Enabling SSSO through AADC is not working.

mms1630 0 Reputation points
2024-05-01T20:15:24.51+00:00

I'm having trouble setting up seamless SSO in our hybrid environment. I'm trying to do pass-through AAD authentication, not AD FS:

  • all of our clients are WIN10 and above
  • all of our devices are synced to Azure
  • port 9090 is not blocked
  • AADC is the most recent version (2.2.1.0)
  • we have an explicit firewall rule allowing access to *.register.msappproxy.net
  • I disabled security defaults for the global admin trying to do the change (because of course you can't MFA while doing this)

All that being said and done, I'm still getting the "Cannot retrieve single sign on status". I'm at my wit's end on this. I cannot think of anything else to do or check, now I need the help of smarter people.

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Intune | Other
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Akhilesh Vallamkonda 15,320 Reputation points Microsoft External Staff Moderator
    2024-05-06T10:12:12.87+00:00

    Hi @mms1630

    Thank you for posting your query on Q&A!

    May I know have you add the Microsoft Entra service URL https://autologon.microsoftazuread-sso.com to the Trusted sites zone instead of the Local intranet zone blocks users from signing in.

    If not, you can roll out the feature https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-sso-quick-start#roll-out-the-feature
    Also, ensure that the device's time is synchronized with the time in both Active Directory and the domain controllers, and that they are within five minutes of each other.

    on the other side you can also enable the Seamless SSO via PowerShell for more details please refer the bellow article

    https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/tshoot-connect-sso#step-1-import-the-seamless-sso-powershell-module

    For more Troubleshoot on Microsoft Entra seamless single sign-on please read the article
    https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/tshoot-connect-sso

    Reference: https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-sso-quick-start#roll-out-the-feature

    Hope this helps. Do let us know if you any further queries.

    Thanks,

    Akhilesh.


    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.


  2. mms1630 0 Reputation points
    2024-05-15T16:43:59.3966667+00:00

    Sorry for the late reply, and thank you for your answer.

    I have not added that URL to trusted sights. Just to clarify, it needs to be added to the server running the sync, and not to each individual client, right?

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.