Set-MsolAdfscontext Authentication Error

  • Article

You are setting up Office 365 ADFS/SSO, you are connected to your Office 365 tenant with Microsoft Online Services Module for Windows PowerShell, you are trying to run Set-MsolAdfscontext -Computer <ADFS server FQDN> but keep getting prompted for your Windows credential and eventually receive an authentication error, you make sure that the Windows AD account you use has all the permissions and the ADFS server's FQDN is correct and there is no network issues between your server and the ADFS server, but it just would not let you to set the MSOnline ADFS context.

Turns out the fix is very simple: Run "Enable-PSRemoting -Force"cmdlet before your Set-MsolAdfscontext cmdlet.

This is what you do to set up an Office 365 SSO domain:

$cred=Get-Credential
Connect-MsolService -Credential $cred
Enable-PSRemoting -Force
Set-MsolAdfscontext -Computer <ADFS server FQDN>
New-MsolFederatedDomain -DomainName <Domain FQDN>

Enjoy Office 365!

Zewei Song, Ph.D.
MCPD, MCITP, MCTS: SharePoint 2010, .NET 3.5
Enterprise Services, Microsoft Corporation

This is what you would see in log file for this error:

6/6/2011 2:46:42 PM Command Set- MsolADFSContext invoked.
6/6/2011 2:46:42 PM Creating ADFS Server PS session.
6/6/2011 2:46:42 PM ContextCredentialsCommand : CreatePowerShellSessionToGenevaServer : Invoked.
6/6/2011 2:46:42 PM Creating PS session to ' adfsServer . contoso .com' ADFS server
6/6/2011 2:46:42 PM Connect using current logged-on user creds .
6/6/2011 2:46:42 PM Runspace Connection info: Scheme:http Port:5985, AuthenticationType :Default Uri: adfsServer . contoso .com AppName : wsman , Shell:https:// schemas . microsoft .com/ powershell /Microsoft. PowerShell
6/6/2011 2:46:42 PM Connection Uri: https://adfsServer.contoso.com:5985/wsman/
6/6/2011 2:46:42 PM Opening runspace to 'https:// adfsServer . contoso .com:5985/ wsman /'
6/6/2011 2:46:45 PM System.Management.Automation. Remoting . PSRemotingTransportException : Connecting to remote server failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM . If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: " winrmquickconfig ". For more information, see the about_Remote_Troubleshooting Help topic.
at System.Management.Automation.Runspaces.AsyncResult.EndInvoke()
at System.Management.Automation. Runspaces .Internal. RunspacePoolInternal . EndOpen ( IAsyncResultasyncResult )
at System.Management.Automation.Runspaces.RunspacePool.Open()
at Microsoft.Online.Identity.Federation. Powershell . PowerShellSession . VerifyAndReconnectRunSpacePool ()
6/6/2011 2:46:45 PM fullyQualifiedErrorId : System.Management.Automation. Remoting . PSRemotingDataStructureException
6/6/2011 2:46:45 PM Command failed: Microsoft.Online.Identity.Federation. Powershell . IdentityFederationException : Connecting to remote server failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM . If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: " winrmquickconfig ". For more information, see the about_Remote_Troubleshooting Help topic.
at Microsoft.Online.Identity.Federation. Powershell . PowerShellSession . ParseAndThrowErrorRecord ( ErrorRecorderrorRecord , String overRideErrorId )
at Microsoft.Online.Identity.Federation.Powershell.PowerShellSession.VerifyAndReconnectRunSpacePool()
at Microsoft.Online.Identity.Federation. Powershell . ContextCredentialsCommand . OpenToGenevaServer ( PSCredentialserverCredential )
at Microsoft.Online.Identity.Federation. Powershell . ContextCredentialsCommand .<>c__DisplayClass2.< CreatePowerShellSessionToGenevaServer >b__0()
at Microsoft.Online.Identity.Federation. Powershell .Utility. InvokeOperationWithRetry (Action operation, Type exceptionType , String errorId , Int32 retryCount , Int32 retryWaitTimeInMilliseconds )
6/6/2011 2:46:45 PM Retry errorId : ConnectionToGenevaServerFailed
6/6/2011 2:46:45 PM Retry exception: Microsoft.Online.Identity.Federation. Powershell . IdentityFederationException
6/6/2011 2:46:45 PM Going to sleep mode for 1000 milliseconds before reattempt - 2
6/6/2011 2:46:46 PM Runspace Connection info: Scheme:http Port:5985, AuthenticationType :Default Uri: adfsServer . contoso .com AppName : wsman , Shell:https:// schemas . microsoft .com/ powershell /Microsoft. PowerShell
6/6/2011 2:46:46 PM Connection Uri: https://adfsServer.contoso.com:5985/wsman/
6/6/2011 2:46:46 PM Opening runspace to 'https:// adfsServer . contoso .com:5985/ wsman /'
6/6/2011 2:46:49 PM System.Management.Automation. Remoting . PSRemotingTransportException : Connecting to remote server failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM . If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: " winrmquickconfig ". For more information, see the about_Remote_Troubleshooting Help topic.
