How to fix issue logging into Office Mobile on Android with ADFS 3.0

There have been some issues identified using Office Mobile Apps on Android devices when using ADFS 3.0 which are caused by the fact that the Android apps don’t support Server Name Indication (the ability to run multiple SSL certificates on a single IP address).

If your ADFS implementation is affected by this issue, you will receive an error message similar to “Could not contact the server.” even if you have network connection and all of your login settings (Email Address and Password) are correct.

NOTE – The fix outlined below can cause problems when adding / removing proxy servers from an ADFS deployment. You should remove the certificate bindings before adding Proxy servers to the farm.

Get support for Microsoft cloud issues, enjoy a 14 day free trial of our Cloud Care Managed Support. Click here for details >

How to Fix Office Mobile Android Issues

Firstly, to ensure that ADFS is working and your certificates for ADFS are correct go to the following link for your site from your Android mobile device and check that there are no certificate errors: https://sts.domain.com/adfs/ls/IdpInitiatedSignon.aspx
If you can access that page without certificate errors move on to the following steps:

1. From an elevated Powershell window run the following command:

netsh http show sslcert

This will return a result similar to the following:

SSL Certificate bindings:
————————-
Hostname:port : fs.domain.com:443
Certificate Hash : b776e5c4ad96ed43cbd332440a6aa0dd9334b01a
Application ID : {5d89a20c-beeb-4329-9447-3246686b944e}
Certificate Store Name : MY
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : AdfsTrustedDevices
DS Mapper Usage : Disabled
Negotiate Client Certificate : DisabledHostname:port : fs.domain.com:49443
Certificate Hash : b776e5c4ad96ed43cbd332440a6aa0dd9334b01a
Application ID : {5d89a20c-beeb-4329-9447-3246686b944e}
Certificate Store Name : MY
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Disabled
Negotiate Client Certificate : Enabled

2. Take note of the Certificate Hash and the Application ID that is returned in the output

3. Add the certificate. Here’s how the command would look using my example above:

netsh http Add SSLCert IPPort=0.0.0.0:443 certhash=b776e5c4ad96ed43cbd332440a6aa0dd9334b01a appid={5d89a20c-beeb-4329-9447-3246686b944e}

Note – The above command should be run on all ADFS Proxy servers. If mobile devices will be used on the internal network, this will also have to be done on the internal ADFS servers. You should enter the local IP Address of the respective ADFS Servers and the ADFS Proxy / WAP servers when running this command.

If the above command completes successfully, you will see the following response from the shell:

SSL Certificate Added Successfully

I hope this resolves the issue. 

Book a discovery call advert

IT assessments and workshops

In this blog post our Strategic Partner Manager, Gemma Horsell, highlights how we help our partners generate sales opportunities through IT assessments and workshops.

The benefits of the cloud

Video. Covid 19 has been a real-life use case for cloud migration, but what are the key benefits of the cloud? In this video Matt Garrett, discusses key drivers for cloud migration.

Cloud Business logo white
Microsoft Gold Partner Logo - Cloud Business

Cloud Business Limited
8 North Street
Guildford
GU1 4AF

2021 © Cloud Business Limited
Registered Company in England and Wales 06798438