80043431" error when a federated user tries to sign in to Office 365, Windows Azure, or Windows Intune

↑ Back to the top


Solution

To resolve this issue, use one of the following methods, as appropriate for your situation.

Method 1: Reset the AD FS service endpoints to the default configuration

For information about how to make sure that the AD FS service endpoints are set up to support SSO authentication, see the following Microsoft Knowledge Base article: �
2712957�SSO authentication to Office 365 fails after you change AD FS service endpoint settings in the AD FS Management �

Method 2: Make sure that the AD FS service endpoint configuration is updated to Windows Azure AD

For information about how to make sure that the AD FS service endpoint configuration metadata is updated to the Windows Azure Active Directory (Windows Azure AD), see the "How to update the configuration of the Office 365 federated domain" section of the following article: �
2647048 How to update or to repair the configuration of the Office 365 federated domain

↑ Back to the top


More information

Still need help? Go to the Office 365 Community website or the Windows Azure Active Directory Forums website.

↑ Back to the top


Keywords: o365, mosdal4.5, o365022013, o365062011, o365e, o365m, pre-upgrade, after, upgrade, o365a, KB2707379

↑ Back to the top

Article Info
Article ID : 2707379
Revision : 12
Created on : 10/3/2013
Published on : 10/3/2013
Exists online : False
Views : 639