at System.Management.Automation.Runspaces.AsyncResult.EndInvoke()
at System.Management.Automation. Runspaces .Internal. RunspacePoolInternal . EndOpen ( IAsyncResultasyncResult )
at System.Management.Automation.Runspaces.RunspacePool.Open()
at Microsoft.Online.Identity.Federation. Powershell . PowerShellSession . VerifyAndReconnectRunSpacePool ()
6/6/2011 2:46:49 PM fullyQualifiedErrorId : System.Management.Automation. Remoting . PSRemotingDataStructureException
6/6/2011 2:46:49 PM Command failed: Microsoft.Online.Identity.Federation. Powershell . IdentityFederationException : Connecting to remote server failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM . If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: " winrmquickconfig ". For more information, see the about_Remote_Troubleshooting Help topic.
at Microsoft.Online.Identity.Federation. Powershell . PowerShellSession . ParseAndThrowErrorRecord ( ErrorRecorderrorRecord , String overRideErrorId )
at Microsoft.Online.Identity.Federation.Powershell.PowerShellSession.VerifyAndReconnectRunSpacePool()
at Microsoft.Online.Identity.Federation. Powershell . ContextCredentialsCommand . OpenToGenevaServer ( PSCredentialserverCredential )
at Microsoft.Online.Identity.Federation. Powershell . ContextCredentialsCommand .<>c__DisplayClass2.< CreatePowerShellSessionToGenevaServer >b__0()
at Microsoft.Online.Identity.Federation. Powershell .Utility. InvokeOperationWithRetry (Action operation, Type exceptionType , String errorId , Int32 retryCount , Int32 retryWaitTimeInMilliseconds )
6/6/2011 2:46:49 PM Retry errorId : ConnectionToGenevaServerFailed
6/6/2011 2:46:49 PM Retry exception: Microsoft.Online.Identity.Federation. Powershell . IdentityFederationException
6/6/2011 2:46:49 PM Going to sleep mode for 2000 milliseconds before reattempt - 3
6/6/2011 2:46:51 PM Runspace Connection info: Scheme:http Port:5985, AuthenticationType :Default Uri: adfsServer . contoso .com AppName : wsman , Shell:https:// schemas . microsoft .com/ powershell /Microsoft. PowerShell
6/6/2011 2:46:51 PM Connection Uri: https://adfsServer.contoso.com:5985/wsman/
6/6/2011 2:46:51 PM Opening runspace to 'https:// adfsServer . contoso .com:5985/ wsman /'
6/6/2011 2:46:54 PM System.Management.Automation. Remoting . PSRemotingTransportException : Connecting to remote server failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM . If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: " winrmquickconfig ". For more information, see the about_Remote_Troubleshooting Help topic.
at System.Management.Automation.Runspaces.AsyncResult.EndInvoke()
at System.Management.Automation. Runspaces .Internal. RunspacePoolInternal . EndOpen ( IAsyncResultasyncResult )
at System.Management.Automation.Runspaces.RunspacePool.Open()
at Microsoft.Online.Identity.Federation. Powershell . PowerShellSession . VerifyAndReconnectRunSpacePool ()
6/6/2011 2:46:54 PM fullyQualifiedErrorId : System.Management.Automation. Remoting . PSRemotingDataStructureException
6/6/2011 2:46:54 PM Command failed: Microsoft.Online.Identity.Federation. Powershell . IdentityFederationException : Connecting to remote server failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM . If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: " winrmquickconfig ". For more information, see the about_Remote_Troubleshooting Help topic.
at Microsoft.Online.Identity.Federation. Powershell . PowerShellSession . ParseAndThrowErrorRecord ( ErrorRecorderrorRecord , String overRideErrorId )
at Microsoft.Online.Identity.Federation.Powershell.PowerShellSession.VerifyAndReconnectRunSpacePool()
at Microsoft.Online.Identity.Federation. Powershell . ContextCredentialsCommand . OpenToGenevaServer ( PSCredentialserverCredential )
at Microsoft.Online.Identity.Federation. Powershell . ContextCredentialsCommand .<>c__DisplayClass2.< CreatePowerShellSessionToGenevaServer >b__0()
at Microsoft.Online.Identity.Federation. Powershell .Utility. InvokeOperationWithRetry (Action operation, Type exceptionType , String errorId , Int32 retryCount , Int32 retryWaitTimeInMilliseconds )
6/6/2011 2:46:54 PM Retry errorId : ConnectionToGenevaServerFailed
6/6/2011 2:46:54 PM Retry exception: Microsoft.Online.Identity.Federation. Powershell . IdentityFederationException
6/6/2011 2:46:54 PM Failure after too many retries attempts..
6/6/2011 2:46:54 PM Wrong credentials to ADFS Server connection, attempt #'1'
6/6/2011 2:46:54 PM Prompting the user for ' adfsServer . contoso .com' ADFS Server creds .
6/6/2011 2:46:54 PM ContextCredentialsCommand:GetServerCredentials: Invoked.