OWA error after the redirect from office365 login page

Hello everyone,

Before you read this article please mind that my english may not be perfect since it is not my main language.

I have the following problem:

When I want to login with my company e-mail I get redirected and get the following error: ( he error is in dutch)

Er is een fout opgetreden. Neem voor meer informatie contact op met uw beheerder.
Foutdetails
Activity ID: 00000000-0000-0000-3b12-0080000000ea
Relying party: Microsoft Office 365 Identity Platform
Error time: Mon, 21 Mar 2016 07:55:50 GMT
Cookie: enabled
User agent string: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36

On the ADFS server you get an event-log message with event ID 364. But if I am correct this has nothing to do with this problem as this referst to an SSL error or a time mismatch and this is not the case. Also the best practise analizer says everything is ok. Here is error 364 anyway:

Encountered error during federation passive request. 

Additional Data 

Protocol Name: 


Relying Party: 


Exception details: 
Microsoft.IdentityServer.RequestFailedException: MSIS7065: There are no registered protocol handlers on path /adfs/ls to process the incoming request.
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)


Relevant software and hardware:

  • 2x Windows server 2012 with ADFS 3.0
  • 2x Windows server 2012 with ADUC

This is what I already tried:

  • Check if the certificates are not revoked/expired
  • Check if form based authentication is turned on
  • The pre-troubleshoot AFDS check microsoft designed
  • A lot of Microsoft support tickets
  • Check if the federated domains are correct

Additional information

This problem has occured since there has been a power outage. The ADFS server crashed and we installed a new one. When the old ADFS server was repaired and put back online OWA stopped working while the configuration hasn't been changed.

Also It is possible to login using PowerShell 

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

Hi JeroenKoelewijn,

I notice the OWA error is related to sign in process which should be related to the ADFS issue.

To further check it, please provide the following information:

  1. Perform the Office 365 Single Sign-On Test via: https://testconnectivity.microsoft.com/?tabid=o365 using your Office 365 account credentials, then check if the process will be successful. If not, please expand the entire test logs and provide them to us.
  2. You said that you have two ADFS 3.0 servers, do you mean that you have ADFS farms deployed?
  3. If you sign into Office 365 via: https://portal.office.com using the credentials both in internal and external network, do you see any differences?
  4. If you manually type the URL: https://<your federation domain, for example, sts.contoso.com>/adfs/ls/idpinitiatedsignon.aspx in the browser, do you see the correct sign in page? If so, are you able to sign into the page using your Office 365 credentials?
  5. You mentioned that you’ve raised a lot of tickets with our support, can you please provide the ticket numbers to us for reference?

I have sent you a private message to collect the information, please click the link below to read/reply to the message:

https://community.office365.com/user/conversations

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Hello Neo, thank you for replying.

Here are the answers to your questions, I hope you can do something with this.

1. Analyzing the certificate chains for compatibility problems with versions of Windows.

Potential compatibility problems were identified with some versions of Windows.

Additional Details

The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.

Elapsed Time: 1 ms.

This is the only error I get from the single sing-on test

2. Yes we have an ADFS server farm with a load-balancer

3. I see no difference between the internal and external network

4. I can login once, then when I click back the same error page appears

5. I cannot provide you the tickets since I just googled the error and things like: ADFS owa redirect error.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Hi JeroenKoelewijn,

Do you mean the SSO test is successful? Please provide entire SSO test via private message for further checking.

Since you have set up load-balancer for both ADFS servers, we need to narrow down if the issue is related to server or load balancer device. Please write a local host file to point to one of the internal ADFS servers, and test with internal users to see if it works. 

Regards,
Johnny Zhang


Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Hi Johnny,

I will send you the SSO test in a second.

We altered the DNS records to point directly at the ADFS server and tried both of them without success.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Hi JeroenKoelewijn,

You mentioned that you have referred to Johnny’s suggestions to change the DNS records, do you mean that you have tried pointing the DNS record to each ADFS server in turns internally while the issue persists all the way?

Also, according to your test results, the ADFS services should work fine in the external network. Can you please confirm if it’s true?

Besides, on the load balancer, can you please check which ADFS server the relevant sign in requests are redirected to, also do you see any sign in related error logs on the specific server?

To narrow down the issue, I suggest you perform the following steps:

  1. Prepare a test client which a static IP address.
  2. On the load balancer, create a rule/policy to redirect the ADFS requests from the specific IP address to a certain ADFS server in turns, then check if all of them are not working, or just one of them won’t.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Hi JeroenKoelewijn,

Do you have any updates about the issue?

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Hello Neo,

Due to the lack of time, this test will be next week, I will reply when we finished the test.

Thanks,

Jeroen Koelewijn

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Hi JeroenKoelewijn,

Thanks for the updates.

Please feel free to post back with the latest news once you have performed the tests. 

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Hello,

We have decided to ditch the ADFS servers and go to Microsoft exchange online full cloud, thanks for helping me anyway :)

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

I have the similar fault issues mentioned before and searching the root cause.

(Case1)

I want to connect the Microsoft Dynamics (CRM) Online environment from the Add-On Microsoft Outlook Connector CRM 2016 x32 within Microsoft Office 2010 (x32)

I get a Office365 login screen, redirect, fault message (relying party: Microsoft Office 365 Identify Platform

Other solution

You can also choose the option CRM Online from the drop down menu and this is working and connecting stable.

The selection does a discovery on different region numbers in my case using EMEA (crm4) it uses disco.crm4.dynamics.com/.../Discovery.svc

When the user account have access to more then one instance there is a selection option.

(Case2)

I want to connect the Microsoft Dynamics (CRM) Online environment from the Microsoft Power BI Desktop Client (v 2.35.4399.601. 64-bit)

Simulation

company.crm4.dynamics.com/.../organizationData.svc

OData-feed, Organization Account, Sign-on

I get a Office365 login screen, redirect, fault message (relying party: Microsoft Office 365 Identify Platform

Tested from Win7 x64, inside the company’s office.

I have tested "directly from the browser inside the company" and the url is working correctly and the credentials are fine and also on different accounts.

The results from the Office365 connectivity tool

Analyzing the certificate chains for compatibility problems with versions of Windows.

Potential compatibility problems were identified with some versions of Windows.

Additional Details

The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.

Suggestions appreciated :)

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

 
 

Question Info


Last updated March 16, 2021 Views 3,197 Applies to: