Share via

Sharepoint 2019 on prem with Office Online Server and ADFS, connection was reset for some domains

Shinkus 0 Reputation points
2024-05-06T08:30:27.3+00:00

Hi,

Environment:

  • Air gapped system with connection to few domains;
  • Sharepoint 2019 Enterprise on prem with ADFS (no NTLM auth);
  • LDAPCP plugin;
  • MS Office 2016;
  • Office Online Server 2016 published through WAP with passthrough settings;
  • ADFS (LAN) published through WAP (DMZ);
  • UPN, Role, email claims;
  • DMZ name server points Sharepoint and OOS to WAP address.

Problem:

  1. When trying to open office files in default application, prompted with NTLM login panel and we can't authenticate through it with ADFS(i know about modern authentication, but I can't make it work with MS Office 2016);
  2. People from domain A, B and C can authenticate to my ADFS Sharepoint page, domain A and B can use my Office Online, but people from domain C get "Connection was reset" error when trying to open documents online. All domains ADFS trusts configured exactly the same using same script on both sides. Everyone uses the same version of Edge browser (different browsers gets same results).

In firewall I can see that they are allowed to my WAP server, all domains are in the same FW policies. Now people from domain C can't do anything with documents because default application and office online server refuses to work. Please help me solve this.

Microsoft 365 and Office | Office Online Server
Microsoft Security | Active Directory Federation Services
Microsoft 365 and Office | SharePoint | For business | Windows
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ling Zhou_MSFT 23,660 Reputation points Microsoft External Staff
    2024-05-07T05:02:42.05+00:00

    Hi @Shinkus,

    Thank you for posting in this community.

    We are sorry to say that we have read your question carefully, but your problem involves multiple products and requires a more refined troubleshooting based on your environment and configuration.

    As we only have access to SharePoint information in this forum and lack a relevant test environment, I'm afraid we can't provide you with any further solutions to your question, so we suggest you open a ticket and ask.

    Please accept my sincerely apologize for any in convenience this may cause. Thank you for your kind understanding.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.