locked
SSO Windows Authentication not working with ADFS on Windows 2016 RRS feed

  • Question

  • Hi all,

    We've done a cut-over migration from ADFS 2.0 (Windows Server 2012) to ADFS in Windows Server 2016.

    Since there is no migration path in place, we've done a side-by-side installation and when the new 2016 Server was ready we changes the related DNS records.

    Everything works OK and users can log on using the ADFS, however de Windows Authentication used previously for SSO is not working, a pop-up (like below) shows and asks for credentials however the site is in Intranet Sites and the settings to automatically pass credentials is ON for Intranet Sites.

    Does anyone have any idea how to fix this?

    • Edited by Dennie111 Monday, December 18, 2017 9:15 AM
    Monday, December 18, 2017 9:14 AM

Answers

  • Either the SPN is missing or duplicate (check the service account used ADFS make sure that ONLY this service account holds the servicePrincipalName with the value HOST/adfs.<yourdomain>.nl.

    Or the user-agent is not supported for SSO, in that case you can try the following:

    Set-AdfsProperties -WIASupportedUserAgents ((Get-ADFSProperties | Select -ExpandProperty WIASupportedUserAgents) + "Mozilla/5.0")


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Wednesday, December 20, 2017 1:44 PM