The following forum(s) have migrated to Microsoft Q&A (Preview): Azure Active Directory!
Visit Microsoft Q&A (Preview) to post new questions.

Learn More

 locked
Set-MsolDomainAuthentication fails when trying to set a domain as federated RRS feed

  • Question

  • I used this command to change authentication type of my domain to federated. Later had to change it back to managed. Now I cannot change it back to federated with the same parameters I used previously successfully. I looked for a solution all over the internet but no help. There were similar error reported in multiple places, yet no straightforward answer was found.

    It gives the following error.


    PS Azure:\> Set-MsolDomainAuthentication -DomainName $dom -FederationBrandName $BrandName -Authentication Federated -ActiveLogOnUri $ecpUrl -SigningCertificate $MySigningCert  -LogOffURI $logoutURL -IssuerUri $Issuer -PreferredAuthenticationProtocol $Protocol
    Set-MsolDomainAuthentication : Unable to complete this action. Try again later.
    At line:1 char:1
    + Set-MsolDomainAuthentication -DomainName $dom -FederationBrandName $B ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : OperationStopped: (:) [Set-MsolDomainAuthentication], MicrosoftOnlineException
        + FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.InternalServiceException,Microsoft.Online.Administration.Automation.SetDomainAuthentication

    Any idea what gives the error?


    Dinix195

    Monday, August 6, 2018 10:08 AM

All replies

  • Set-MsolDomainAuthentication cmdlet changes only the settings in Azure Active Directory.

    Have you tried the Convert-MSOLDomainToFederated cmdlet instead ?


    Monday, August 6, 2018 1:58 PM
    Moderator
  • Check this link, 

    https://help.duo.com/s/article/3409?language=en_US

    this can be resolved through the following steps: 
    1. Sign in to the Office 365 portal (https://portal.office.com)as a global administrator.
    2. Click Setup > Domains.
    3. On the Domains page, choose the domain you want to set as the default for new email addresses.
    4. Choose Set as default.

    • Proposed as answer by samyyysam Monday, August 6, 2018 4:22 PM
    Monday, August 6, 2018 4:22 PM
  • Just checking in if you have had a chance to see our previous response. If this answers your query, do click “Mark as Answer” and Up-Vote for the same. And, if you have any further query do let us know.
    Wednesday, August 8, 2018 7:56 PM
  • I had the same error (try again later).

    Be aware of the fact that MS requires the IssuerURI to be UNIQUE.
    So you cannot use the same IssuerURI for different domains. Why? I see no reason but MS obviously decided to implement it that way :-(. Makes my PING Federate config much more complicated having hundreds of domains.

    • Proposed as answer by JP_IIV Saturday, September 28, 2019 4:27 PM
    Wednesday, July 3, 2019 9:36 AM
  • This helped me solve our problem. We had a test domain we were federating before federating our production domain. We had used the same issuer on the test domain and we had to "unfederate" it and before we could federate our production domain. 
    Saturday, September 28, 2019 4:28 PM
  • @JP_IIV, Thank you for updating the same. It should be of help to other community members.
    Monday, September 30, 2019 7:49 AM
    Moderator