Use Remote Connectivity Analyzer to troubleshoot single sign-on issues - Microsoft 365 (2024)

Table of Contents
In this article Introduction More information How to run Remote Connectivity Analyzer to test SSO authentication Feedback Feedback In this article References

Share via

Introduction

This article describes how to diagnose single sign-on (SSO) logon issues in a Microsoft cloud service such as Microsoft 365, Microsoft Azure, or Microsoft Intune by using Microsoft Remote Connectivity Analyzer. It also contains information about causes of common SSO failures and lists links to resources for how to troubleshoot the issue.

Remote Connectivity Analyzer is a free connectivity test platform for the cloud-based service. It tests the availability of the required federation service endpoint for expected behavior by acting on those services from the Internet.

More information

The data flow of any SSO communication is predictable. The expected data flow pattern can be compared to or contrasted with a capture of the actual data flow that occurs during a failing SSO attempt to determine what might be wrong with the process.

How to run Remote Connectivity Analyzer to test SSO authentication

To run Remote Connectivity Analyzer to test SSO authentication, follow these steps:

  1. Open a web browser, and then browse to https://www.testconnectivity.microsoft.com/tests/SingleSignOn/input.

  2. Type your user ID and the password, click to select the security acknowledgement check box, type the verification code, and then click Perform Test.

    Note

    See Also
    Japanese stocks crash in biggest one-day drop since 1987 as global market rout intensifies | CNN Business

    • Your user ID is your user principal name (UPN).
    • You must enter the actual credentials that are associated with the SSO implementation that you're testing.

    Use Remote Connectivity Analyzer to troubleshoot single sign-on issues - Microsoft 365 (1)

  3. If the connectivity test isn't completed successfully, expand the Test Details result tree by following the error icons to identify the first error that the test encountered. For any error state that's detected, expand the test result tree to the specific error, and then click Tell me more about this issue and how to resolve.

    The following table lists causes of common SSO failures and resources that you can use to help resolve the issue.

    TestCommon cause and failure sourcesDescriptionPossible resolutions
    Attempting to retrieve domain registration and to validate federation status information for user. Analyzing the domain registration received for userAn error was found in the domain registration.This indicates that the domain that's used as the user's UPN suffix hasn't been federated.Federate the UPN suffix domain. Troubleshoot domain federation and user account problems. For more information, see Troubleshoot account issues for federated users in Microsoft 365, Azure, or Intune. Update the user's UPN to use the correct federated domain suffix. For more information, see Troubleshoot user name issues that occur for federated users when they sign in to Microsoft 365, Azure, or Intune.
    Attempting to resolve the host name fed.contoso.com in DNSThe host name couldn't be resolved.Public DNS resolution of AD FS service endpoint is failing.For more information about how to troubleshoot this issue, see Troubleshoot single sign-on setup issues in Microsoft 365, Intune, or Azure. For more information about the limitations of not exposing AD FS, see Supported scenarios for using AD FS to set up single sign-on in Microsoft 365, Azure, or Intune .
    Testing TCP port 443 on host sts.contoso.com to make sure that it is listening and openedThe specified port is blocked, not listening, or not producing the expected response.One or more of the services on which AD FS response relies stopped, were stopped, or are unavailable in some way.Restart the services. For more information, see Internet browser can't display the AD FS sign-in webpage for federated users. Investigate a possible AD FS memory leak. For more information, see The "500" error code is returned when you send an HTTP SOAP request to the "/adfs/services/trust/mex" endpoint on a computer that is running Windows Server 2008 R2 or Windows Server 2008. Investigate firewall-published AD FS service problems. For more information, see How to troubleshoot AD FS endpoint connection issues when users sign in to Microsoft 365, Intune, or Azure.
    Retrieving AD FS metadata information from metadata exchange URL https://fed.contoso.com/adfs/services/trust/mex|ExRCA couldn't retrieve AD FS metadata.One or more of the services on which AD FS response relies stopped, was stopped, or is unavailable in some way.Restart the services. For more information, see Internet browser can't display the AD FS webpage when a federated user tries to sign in to Microsoft 365, Azure, or Intune . Investigate problems with the AD FS proxy server. For more information, see How to troubleshoot AD FS endpoint connection issues when users sign in to Microsoft 365, Intune, or Azure . Investigate a possible AD FS memory leak. For more information, see The "500" error code is returned when you send an HTTP SOAP request to the "/adfs/services/trust/mex" endpoint on a computer that is running Windows Server 2008 R2 or Windows Server 2008.
    Validating the certificate nameCertificate name validation failed.Problems with the SSL certificate are limiting AD FS authentication.Troubleshoot the problems by using SSL certificate. For more information, see You receive a certificate warning from AD FS when you try to sign in to Microsoft 365, Azure, or Intune.
    Certificate Trust is being verified.Certificate trust validation failed.Problems with the SSL certificate are limiting AD FS authentication.Troubleshoot the problems by using SSL certificate. For more information, see You receive a certificate warning from AD FS when you try to sign in to Microsoft 365, Azure, or Intune.
    ExRCA is attempting to authenticate to the security token service at https://sts.contoso.com/adfs/services/trust/2005/usernamemixedA SOAP fault response was received from the Security Token service. A web exception occurred because an HTTP 503 - Service Unavailable response was received from Unknown.The authentication to AD FS endpoints by using the federation trust is malfunctioning.Check and rebuild the federation trust. For more information, see "80041317" or "80043431" error when federated users sign in to Microsoft 365, Azure, or Intune. Check and repair the token-signing certificate problems. For more information, see "There was a problem accessing the site" error from AD FS when a federated user signs in to Microsoft 365, Azure, or Intune.

