ADFS logins will fail if there is too much time skew between the ADFS servers and the relying party. the ideal solution would be that the RP administrators start time syncing their systems. this is probably unlikely though so it will have to be fixed on the claims/identity provider end.

this can be done by running:
Set-AdfsRelyingPartyTrust -targetidentifier “[identifier]” -notbeforeskew 1
^allows for 1 minute of time skew

Comments are closed.