M365 Federation - wtrealm not being passed in the redirection URL to ADFS?

Hi All,

Weird one here, looking to see if anyone has some thoughts on this.

Recently federated a test environment to 365 through ADFS to test some changes (both through AAD connect and script commands). I've noticed on the redirection to my ADFS environment the following error: MSIS7065: There are no registered protocol handlers on path /adfs/ls/ to process the incoming request.

The URL received in the redirection looks as follows: https://adfs.domain.com/adfs/ls/?wctx=LoginOptions%3D3%26&cbcxt=&username=test.user%40domain.com&mkt=en-US&lc=, everything works if I add additional information into the URL: wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline.

If I add these items and refresh the page, I have the option to authenticate to AD FS and continue on my way into M365. The URL is missing these items both internally and externally through the WAP, I've confirmed the endpoints, idpinitiatedsignon.aspx and federationmetadata.xml urls as working. I've also federated another dummy app and confirmed no issues internally/externally accessing this.

Has anyone seen this before, any ideas why I might not be receiving the wtrealm information in the redirection from MS? The domain federation appears to be correct when looking up the status in graph, its pretty odd.