Set-MsolAdfscontext Authentication Error
You are setting up Office 365 ADFS/SSO, you are connected to your Office 365 tenant with Microsoft Online Services Module for Windows PowerShell, you are trying to run Set-MsolAdfscontext -Computer <ADFS server FQDN> but keep getting prompted for your Windows credential and eventually receive an authentication error, you make sure that the Windows AD account you use has all the permissions and the ADFS server's FQDN is correct and there is no network issues between your server and the ADFS server, but it just would not let you to set the MSOnline ADFS context.
Turns out the fix is very simple: Run "Enable-PSRemoting -Force"cmdlet before your Set-MsolAdfscontext cmdlet.
This is what you do to set up an Office 365 SSO domain:
$cred=Get-Credential
Connect-MsolService -Credential $cred
Enable-PSRemoting -Force
Set-MsolAdfscontext -Computer <ADFS server FQDN>
New-MsolFederatedDomain -DomainName <Domain FQDN>
Enjoy Office 365!
Zewei Song, Ph.D.
MCPD, MCITP, MCTS: SharePoint 2010, .NET 3.5
Enterprise Services, Microsoft Corporation
This is what you would see in log file for this error:
6/6/2011 2:46:42 PM Command Set- MsolADFSContext invoked.
6/6/2011 2:46:42 PM Creating ADFS Server PS session.
6/6/2011 2:46:42 PM ContextCredentialsCommand : CreatePowerShellSessionToGenevaServer : Invoked.
6/6/2011 2:46:42 PM Creating PS session to ' adfsServer . contoso .com' ADFS server
6/6/2011 2:46:42 PM Connect using current logged-on user creds .
6/6/2011 2:46:42 PM Runspace Connection info: Scheme:http Port:5985, AuthenticationType :Default Uri: adfsServer . contoso .com AppName : wsman , Shell:https:// schemas . microsoft .com/ powershell /Microsoft. PowerShell
6/6/2011 2:46:42 PM Connection Uri: https://adfsServer.contoso.com:5985/wsman/
6/6/2011 2:46:42 PM Opening runspace to 'https:// adfsServer . contoso .com:5985/ wsman /'
6/6/2011 2:46:45 PM System.Management.Automation. Remoting . PSRemotingTransportException : Connecting to remote server failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM . If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: " winrmquickconfig ". For more information, see the about_Remote_Troubleshooting Help topic.
at System.Management.Automation.Runspaces.AsyncResult.EndInvoke()
at System.Management.Automation. Runspaces .Internal. RunspacePoolInternal . EndOpen ( IAsyncResultasyncResult )
at System.Management.Automation.Runspaces.RunspacePool.Open()
at Microsoft.Online.Identity.Federation. Powershell . PowerShellSession . VerifyAndReconnectRunSpacePool ()
6/6/2011 2:46:45 PM fullyQualifiedErrorId : System.Management.Automation. Remoting . PSRemotingDataStructureException
6/6/2011 2:46:45 PM Command failed: Microsoft.Online.Identity.Federation. Powershell . IdentityFederationException : Connecting to remote server failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM . If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: " winrmquickconfig ". For more information, see the about_Remote_Troubleshooting Help topic.
at Microsoft.Online.Identity.Federation. Powershell . PowerShellSession . ParseAndThrowErrorRecord ( ErrorRecorderrorRecord , String overRideErrorId )
at Microsoft.Online.Identity.Federation.Powershell.PowerShellSession.VerifyAndReconnectRunSpacePool()
at Microsoft.Online.Identity.Federation. Powershell . ContextCredentialsCommand . OpenToGenevaServer ( PSCredentialserverCredential )
at Microsoft.Online.Identity.Federation. Powershell . ContextCredentialsCommand .<>c__DisplayClass2.< CreatePowerShellSessionToGenevaServer >b__0()
at Microsoft.Online.Identity.Federation. Powershell .Utility. InvokeOperationWithRetry (Action operation, Type exceptionType , String errorId , Int32 retryCount , Int32 retryWaitTimeInMilliseconds )
6/6/2011 2:46:45 PM Retry errorId : ConnectionToGenevaServerFailed
6/6/2011 2:46:45 PM Retry exception: Microsoft.Online.Identity.Federation. Powershell . IdentityFederationException
6/6/2011 2:46:45 PM Going to sleep mode for 1000 milliseconds before reattempt - 2
6/6/2011 2:46:46 PM Runspace Connection info: Scheme:http Port:5985, AuthenticationType :Default Uri: adfsServer . contoso .com AppName : wsman , Shell:https:// schemas . microsoft .com/ powershell /Microsoft. PowerShell
6/6/2011 2:46:46 PM Connection Uri: https://adfsServer.contoso.com:5985/wsman/
6/6/2011 2:46:46 PM Opening runspace to 'https:// adfsServer . contoso .com:5985/ wsman /'
6/6/2011 2:46:49 PM System.Management.Automation. Remoting . PSRemotingTransportException : Connecting to remote server failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM . If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: " winrmquickconfig ". For more information, see the about_Remote_Troubleshooting Help topic.
