So I'm labbing around with settings up SSO on my own test domain. I got my AD, my ADFS, my Office365 subscription and my Azure AD. Got my AD to sync to Azure AD no problem but then I'm trying to get SSO working.

Hitting a brick wall when running the command New-MsolFederatedDomain on my AD domain name. Only thing in the way of error message I'm getting is "Microsoft.Online.Administration.Automation.DomainUnexpectedAuthenticationException" and that's it.

My domainname is external, I have propert DNS settings externally, my ADFS is working fine and everything looks good but I just can get that to work.

When I do it through the GUI in Azure AD and check that box that "I plan to use this for federation" and I click "Add" and then "Next" and nothing happens. At all. I can add the domain no problem if I dont tick the box. But then it's not federated, so I try to run "Convert-msoldomaintofederated" and I get the same error.

The only one thing I can think of, and this may cause a big "DUH!" with the people that know this is that I use an internally signed certificate from my internal CA for the ADFS. I can't find any resource that says that this should NOT work (although logically it shouldn't). I've seen plenty of tutorials using self signed, but they are 2-3 years old so maybe that doesn't work anymore. And I'm not sure I wanna go an buy a propert certificate for this testing.

Hi,

This forum is focus on Office client related discussion. For Office 365 related deploy and manage matters, this forum will be the best channel to seek answers, thank you.