Azure AD Connect - Cannot Retrieve Single Sign-on Status

Geoff Major 21 Reputation points
2021-02-25T16:47:08.643+00:00

Hello, I need to make a change to our configuration and get these error messages. [15:43:11.489] [ 1] [ERROR] ConfigDesktopSsoPage: Exception caught in GetDesktopSsoStatus One or more errors occurred.. Skipping configuration [15:43:11.489] [ 1] [ERROR] Cannot retrieve single sign-on status.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator
    2021-02-25T22:23:12.49+00:00

    If possible, make sure that you have the latest version of Azure AD Connect installed. (Older versions require an outbound connection to port 9090, and not having that connection can through this error.)

    If you are using an older version of Azure AD Connect, make sure that the outbound TCP port 9090 is allowed on the on-premises firewall and the URL of the service endpoint (*.register.msappproxy.net) is allowed on the on-premises proxy server.

    If the TCP port 9090 is blocked for outbound traffic on the on-premises firewall or the URL is blocked on the on-premises proxy server, you are likely to see the error, "Cannot retrieve single sign-on status."

    72261-image.png

    If you are also getting an "invalid user name or password" error in the trace logs, you may need to disable security defaults and disable MFA altogether for the tenant altogether since that can affect the SSO.

    Lastly, please check that SSO is enabled in the tenant itself.

    https://stackoverflow.com/questions/42024262/azure-ad-connect-single-sign-on-error-with-setup


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.