This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 71%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDT%3C/text%3E%3C/svg%3E)
We have an issue from ADFS Server itself to login to AzureAD with federated account. We want to convert another UPN Domain from managed to federated, from what I found this needs to be done from the ADFS Server itself (https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/convert-a-managed-domain-in-azure-ad-to-a-federated-domain-using/ba-p/258963).
We have no issues with logins from any other PC, Site, browser etc. I can hardly remember, we had this issue in the past, several years ago when we converted our second domain from managed to federated. but I cannot recall how we solved it back then.
We get an error from PowerShell CLI as well as from a browser login attempt.
From Powershell:
Connect-MSOLService
Connect-MSOLService : Authentication Error: Unexpected authentication failure.
At line:1 char:1
+ Connect-MSOLService
+ ~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [Connect-MsolService], Exception
+ FullyQualifiedErrorId : System.Exception,Microsoft.Online.Administration.Automation.ConnectMsolService
From browser:
Message: AADSTS50107: The requested federation realm object 'http://domainname.intra/adfs/services/trust/' does not exist.
But then I figured this error only shows up in Internet Explorer, with Edge or Chrome it works, but still not from PowerShell
If I run Get-PSRepository on my ADFS server, I get an empty list, while on another server it lists PSGallery
Get-PSRepository
WARNING: Unable to find module repositories.
PS C:\Windows\system32> get-psrepository
Name InstallationPolicy SourceLocation
---- ------------------ --------------
PSGallery Untrusted https://www.powershellgallery.com/api/v2
But if I want to add it to my ps repository, it says
Get-PSGalleryApiAvailability : PowerShell Gallery is currently unavailable. Please try again later.
Still https://www.powershellgallery.com/api/v2 returns xml content in browser
Any idea how to get my Connect-MSOLService command work on my ADFS Server?
BTW: on my failover ADFS where get-psrepository lists PSGallery, after running [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 I can succesfully run Connect-MsolService afterwards. But onmy primary ADFS I cannot add PSGallery.
And secondary ADFS server is read-only so Get-MsolFederationProperty -Domainname domain.com returns
Get-MsolFederationProperty : PS0033: This cmdlet cannot be executed from a secondary server in a local database farm........
kind regards,
Dieter
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 1%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
just had the same experience, couldnt update MSonline till [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 was ran.
but now all ok.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 12%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBA%3C/text%3E%3C/svg%3E)
This worked for me. Thanks!!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 67%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOS%3C/text%3E%3C/svg%3E)
This answer helped also running .\AzureMfaNpsExtnConfigSetup.ps1 with that error...just ran [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 on our Essentials role enanbled 2016 server.
If I try so it gives me this:
PS C:\Users\administrator.MOBILEXNEW> Install-Module -Name MSOnline -Force
NuGet provider is required to continue
PowerShellGet requires NuGet provider version '2.8.5.201' or newer to interact with NuGet-based repositories. The NuGet provider must be available in 'C:\Program Files\PackageManagement\ProviderAssemblies' or
'C:\Users\administrator.MOBILEXNEW\AppData\Local\PackageManagement\ProviderAssemblies'. You can also install the NuGet provider by running 'Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force'. Do you want PowerShellGet to install and import the NuGet provider now?
[Y] Yes [N] No [S] Suspend [?] Help (default is "Y"): y
WARNING: Unable to download from URI 'https://go.microsoft.com/fwlink/?LinkID=627338&clcid=0x409' to ''.
WARNING: Unable to download the list of available providers. Check your internet connection.
PackageManagement\Install-PackageProvider : No match was found for the specified search criteria for the provider 'NuGet'. The package provider requires 'PackageManagement' and 'Provider' tags. Please check if the specified package has the tags.
At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7405 char:21
+ ... $null = PackageManagement\Install-PackageProvider -Name $script:N ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (Microsoft.Power...PackageProvider:InstallPackageProvider) [Install-PackageProvider], Exception
+ FullyQualifiedErrorId : NoMatchFoundForProvider,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackageProvider
PackageManagement\Import-PackageProvider : No match was found for the specified search criteria and provider name 'NuGet'. Try 'Get-PackageProvider -ListAvailable' to see if the provider exists on the system.
At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7411 char:21
+ ... $null = PackageManagement\Import-PackageProvider -Name $script:Nu ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (NuGet:String) [Import-PackageProvider], Exception
+ FullyQualifiedErrorId : NoMatchFoundForCriteria,Microsoft.PowerShell.PackageManagement.Cmdlets.ImportPackageProvider
WARNING: Unable to download from URI 'https://go.microsoft.com/fwlink/?LinkID=627338&clcid=0x409' to ''.
WARNING: Unable to download the list of available providers. Check your internet connection.
PackageManagement\Get-PackageProvider : Unable to find package provider 'NuGet'. It may not be imported yet. Try 'Get-PackageProvider -ListAvailable'.
At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7415 char:30
+ ... tProvider = PackageManagement\Get-PackageProvider -Name $script:NuGet ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Microsoft.Power...PackageProvider:GetPackageProvider) [Get-PackageProvider], Exception
+ FullyQualifiedErrorId : UnknownProviderFromActivatedList,Microsoft.PowerShell.PackageManagement.Cmdlets.GetPackageProvider
Install-Module : NuGet provider is required to interact with NuGet-based repositories. Please ensure that '2.8.5.201' or newer version of NuGet provider is installed.
At line:1 char:1
+ Install-Module -Name MSOnline -Force
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Install-Module], InvalidOperationException
+ FullyQualifiedErrorId : CouldNotInstallNuGetProvider,Install-Module
It's also weird that also get-psrepository returns:
PS C:\Users\administrator.MOBILEXNEW> get-psrepository
WARNING: MSG:UnableToDownload «https://go.microsoft.com/fwlink/?LinkID=627338&clcid=0x409» «»
WARNING: Unable to download the list of available providers. Check your internet connection.
WARNING: Unable to find module repositories.
But from the same machine I can browse https://go.microsoft.com/fwlink/?LinkID=627338&clcid=0x409 and do get an XML content.
Once I run [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 and Get-PSrepository afterwards, I just do get Unable to find module repositories.
Finaly I made it work this way:
Hello there,
Try installing the new MSOnline Powershell module with the following command in a Powershell prompt with administrator permissions:
Install-Module -Name MSOnline -Force
I think the older module must have been using an API or service endpoint that was retired somewhere in the last couple of weeks.
Also, try Uninstalling the Azure AD Powershell module from the Windows control panel. This module is obsolete.
---------------------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept it as an answer–
Hi there!
We ran into the same issue and the permanent fix was to enable TLS 1.2 on the ADFS server(s) you use to connect to Azure AD by making a few registry changes.
More information on this, including PowerShell scripts to automate how to check status and enable TLS 1.2, can be found here:
https://learn.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-tls-enforcement
More details on why this change is required:
https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/enable-support-tls-environment?tabs=azure-monitor
I hope this helps!
Can I ask why are you moving a domain from managed auth to federated auth?