When logging onto an application using ADFS via a Modern Authentication application or a web browser which uses SecureMFA adapter for multifactor authentication, the user may be presented with a generic "An error occurred" message, yet attempts from other browsers work successfully.
This may occur on servers that are no using en-GB system locale. If a server uses a en-GB system locale, then the error does not occur.
In Windows Event Viewer, under "AD FS, Admin" Error ID 364 shows the problem in more detail:
You would see similar error message as bellow:
“MFA fails with No style sheet is configured in the active theme for default locale [en-US/1033]”
In this case the ADFS service is attempting to use the EN-US system locale however the ADFS SecureMFA form is only set to use the EN-GB system locale.
To resolve the problem, we need to configure the ADFS Service account to use the EN-GB system locale as follows:
1.Find the service account that is used by the "Active Directory Federation Services" Windows Service.
2.Locate the SID of the account, e.g. You can use AD PowerShell command to find a SID
Get-ADUser -Identity 'service_account’ | select SID
3.Copy the SID to the clipboard
4.Download the international_en-GB.reg.txt file from this KB (link at the bottom of the page), edit it in notepad and replace the place holder SID (S-1-5-21-XXXXXXx-XXXXXXX-XXXXXXX) with the actual SID in the clipboard.
5.Save the file and rename it to remove the .txt extension.
6.Run the international_en-GB.reg file to import it into the registry.
7.Restart the "Active Directory Federation Services" Windows Service.
8.Test the client connection again.