Hi Folks,
One of our customer had an issue with the ADFS farm running on Windows Server 2012 R2. There was a problem with the ADFS proxy which was domain joined. This is not a recommended configuration so we changed that to a workgroup machine.
The https://adfs.DOMAIN.COM/adfs/ls/IdpInitiatedSignon.aspx could be contacted after that and a Login was possible. Hovever, an enrollemnt of devices using Microsoft Intune was still not working. We recoginized that the realying trust to Office 365 was missing on the ADFS Server:
Using powershell to create the trust worked but didn’t allow the user to Login to https://account.manage.microsoft.com or the comany portal and enroll devices.
$cred=Get-Credential
Connect-MsolService –Credential $cred
Set-MsolAdfscontext -Computer “FQDN of Server”
Convert-MsolDomainToFederated –DomainName “Your Domain Name”
The error 8004789A occured on the Login page.
Reason
You have to use the powershell command
Update-MsolFederatedDomain –DomainName “Your Domain Name”
This did the trick.
Maybe this helps someone.
Cheers,
Al
blog.alschneiter.com 