Forum Discussion

amolari's avatar
Icon for Cirrostratus rankCirrostratus
Sep 10, 2015

Office 365 with APM as IdP (no ADFS), troubleshooting


I have starting a non-hybrid deployment of Office365 with DirSync (sync is working). My domain is a subdomain in a forest. I followed the F5 deployment guide (manual config, no iApp) and have the office365 portal redirection to my IdP (APM 11.6 HF5) and the IdP redirection with assertion (which seems correct) to the Office 365 portal. But signon doesn't work and I get an error 80043431.


  • cannot find Microsoft troubleshooting guides that do consider a deployment without ADFS. I would like to verify the SSO configuration of Office365 but the PS command
    Get-MsolFederationProperty -DomainName
    seem to work only with ADFS... get an error

Get-MsolFederationProperty : Failed to connect to Active Directory Federation Services 2.0 on the local machine. Please try running Set-MsolADFSContext before running this command again.

Does anyone knows a way to get the SSO configuration in a deployment without ADFS?

  • has anyone gone through the same error and found the solution?



2 Replies

  • mikeshimkus_111's avatar
    Historic F5 Account

    Hi Alex, we recommend using the iApp if at all possible. I have seen this error before when my entity ID didn't match the URL I'd configured in O365 federation settings (I had a trailing slash in my entity ID that wasn't there in the fed settings). First thing I'd do is compare those.


  • Found that overwriting the settings with

    was not working properly. I had to remove the federation with the command
    Set-MsolDomainAuthentication -Authentication Managed –DomainName $dom
    and start again. Also, by changes it seems that one has to wait some time for them to be really effective. Now I have a working SAML auth for the browser. Next step, have it work with ECP. Is Outlook the only Office app supporting ECP?

    How is it with Skype for business?