This error can occur when a firewall or proxy causes an issue connecting to the ADFS or single sign-on (SSO) server.

If you're using ADFS and a user's principal name (UPN) has been changed recently, they may receive an ADFS error when signing into the client, such as CP-SVC: Failure calling CP service, or the web portal, such as Email claim not found. 

The Microsoft Outlook client logs will show if an email claim is not being passed or if there's a connectivity issue. 

Cause

The Microsoft Outlook client is having trouble connecting to the ADFS or SSO server, which is preventing our add-in from claiming a refresh token from the server.

If you are setting up ADFS integration for the first time, you may get this error with test accounts where a mailbox has not been linked to the account. 

Resolution

This issue can be resolved by one of the following items: 

• Troubleshooting a connectivity issue between the add-in and the SSO server by checking firewalls or proxy servers for exceptions being present
• Rebooting the AD FS server clears the LSA user name to the SID translation cache
• Change the LsaLookupCacheMaxSize registry key by following this Microsoft Guide