Office 365 and ADFS
Trying to get my head round ADFS and office 365. i want to trial the weboffice bit and not the exchange.
I followed the instructions on this article AD FS with Office 365 Step by Step Install GuideMessageOps | MessageOps but when i get to the convert to Convert-MsolDomainToFederated –DomainName domain.com bit I am getting
failed to setup trust with the microsoft federated gateway
I have read the MS stuff (man they know how to overcomplicate stuff) and think I have got my head round what I need to do.
Would my firewall be blocking the traffic, its a server so everything should go out okay but it is Smoothwall.
Hi Simcfc73, I had lots of problems setting this up using the same article, here is a link to the thread that I set up with my problems, and fixes. Hope it is of some use to you.
One quick tip I will offer is setup the adfs service on a 2008R2 box, we recently did a 60 user migration installed a 2012 DC and configured adfs.
The migration went fine and all users worked fine for a couple of days then the adfs service failed to start and nobody could login to 365.
Having escalated this to MS 365 3rd line support they eventually admitted that ADFS had problems with 2012 Server and were waiting for a hotfix or service pack! they then asked us to re-set it all up on a 2008R2 box (by which time we had already worked out for ourselves).
We did and all is well....
i'll second @m25man's comment, we are running our ADFS on 2008R2 boxes.
If you're looking just to trial the Office Web Apps I would suggest that deploying full-blown DirSync and AD FS is overkill! While DirSync and AD FS are great solutions to ID provisioning and management, you don't need them up front. :)
Originally Posted by Simcfc73
You can trial Office 365 with literally no on-premises servers.
Hit a snag, major PITA. After a reboot I cannot log onto the server as its saying the 'the security database on the server does not have a computer account' I found an article saying its a SPN issue and changing the service account that the ADFS pool uses to a local account. Tried that but its still not letting me on. The biggest pain is I have used the server which has eclipse.net on so that's not working either. Anyone got any advise?
Looks like irs because I used the servername for my pool or something like that...its 20 past midnight and I need to look at this in a clearer light. Its obviously a domain issue as I tried to recover the server and its still showing the error. Wonder if I could change the server name????
Jeez, could MS make it any more annoying to fix after you make 1 little error. I had to change the server name which seems to have caused all sorts of problems not least that its throwing up errors about the computer ID int he database being wrong.... even though i have uninstalled the ADFS stuff 4 times, removed the DB and now into trying to sort it by using the server key managemnt utility which won't let me in with a password error. I only wanted to test office 365 but I think i will call it a day and go over to the dark side.
You don't need to try and untangle this alone - support for Office 365 is free; why don't you give them a call and see if they can help you fix this? :)
AD FS is not something to deploy lightly and, like I said earlier in the thread, isn't something you need in order to be able to test out the full capabilities of the service.
Woohoo, got it synching. i removed the ADFS and the microsoft sync stuff which muct have had the computer name hard coded somewhere. All users are now synched.
Well thats another keyboard I hve broken. Synching worked, eventually got the Remote Connectivity Analyser to tivck all the boxes but now I can't log onto the domain from the portal and am getting
There was a problem accessing the site. Try to browse to the site again.
If the problem persists, contact the administrator of this site and provide the reference number to identify the problem.
Reference number: c5441ad3-4405-486b-987a-8bc4a547621e
Looking online it pretty much says, something is broken.. check every single thing you have done again and good luck. I am sure ADFS and SSO are wonderful if they go swimmingly but I am sick of technet now and most just go round and round in circles.
Is AD FS a requirement for your deployment? It sounds like you're hitting problems with the identity piece, rather than the service itself. You don't need to go down the route of a full blown DirSync and AD FS deployment in order to test out the features of SharePoint.
Originally Posted by Simcfc73
All you need to do is provision a new user in the management console of Office 365, assign it a SharePoint & Office Web Apps licence and then you're able to access that feature. I'd strongly recommend holding off trying to integrate with your local AD until you're ready to and comfortable with the service.
Did you try contacting support? You don't need to spend hours trawling through TechNet (unless you're into that sort of thing) unnecessarily when there's free support on hand to help.
I have sent you a PM in regards to the problems your having with ADFS at this moment in time, more than happy to have a chat with you about it see if we can find out what your problem us. but, as James says if your just using this for a trial at the moment i would not worry too much about getting ADFS/DirSync to work use the Local User accounts to explore the features of Office 365.