at System.Management.Automation.Runspaces.AsyncResult.EndInvoke()
at System.Management.Automation. Runspaces .Internal. RunspacePoolInternal . EndOpen ( IAsyncResultasyncResult )
at System.Management.Automation.Runspaces.RunspacePool.Open()
at Microsoft.Online.Identity.Federation. Powershell . PowerShellSession . VerifyAndReconnectRunSpacePool ()
6/6/2011 2:46:49 PM fullyQualifiedErrorId : System.Management.Automation. Remoting . PSRemotingDataStructureException
6/6/2011 2:46:49 PM Command failed: Microsoft.Online.Identity.Federation. Powershell . IdentityFederationException : Connecting to remote server failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM . If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: " winrmquickconfig ". For more information, see the about_Remote_Troubleshooting Help topic.
at Microsoft.Online.Identity.Federation. Powershell . PowerShellSession . ParseAndThrowErrorRecord ( ErrorRecorderrorRecord , String overRideErrorId )
at Microsoft.Online.Identity.Federation.Powershell.PowerShellSession.VerifyAndReconnectRunSpacePool()
at Microsoft.Online.Identity.Federation. Powershell . ContextCredentialsCommand . OpenToGenevaServer ( PSCredentialserverCredential )
at Microsoft.Online.Identity.Federation. Powershell . ContextCredentialsCommand .<>c__DisplayClass2.< CreatePowerShellSessionToGenevaServer >b__0()
at Microsoft.Online.Identity.Federation. Powershell .Utility. InvokeOperationWithRetry (Action operation, Type exceptionType , String errorId , Int32 retryCount , Int32 retryWaitTimeInMilliseconds )
6/6/2011 2:46:49 PM Retry errorId : ConnectionToGenevaServerFailed
6/6/2011 2:46:49 PM Retry exception: Microsoft.Online.Identity.Federation. Powershell . IdentityFederationException
6/6/2011 2:46:49 PM Going to sleep mode for 2000 milliseconds before reattempt - 3
6/6/2011 2:46:51 PM Runspace Connection info: Scheme:http Port:5985, AuthenticationType :Default Uri: adfsServer . contoso .com AppName : wsman , Shell:https:// schemas . microsoft .com/ powershell /Microsoft. PowerShell
6/6/2011 2:46:51 PM Connection Uri: https://adfsServer.contoso.com:5985/wsman/
6/6/2011 2:46:51 PM Opening runspace to 'https:// adfsServer . contoso .com:5985/ wsman /'
6/6/2011 2:46:54 PM System.Management.Automation. Remoting . PSRemotingTransportException : Connecting to remote server failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM . If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: " winrmquickconfig ". For more information, see the about_Remote_Troubleshooting Help topic.
at System.Management.Automation.Runspaces.AsyncResult.EndInvoke()
at System.Management.Automation. Runspaces .Internal. RunspacePoolInternal . EndOpen ( IAsyncResultasyncResult )
at System.Management.Automation.Runspaces.RunspacePool.Open()
at Microsoft.Online.Identity.Federation. Powershell . PowerShellSession . VerifyAndReconnectRunSpacePool ()
6/6/2011 2:46:54 PM fullyQualifiedErrorId : System.Management.Automation. Remoting . PSRemotingDataStructureException
6/6/2011 2:46:54 PM Command failed: Microsoft.Online.Identity.Federation. Powershell . IdentityFederationException : Connecting to remote server failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM . If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: " winrmquickconfig ". For more information, see the about_Remote_Troubleshooting Help topic.
at Microsoft.Online.Identity.Federation. Powershell . PowerShellSession . ParseAndThrowErrorRecord ( ErrorRecorderrorRecord , String overRideErrorId )
at Microsoft.Online.Identity.Federation.Powershell.PowerShellSession.VerifyAndReconnectRunSpacePool()
at Microsoft.Online.Identity.Federation. Powershell . ContextCredentialsCommand . OpenToGenevaServer ( PSCredentialserverCredential )
at Microsoft.Online.Identity.Federation. Powershell . ContextCredentialsCommand .<>c__DisplayClass2.< CreatePowerShellSessionToGenevaServer >b__0()
at Microsoft.Online.Identity.Federation. Powershell .Utility. InvokeOperationWithRetry (Action operation, Type exceptionType , String errorId , Int32 retryCount , Int32 retryWaitTimeInMilliseconds )
6/6/2011 2:46:54 PM Retry errorId : ConnectionToGenevaServerFailed
6/6/2011 2:46:54 PM Retry exception: Microsoft.Online.Identity.Federation. Powershell . IdentityFederationException
6/6/2011 2:46:54 PM Failure after too many retries attempts..
6/6/2011 2:46:54 PM Wrong credentials to ADFS Server connection, attempt #'1'
6/6/2011 2:46:54 PM Prompting the user for ' adfsServer . contoso .com' ADFS Server creds .
6/6/2011 2:46:54 PM ContextCredentialsCommand:GetServerCredentials: Invoked.
Comments
Anonymous
March 03, 2013
I am having this same problem but unfortunately that fix is not working. I get a response: WinRM is already set up to receive requests on this computer. WinRM is already set up for remote management on this computer. I don't suppose you have any other ideas?Anonymous
April 10, 2013
"but keep getting prompted for your Windows credential" -- To clarify - the username for "$cred=Get-Credential" should be an administrator account on microsoftonline (office365, azure, onmicrosoft) NOT associated or synced with a Windows domain account.Anonymous
June 21, 2014
Which credentials do I need to use when I use the command Set-MsolAdfscontext -Computer 'server name'? Because when I use my admin credentials, I get the whole time the error authentication failed. Do I need to fill in domainnameusername and pw?Anonymous
July 14, 2015
same error here as above..... @HenkAnonymous
September 26, 2015
Guys have same problem with authentication ....any solution for that?