Error message "Something went wrong...." occurs when SSO login to Zoom (ADFS Event ID 224, 394)

Question

When the user SSO login to zoom, it displays the error message "Something went wrong while you tried signing in with SSO" instead of displaying a webmail login screen.

If the user clear the browsing data of Chrome, the webmail login screen will be displayed again.

It is found that there is an error login in the ADFS server when the error

The error message is "Retrieval of proxy configuration data from the Federation Server using trust certificate with thumbprint
'E65...' failed with status code 'Unauthorized'. The remote server returned an error: (401) Unauthorized."

I checked the ADFS server and found that there are a few Event ID 394 and then a large number of Event ID 224. The Error log of Event ID 224 appears every minute.

Please advise how to solve this problem. Thank you very much.

Answer 1

The error message in the logs seem to be related to a stale Web Application Proxy server. If you have enabled Verbose audit, you should see an entry in the security eventlog too which will show the IP address of that WAP server (in case you don't know where it comes from).

You added the azure-ad-single-sign-on tag. Does this mean that Azure AD is involved in this too? Do you have the trust between Azure AD and Zoom or between ADFS and Zoom. If that's the first one, things works very differently and will also depends on your clients status (like is it a Windows 10 Hybrid-AD Join, etc...).

Regarding the SSO issue, if things get solved when you clear your browser cache, it is hard to see what could be wrong on the ADFS server without having a trace.
Ideally, take a Fiddler trace of a working and a non-working scenario and we will be able to see what's different and if that could be addressed at the ADFS level.