If you try to set a primary domain for federation by running the SetMsolDomainAuthentication command, it throws the following error:
SetMsolDomainAuthentication: You cannot remove this domain as the default domain without replacing it with another default domain. Use the SetMsolDomain cmdlet to set another domain as the default domain before you delete this domain.
To fix this issue, change the default domain by performing the following steps:
In the Office 365 portal, click Organization Name on the Admin page.
Click Edit.
Select a new default domain.
This error indicates that you attempted to delete the default domain without replacing it with another domain.
Use the Set-MsolDomain cmdlet to set another domain as the default domain before you delete this domain.
To establish single sign-on from iOS apps to Office 365 services, perform the following steps:
Click Devices > Identity Servers > Edit > Local > Contract.
Specify a name to identity the contract.
Specify the URI as http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password.
Select Name/Password - Form - WebService method.
SSO fails at Microsoft with this error:
Your organization could not sign you in to this service
Perform the following steps to fix this issue:
Verify that the attributes are configured properly.
You can also use the SAML tracer plug-in Firefox to review the SAML assertion sent to Office365.
Verify that federation settings are using the GetMsolDomainFederationSettings DomainName <YOUR DOMAIN> command.
If you try setting up a primary domain for federation by running the SetMsolDomainAuthentication command, it throws the following error:
SetMsolDomainAuthentication: You cannot remove this domain as the default domain without replacing it with another default domain. Use the SetMsolDomain cmdlet to set another domain as the default domain before you delete this domain.
To fix this issue, change the default domain by performing the following steps:
In the Office 365 portal, click Organization Name on the Admin page.
Click Edit.
Select a new default domain.
If the installation of the Directory Synchronization tool fails, check the Event Viewer. Installation may fail if the Microsoft Online Service SignIn Assistant is already installed on the system.
If you need to uninstall the Directory Synchronization tool, log off and then login.
If the Directory Synchronization tool is slow, increase RAM of the server.
If the active profile authentication fails for Microsoft Exchange (Outlook) clients, verify that the necessary DNS records have been added to your DNS.
Manually install Microsoft Online Services Sign-In Assistant, if its installation fails after installing Microsoft Office Professional Plus with this message:
"The Microsoft Online Services Sign In Assistant has experience an error. The error must be resolved before your subscription for this product can be verified. To retry subscription verification, first resolve error message 800704DD or try to manually install the Microsoft Online Services Sign In Assistant...."
After installation is complete, relaunch the service to verify your Office 365 license.
If single sign-on fails, ensure that the ImmutableID and the User Principal Name (UPN) matches the Office 365 user. To get Office 365 user details, log in to using Powershell and execute the following command:
Get-MsolUser -UserPrincipalName user1@namtest.com | fl *
If you receive an error stating that the user does not have license to use Office365, Log in to Office 365 as an administrator and assign required service licenses to the user.
After successfully authenticating to the Office 365 client, if you attempt to log in to the Lync client by using an incorrect username and password, the Lync client uses the details from the previous successful session and tries to get a token from Access Manager. This results in an unending loop.
To resolve this issue, in the Lync client user interface, select the Delete my sign-in info option and log in again.
Issue: Single sign-on to Skype for Business 2016 fails using the Identity Server login page. This issue occurs because Skype for Business 2016 is not compatible with the higher version of jQuery. Access Manager uses a higher version of jQuery to prevent security vulnerabilities.
Fix: To fix this issue, you must replace the higher version of jQuery with lower version (not recommended) by running the following commands in /opt/novell/nam/idp/webapps/nidp/javascript/:
$mv jquery.min.js jquery.min_backup.js
$mv jquery_old.min.js jquery.min.js