First of all, I made the Office 365 setup for a new tenant. The school of my kids decided to test Office 365, right now they are on Google and they want teach the kids more then one cloud application.
For ADFS we already have a Windows Server 2012. So ADFS works great but the MSOL powershell commands are not working with 2012. But only this server has a public certificate, and the URL is used for other services as well. So I just added ADFS 2.0 to another server, moved the signing cert over and started the MSOL powershell commands. Then I just played copycat to get the relying party settings over to the 2012 ADFS server. After ADFS done I installed and ran DirSync. To verify my doing I went to http://outlook.com/domain.org and after ADFS authentication: BUMMER!
"This account can't be used to access Outlook.com"
So I did some web search, but nothing really helpful came up.
So I compared the relying party settings between the ADFS 2.0 server and the 2012 server and found that I missed to configure the hash algorithm to SHA-1. If it is SHA256 you will see the message above.
I suppose this is only one reason when you see that message because the message is kind of generic.
No comments:
Post a Comment