Convert-MSOLDomainToFederated: Service not available

Reading Time: 3 minutes

AAAAAAH….this is not a typical reaction I have when setting up things, but this one was driving me nuts. Let me explain…

Story so far…

I was asked to help a company with the implementation of Single Sign-on (SSO) between their on-premises environment and Office 365. During the installation and configuration phase of the ADFS 2.0 servers we ran into an error that drove me nuts. This process should be fairly easy. To help you through this process of deploying SSO, there are tons of guides to be found on the interwebs to set up SSO for your Office 365 services. Just check it out. I like this one in particular.In short: to create a federated connection with Office 365 in the cloud you have to do a couple of things:

  • Get an Enterprise CA Certificate
  • Configure Office 365
  • Install and configure ADFS 2.0
  • Install and configure DirSync

After the setup of ADFS 2.0 you will come across the Microsoft Online Services and connecting to them and then converting your registered Office 365 domain to a federated domain;

Keep in mind:I’m doing this from the ADFS server itself, so no need for the Set-MsolADFSContext –Computer cmdlet.Note:I’m using another DNS domain name in the commands below to protect the innocent. Winking smile

First Connecting:

Connect-MSOLService
Then the update cmdlet:
Update-MSOLFederatedDomain -DomainName contosogirls.com -SupportMultipleDomain

The Problem

When everything goes well, no output will be generated. But in this case it gave me the following output:
Convert-MsolDomainToFederated -DomainName contosogirls.com -SupportMultipleDomain

Convert-MsolDomainToFederated : Service not available

At line:1 char:30+ Convert-MsolDomainToFederated <<<<  -DomainName conotosogirls.com -supportMultipleDomain

+ CategoryInfo          : InvalidOperation: (:) [Convert-MsolDomainToFederated], FederationException

+ FullyQualifiedErrorId : InternalError,Microsoft.Online.Identity.Federation.Powershell.ConvertDomainToFederated

Since I was not the one who configured the Office 365 domain and there seemed to be a problem with the Office 365 authentication service, I assumed there was a problem with the services. I tried again after the weekend and was surprised to get the same result. So I guess it’s true what they say about assuming things.

Note:You can check the status of Office 365 services when you log into the Office 365 admin center

After checking everything, and I mean going over the entire installation up until the error, I still could not find any reason for this not to work. So I called Microsoft. The technician went over the process and after consulting with his colleagues a couple of times, came up with the suggestion of checking the account settings of the account we used to login into Office 365 with the Connect-MSOLService cmdlet. Explicitly we needed to check the password expiration policy.

Solution

After the suggestion to set the value for Days before passwords expire: to 90 instead of 730 running the Update-MSOLFederatedDomain cmdlet gave no trouble whatsoever. Setting up DirSync went like a breeze and Single Sign On is actually quite sexy…

Keep in mind:I was not the one who configured Office 365 for this scenario or thought these settings were a good idea 

Concluding

It’s strange the password expiration policy affects converting a domain and the PowerShell output is cryptic. I hope this helps in case you run into the same situation I did. This is how I did it…

No, my Win-X menu doesn’t work

Reading Time: 3 minutes

With the installation of Windows 8 there comes an end to the ‘classic’ start menu era. Off course you can put all the programs you want on the start screen. However, things like the control panel, command prompt or the computer management snap-in might be things you want to access easier and quicker. Fortunately for us power users there is another way.How it should look

Windows 8 comes loaded with predefined hotkey combinations. The windows key plays a huge role in these hotkey combinations.

One of these combinations might just be the most useful of all. Win + X. This will bring up a menu with the most used Control Panel and administration tools. You can also reach it by right clicking in the bottom-left corner of your screen. In windows 8 missing the start menu can be annoying if you need to get to these features often, but with this menu it is really easy. You can also reach it by right clicking in the bottom-left corner of your screen.

 

The shortcuts in this menu are in a folder inside the user profile:

C:\Users\%username%\AppData\Local\Microsoft\Windows\WinX

Inside you will default find three group folders corresponding with the groups, separated by lines in the Win+X menu.

A couple of months ago I migrated my work laptop to Windows 8 Enterprise. As I already had played around with it, a lot, not a lot of new things to discover there. So, as any It-Pro would do with a new operating system I went for the Control Panel to customize to my preferred settings

Right click in lower left-hand corner and….nothing happened. I tried again to no avail. Pressing the Windows-key and X at the same time (hence the name: Win-X Menu) did not bring up the menu either.

When I Checked the location mentioned above I noticed that there where no folders present. This can be due to a profile migrated from a previous version of windows or something with a mandatory profile in where the files are not present.To solve this,
just copy the files from a computer with a working Win-X Menu into the folder mentioned above and you should be good to go. You might want to restart after you put the files in the correct location. Inside there should be folders and within those
the correct shortcuts. The images show how they should look.
image
image
image
image

if you want to modify the menu there are other blogs written about that.