Share via

Enabling SSSO through AADC is not working.

mms1630 0 Reputation points
2024-05-01T20:15:24.51+00:00

I'm having trouble setting up seamless SSO in our hybrid environment. I'm trying to do pass-through AAD authentication, not AD FS:

  • all of our clients are WIN10 and above
  • all of our devices are synced to Azure
  • port 9090 is not blocked
  • AADC is the most recent version (2.2.1.0)
  • we have an explicit firewall rule allowing access to *.register.msappproxy.net
  • I disabled security defaults for the global admin trying to do the change (because of course you can't MFA while doing this)

All that being said and done, I'm still getting the "Cannot retrieve single sign on status". I'm at my wit's end on this. I cannot think of anything else to do or check, now I need the help of smarter people.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,962 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,455 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,771 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Akhilesh 5,325 Reputation points Microsoft Vendor
    2024-05-06T10:12:12.87+00:00

    Hi @mms1630

    Thank you for posting your query on Q&A!

    May I know have you add the Microsoft Entra service URL https://autologon.microsoftazuread-sso.com to the Trusted sites zone instead of the Local intranet zone blocks users from signing in.

    If not, you can roll out the feature https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-sso-quick-start#roll-out-the-feature
    Also, ensure that the device's time is synchronized with the time in both Active Directory and the domain controllers, and that they are within five minutes of each other.

    on the other side you can also enable the Seamless SSO via PowerShell for more details please refer the bellow article

    https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/tshoot-connect-sso#step-1-import-the-seamless-sso-powershell-module

    For more Troubleshoot on Microsoft Entra seamless single sign-on please read the article
    https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/tshoot-connect-sso

    Reference: https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-sso-quick-start#roll-out-the-feature

    Hope this helps. Do let us know if you any further queries.

    Thanks,

    Akhilesh.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

  2. mms1630 0 Reputation points
    2024-05-15T16:43:59.3966667+00:00

    Sorry for the late reply, and thank you for your answer.

    I have not added that URL to trusted sights. Just to clarify, it needs to be added to the server running the sync, and not to each individual client, right?

    0 comments