Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 772 other subscribers


  • LinkedIn
  • RSS Feed for Posts
  • Twitter
  • StumbleUpon

[Solved] ADFS 3.0 > Unable to logon > “AADSTS50008: SAML token is invalid”

This week I had a problem with a ADFS server.

No user was able to logon, already connected users, were able to continue working, but no new connections were allowed.

In this post I explain which steps I took, to localize the problem.


Step 1:

First I tried testing the ADFS connection :

Logon and logoff are successful.



Logging in to Office 365 still doesn’t work.



The correct error is :

“AADSTS50008: SAML token is invalid”


Step 2:

Second I restarted the ADFS services on the ADFS server.

Users where still unable to logon.


Step 3:

Third  I tried to update the Federated domain, through Azure Powershell:

Update-MsolFederatedDomain -DomainName [verified domain]

Users where still unable to logon.


Step 4:

Finally, I found the problem:

(see the screen at the bottom)


Most of the time this is a time sync issue.

When receiving this error, wait a little while and press F5 to refresh the site.

When the page is shown with no error, you know for sure this is a time sync error.


Start Powershell or DOS as an administrator:

w32tm /config /syncfromflags:manual /manualpeerlist:""

Change the Time sync servers on the domain controller.


w32tm /resync

Resync the server with the new settings.


w32tm /query /status

Check the status.


Source: VM IC Time Synchronization Provider

When the Source is pointing to the VM, you need to change the VM settings.



In Hyper-V (or VMWare) Deselect the Time-sync for the Domain controller


w32tm /query /status

Check the synchronization again


The time sync now is :


This is the correct server


W32tm /resync

Use Resync to sync the time with the servers

(Sometimes the servers sync automatically, so the resync states there is no need to resync)

Your now able to login to ADFS


Special thanks to Eric Snijders for support !