Microsoft Outage affected Federated Domains
-
This is the issue that is still impacting us. Working with Microsoft currently to address the issue.
EX90376 - E-Mail and calendar access - Service restored
Service restored - Jan 10, 2017 4:08 AMTitle: Connectivity errors for federated identity users.
User Impact: Users may have been unable to connect to Exchange Online using multiple protocols, including Outlook and mobile devices.
More info: This issue affected users configured with a federated identity model, such as Active Directory Federation Services (ADFS). Outlook on the web was not affected. The Outlook client may have displayed a "Trying to connect..." error message, and new Outlook profiles couldn't be created.
Final status: We restarted the remaining affected network access systems and confirmed with a number of affected customers that impact has been remediated.
Scope of impact: Customer reports indicated that many users were likely to have experienced impact related to this event if your organization uses a federated identity configuration. Our analysis indicates that this issue was specific to a subset of users who were served through the affected infrastructure.
Start time: Monday, January 9, 2017, at 1:00 PM UTC
End time: Tuesday, January 10, 2017, at 8:05 AM UTC
Preliminary root cause: Network access system services became degraded on a subset of infrastructure which facilitates network routing for federated identity users.
Next steps:
- We're reviewing our monitoring services to find ways to reduce detection time and to improve our automated recovery processes.
We'll publish a post-incident report within five business days
-
Man, I'm so glad this isn't impacting us at the moment.
-
@DustinB3403 said in Microsoft Outage affected Federated Domains:
We'll publish a post-incident report within five business days
Let me correct that last statement for them..
We hope to figure out what the issue is within five business days.
-
@coliver Do you have a hybrid domain?
-
@DustinB3403 said in Microsoft Outage affected Federated Domains:
@coliver Do you have a hybrid domain?
Nope, but we do use ADFS for authentication.
-
And no one from Microsoft soft is calling back... When I was promised a return call in 20 minutes. That was an hour and half ago!
-
@coliver said in Microsoft Outage affected Federated Domains:
@DustinB3403 said in Microsoft Outage affected Federated Domains:
@coliver Do you have a hybrid domain?
Nope, but we do use ADFS for authentication.
Not a good idea.
That's why we warn people about that. It's not very useful but carries a lot of risk. -
Of course the numbers and extensions for the ADFS team are invalid. Wonderful Microsoft.... wonderful.
-
@DustinB3403 said in Microsoft Outage affected Federated Domains:
Of course the numbers and extensions for the ADFS team are invalid. Wonderful Microsoft.... wonderful.
We found that to be common. And if you ask a concierge for help they yell at you for not knowing some magic, secret number to call. MS support really does actually hide.
-
@scottalanmiller said in Microsoft Outage affected Federated Domains:
@DustinB3403 said in Microsoft Outage affected Federated Domains:
Of course the numbers and extensions for the ADFS team are invalid. Wonderful Microsoft.... wonderful.
We found that to be common. And if you ask a concierge for help they yell at you for not knowing some magic, secret number to call. MS support really does actually hide.
I just chewed out the operator for asking for my contact details, I told her its on the 4 cases I have open, look at them. And asked to be transferred to someone in the appropriate team. That I can't wait longer for a call back.
Of course this likely means that I'll be the circular queue forever...
-
And no one in the ADFS team (including managers) is answering calls...
Did something happen where this team is located?
-
@DustinB3403 said in Microsoft Outage affected Federated Domains:
And no one in the ADFS team (including managers) is answering calls...
Did something happen where this team is located?
You sure that they have a team?
-
@DustinB3403 said in Microsoft Outage affected Federated Domains:
And no one in the ADFS team (including managers) is answering calls...
Did something happen where this team is located?
I'm not convinced they have a team.
-
@coliver said in Microsoft Outage affected Federated Domains:
@DustinB3403 said in Microsoft Outage affected Federated Domains:
And no one in the ADFS team (including managers) is answering calls...
Did something happen where this team is located?
I'm not convinced they have a team.
I've seen no evidence of one.
-
@scottalanmiller said in Microsoft Outage affected Federated Domains:
@coliver said in Microsoft Outage affected Federated Domains:
@DustinB3403 said in Microsoft Outage affected Federated Domains:
@coliver Do you have a hybrid domain?
Nope, but we do use ADFS for authentication.
