Error Authenticating with MFA
Question
Wednesday, October 5, 2016 7:04 PM
We recently installed Azure MFA Server on it's own hardware.
We followed all the instructions to setup the server and then added the connector to our ADFS server.
In ADFS we have chosen Azure Mult-Factor Authentication Server.
Other options checked in PRIMARY Global Authentication Policy are Forms Based Authentication for Extranet and Intranet.
When a users access portal.office.com users are redirected to our ADFS to authenticate as expected.
Once the password is entered the user is presented with the following:
For security reasons, we require additional information to verify your account
An error occurred
An error occurred. Contact your administrator for more information.
- Activity ID: 60064e4a-8fad-44e9-934d-1712ec3a7ef5
- Relying party: Microsoft Office 365 Identity Platform
- Error time: Wed, 05 Oct 2016 19:02:13 GMT
- Cookie: enabled
- User agent string: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
We have not been able to figure out what the issue is.
Any help would be greatly appreciated.
Regards,
David
All replies (3)
Thursday, October 6, 2016 10:08 AM
Hello,
Thank you for posting on the Azure forums!
Is this error seen by a specific user or all the users configured to login using MFA see this? by the type of browser used I believe this is a Mac machine used. If possible could this be checked on Internet Explorer as well? Let me know if the same issue persists.
Regards,
Loydon
Thursday, October 6, 2016 1:41 PM
This is happening to all users with MFA enabled.
I did notice in the error the above is from Chrome on a Windows 7 workstation. In IE I get the same result but the User Agent String is slightly different. Here it is below:
- Activity ID: 715d72a4-4b53-4dd2-acd8-821efb919d5d
- Relying party: Microsoft Office 365 Identity Platform
- Error time: Thu, 06 Oct 2016 13:28:20 GMT
- Cookie: enabled
- User agent string: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
I appreciate any help you can provide.
Regards,
David
Monday, October 10, 2016 11:59 AM
Did you restart the ADFS service? Do you have the correct configuration in the ADFSAdaptor.config file?
Have you set Set the UseWebServiceSdk node to true. ?
Can you access the web service SDK from ADFS server? Make sure the URL is correct
https://contoso.com/\<certificatename>/MultiFactorAuthWebServicesSdk/PfWsSdk.asmx
Santhosh Sivarajan | Houston, TX | www.sivarajan.com
ITIL,MCITP,MCTS,MCSE (W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),Network+,CCNA
My Books: | Windows Server Security | Windows Server 2012
Blogs | Twitter | LinkedIn | Facebook|
This posting is provided AS IS with no warranties, and confers no rights.