Applies to any SecureMFA adapter version 1.0.0.4 and below.

Issue

When logging onto an application using ADFS via a Modern Authentication application or a web browser which uses SecureMFA adapter for multifactor authentication, the user may be presented with a generic "An error occurred" message, yet attempts from other browsers work successfully.

This may occur on servers that are no using en-GB system locale. If a server uses a en-GB system locale, then the error does not occur.

In Windows Event Viewer, under "AD FS, Admin" Error ID 364 shows the problem in more detail:

You would see similar error message as bellow:

“MFA fails with No style sheet is configured in the active theme for default locale [en-US/1033]”

Technical details

In this case the ADFS service is attempting to use the EN-US system locale however the ADFS SecureMFA form is only set to use the EN-GB system locale.

Resolution

To resolve the problem, we need to configure the ADFS Service account to use the EN-GB system locale as follows:

1.Find the service account that is used by the "Active Directory Federation Services" Windows Service.

2.Locate the SID of the account, e.g. You can use AD PowerShell command to find a SID

Get-ADUser -Identity 'service_account’ | select SID

3.Copy the SID to the clipboard

4.Download the international_en-GB.reg.txt file from this KB (link at the bottom of the page), edit it in notepad and replace the place holder SID (S-1-5-21-XXXXXXx-XXXXXXX-XXXXXXX) with the actual SID in the clipboard.

5.Save the file and rename it to remove the .txt extension.

6.Run the international_en-GB.reg file to import it into the registry.

7.Restart the "Active Directory Federation Services" Windows Service.

8.Test the client connection again.

international_en-GB.reg.txt