Still need help? Go to Microsoft Community or the Microsoft Entra Forums website.

Feedback

Was this page helpful?

Provide product feedback

Feedback

Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.

Submit and view feedback for

This product This page

Use Remote Connectivity Analyzer to troubleshoot single sign-on issues - Microsoft 365 (2024)

References

Top Articles
Looking for cool items on a budget in your area? Try Craigslist
Purdue Basketball Message Board
Stretchmark Camouflage Highland Park
Instructional Resources
Otis Department Of Corrections
Green Bay Press Gazette Obituary
Produzione mondiale di vino
Doby's Funeral Home Obituaries
Graveguard Set Bloodborne
Housing Intranet Unt
Craigslist Boats For Sale Seattle
Immediate Action Pathfinder
Truck Toppers For Sale Craigslist
Mini Handy 2024: Die besten Mini Smartphones | Purdroid.de
Alejos Hut Henderson Tx
Ts Lillydoll
Beebe Portal Athena
Navy Female Prt Standards 30 34
Wal-Mart 140 Supercenter Products
Video shows two planes collide while taxiing at airport | CNN
Keck Healthstream
Webcentral Cuny
Ppm Claims Amynta
Sef2 Lewis Structure
Garnish For Shrimp Taco Nyt
25 Best Things to Do in Palermo, Sicily (Italy)
Living Shard Calamity
Foolproof Module 6 Test Answers
Acurafinancialservices Com Home Page
O'reilly's In Mathis Texas
Ups Drop Off Newton Ks
Babydepot Registry
Ghid depunere declarație unică
Urban Blight Crossword Clue
Baddies Only .Tv
Housing Assistance Rental Assistance Program RAP
Most popular Indian web series of 2022 (so far) as per IMDb: Rocket Boys, Panchayat, Mai in top 10
Craigslist West Seneca
Pensacola 311 Citizen Support | City of Pensacola, Florida Official Website
Afspraak inzien
USB C 3HDMI Dock UCN3278 (12 in 1)
Cnp Tx Venmo
Dwc Qme Database
Todd Gutner Salary
Ts In Baton Rouge
Suppress Spell Damage Poe
Barber Gym Quantico Hours
Vcuapi
The Significance Of The Haitian Revolution Was That It Weegy
Pulpo Yonke Houston Tx
Public Broadcasting Service Clg Wiki
Latest Posts
WINEENTHUSIAST N'FINITY INSTRUCTION MANUAL Pdf Download
WINE ENTHUSIAST N'FINITY PRO INSTRUCTION MANUAL Pdf Download
Article information

Author: Moshe Kshlerin

Last Updated:

Views: 6593

Rating: 4.7 / 5 (57 voted)

Reviews: 88% of readers found this page helpful

Author information

Name: Moshe Kshlerin

Birthday: 1994-01-25

Address: Suite 609 315 Lupita Unions, Ronnieburgh, MI 62697

Phone: +2424755286529

Job: District Education Designer

Hobby: Yoga, Gunsmithing, Singing, 3D printing, Nordic skating, Soapmaking, Juggling

Introduction: My name is Moshe Kshlerin, I am a gleaming, attractive, outstanding, pleasant, delightful, outstanding, famous person who loves writing and wants to share my knowledge and understanding with you.