none
Automatic logon to IE intranet zone stopped working

    Question

  • I am struggling to setup SSO ( Single Sign On ) policy.

    Automatic login to IE with windows login credentials stopped working. I have checked the GPO and IE configurations.

    Saturday, November 05, 2016 6:54 PM

All replies

  • First, one "doesn't login to IE with Windows credentials".  You use IE to SSO into web applications/web servers running in your AD domain.  Run 'gpresult /H > gpreport.html' to check an example workstation environment. Ensure:  

    1. Workstation is in an OU to which the GPO is linked and GPO is not being blocked
    2. The FQDN of the web site is listed in the Local Intranet Zone (Internet Options -> Security ->Sites -> Advanced)
    3. That  "Automatic logon with current username and password" to sites in the Local Intranet Zone is enabled.  It is so by default, but may have gotten changed
    4. Under Internet Options -> Advanced tab, "Enable Integrated Windows Authentication" is enabled
    5. An SPN for the web site is registered in AD
    6. DNS is working properly
    7. NTLM isn't being blocked; Kerberos should be your default authentication protocol but if Kerberos fails, followed by NTLM failing, SSO will not work at all.
    8. Close IE and try again

    Best Regards, Todd Heron | Active Directory Consultant


    Sunday, November 06, 2016 2:48 AM
  • Hi,

    I am checking how the issue going, if you still have any questions, please feel free to contact us.

    And if the replies as above are helpful, we would appreciate you to mark them as answers, and if you resolve it using your own solution, please share your experience and solution here. It will be greatly helpful to others who have the same question.

    Appreciate for your feedback.

    Best regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, November 11, 2016 1:51 AM
    Moderator