Not a good idea.
That's why we warn people about that. It's not very useful but carries a lot of risk.Not very useful? A single username/password for O365 and your local domain isn't useful?
-
@Dashrender said in Microsoft Outage affected Federated Domains:
@scottalanmiller said in Microsoft Outage affected Federated Domains:
@coliver said in Microsoft Outage affected Federated Domains:
@DustinB3403 said in Microsoft Outage affected Federated Domains:
@coliver Do you have a hybrid domain?
Nope, but we do use ADFS for authentication.
Not a good idea.
That's why we warn people about that. It's not very useful but carries a lot of risk.Not very useful? A single username/password for O365 and your local domain isn't useful?
ADFS is not what provides that. ADFS is what creates the co-dependency where if either side fails, everything fails. You are leaping to conclusions that ADFS = single sign on. Since you have that feature without ADFS you can't make such an assumption.
-
@scottalanmiller said in Microsoft Outage affected Federated Domains:
@Dashrender said in Microsoft Outage affected Federated Domains:
@scottalanmiller said in Microsoft Outage affected Federated Domains:
@coliver said in Microsoft Outage affected Federated Domains:
@DustinB3403 said in Microsoft Outage affected Federated Domains:
@coliver Do you have a hybrid domain?
Nope, but we do use ADFS for authentication.
Not a good idea.
That's why we warn people about that. It's not very useful but carries a lot of risk.Not very useful? A single username/password for O365 and your local domain isn't useful?
ADFS is not what provides that. ADFS is what creates the co-dependency where if either side fails, everything fails. You are leaping to conclusions that ADFS = single sign on. Since you have that feature without ADFS you can't make such an assumption.
oh - didn't know that, how does do you get single sign on then?
-
@Dashrender said in Microsoft Outage affected Federated Domains:
@scottalanmiller said in Microsoft Outage affected Federated Domains:
@Dashrender said in Microsoft Outage affected Federated Domains:
@scottalanmiller said in Microsoft Outage affected Federated Domains:
@coliver said in Microsoft Outage affected Federated Domains:
@DustinB3403 said in Microsoft Outage affected Federated Domains:
@coliver Do you have a hybrid domain?
Nope, but we do use ADFS for authentication.
Not a good idea.
That's why we warn people about that. It's not very useful but carries a lot of risk.Not very useful? A single username/password for O365 and your local domain isn't useful?
ADFS is not what provides that. ADFS is what creates the co-dependency where if either side fails, everything fails. You are leaping to conclusions that ADFS = single sign on. Since you have that feature without ADFS you can't make such an assumption.
oh - didn't know that, how does do you get single sign on then?
AD Sync. That's the recommended method. You only use ADFS if you "have to" for certain advanced features. The Sync method is asynchronous and just keeps the two up to date with each other. If either goes down the other doesn't notice.
-
@scottalanmiller said in Microsoft Outage affected Federated Domains:
@Dashrender said in Microsoft Outage affected Federated Domains:
@scottalanmiller said in Microsoft Outage affected Federated Domains:
@Dashrender said in Microsoft Outage affected Federated Domains:
@scottalanmiller said in Microsoft Outage affected Federated Domains:
@coliver said in Microsoft Outage affected Federated Domains:
@DustinB3403 said in Microsoft Outage affected Federated Domains:
@coliver Do you have a hybrid domain?
Nope, but we do use ADFS for authentication.
Not a good idea.
That's why we warn people about that. It's not very useful but carries a lot of risk.Not very useful? A single username/password for O365 and your local domain isn't useful?
ADFS is not what provides that. ADFS is what creates the co-dependency where if either side fails, everything fails. You are leaping to conclusions that ADFS = single sign on. Since you have that feature without ADFS you can't make such an assumption.
oh - didn't know that, how does do you get single sign on then?
AD Sync. That's the recommended method. You only use ADFS if you "have to" for certain advanced features. The Sync method is asynchronous and just keeps the two up to date with each other. If either goes down the other doesn't notice.
We're using it for SSO and some of the advanced features that you mentioned. As well as 20 or so other apps that integrate with it for SSO.
-
the idea of ADFS definitely sounds cool - it would be awesome to not have to call the hospital when we hire a new employee, through ADFS our new employee just works, but the problems like Dustin had really kinda of make it untenable if they are common place.
