We have AD FS 3.0 (Windows Server 2012 R2, 1x AD FS server and 1 x Web App server). We are setting up new Azure AD Connect to sync the users to Azure AD and federate Azure AD with this local AD FS farm.
During the initial configuration for the Azure AD Connect, the federation had been completed, but there was no relaying party for Office 365 created in AD FS.
I have tried to update or reset the federation using Azure AD Connect wizard. It was stuck and kept retrying the update-msolfederateddomain command where I could see from the log.
I had tried to covert it to managed domain with password hash sync, then coverted it again from Azure AD Connect, it was stuck at convert-msoldomaintofederated from what I could see in the log. No relaying party was created in AD FS. The only error logs in AD FS admin event log are "urn:federatioin:microsoftonline counld not be fulfileed becaue thekey does not identiy an known relaying party"
Verified that WinRM is enabled on AD FS server.
Tried to run convert-msoldomaintofederated command on AD FS server itself. It encountered 407 error first due to proxy. After I added proxy configure to machine.config file, it hit another error says "get-adfsrelyingpartytrust comexception..."
Getting bit frustrated now. If you had similar experience, please advise. Any help will be much appreciated. Thanks.
Thanks Rosaliod. I will take a look. But from the other side, it might not be related as I tried to convert/configure Azure AD to federate with AD FS from Azure AD Connect Server with no luck and time out, which doesn't use proxy server at all.